Police Assured Landing Zones – what are they and how can they help?
PALZ (Police Assured Landing Zone) is a joint Amazon Web Services’ (AWS) and UK Policing configuration of security, monitoring, and management services. It provides an assured blueprint for your cloud estate, with the addition of preventative and detective guardrails that setup and govern a secure multi-account environment that conforms to PDS and NCSC guidance on best practices for secure use of the cloud.
PALZ provides a baseline environment that customers can use straightaway for all development, testing and production use of all types of workloads whilst providing the flexibility to easily add additional security controls for more sensitive workloads. Essentially it provides an assured foundation which can be used and built upon for solutions to be developed by force engineers, providing a security-orientated setup and enabling industry best practices.
Territorial police forces, regional organised crime units (ROCUs), other central law enforcement agencies and commercial SaaS providers are all currently using PALZ to support innovation, production workloads and national services.
The UK law enforcement community can either deploy and manage PALZ themselves, utilise AWS’ Professional Services for initial onboarding support or have an AWS consulting partner provide the initial onboarding, or provide PALZ as a managed service.
As AWS services and the threats UK’s law enforcement community both evolve, so does PALZ which has been through two major upgrades (v1 and v2) in the last two years. In light of NCSC’s revised guidance on cloud security published in May 2022, PALZ is undergoing a third major refresh (v3) with an expected release later in the summer.
While everything possible is being done to ensure the security and compliance of the platform with Acts of Parliament, forces are reminded that the onus is on them to ensure that their use of the platform is compliant with the Data Protection Act. As development of your solutions continues with the use of PALZ it is also important that Forces undertake their own assurance process to ensure they understand what risks they may be subject to, and to ensure the gaps between initial PALZ deployment and their end-solution build is captured and assessed.
With PALZ, forces have the scope to manage their own use of cloud, adapting and adding capabilities over time as their requirements develop. This means that forces can begin with a small cloud footprint to test and learn from, giving the opportunity to optimise costs and better understand the skills required moving forwards. Ultimately this can help enable the transition away from on-premises servers.
Using PALZ also ensures that other services such as the PDS’ National Management Centre, the nationally supported cyber security protection facility for police forces, will be available for integration from the outset. This maximises cyber security mitigation from the start to avoid costly re-engineering of systems down the line.
For an informal discussion about PALZ please email engagement@pds.police.uk who will direct your email to the appropriate person, or you can find information about AWS PALZ on the Knowledge Hub.
