AWS Public Sector Blog

How public safety agencies can meet AI data security requirements

AWS Branded Background with text "How public safety agencies can meet AI data security requirements "

Public safety agencies face challenges with data security, privacy, and ethics when using generative AI models, due to their providers’ lack of security measures. Amazon Web Services (AWS) prioritizes helping agencies and customers maintain critical privacy requirements by leveraging AWS infrastructure for their mission critical systems directly impacting citizens’ lives. In this post, we discuss the crucial factors your public safety agency should consider when choosing a generative AI provider and explain how AWS can enable a secure, protected system.

Your sensitive data requires careful protection. Providers must answer critical questions about where customer data is stored, who has access to the data, how the data is being used, and who manages it. When evaluating AI solutions for public safety, you must maintain complete control over your data assets. This means having full visibility into data storage, implementing access controls, and establishing usage policies. Your data requirements aren’t optional— they’re fundamental to protecting your organization’s sensitive information. Don’t compromise on essential security measures when choosing technology providers for your public safety operations.

The minimum requirements when considering any AI technology for your public safety solution include:

  1. Keeping your data separate: Your agency’s information should be completely separate from the AI company’s systems and other customers’ data.
  2. Maintaining secure communication: All information moving between your center and the AI system must be protected and encrypted.
  3. Controlling your environment: You should have the ability to set up and manage your own secure environment within the AI system.

Key considerations when choosing a generative AI provider

When selecting a generative AI provider for your public safety solution, it’s essential to evaluate their security and privacy capabilities—especially when handling critical data.

Figure 1. Roadmap showing the critical areas that public safety agencies should evaluate when selecting a generative AI provider.

In the sections below, we provide a list of questions to ask potential providers—so that you can assess their security measures, data protection standards, and privacy controls and ensure they meet your public safety agency’s requirements and compliance needs.

Data privacy 

  1. How will you keep our data separate from other agencies’ data?
  2. How can we check that our data remains private?

AWS implements robust security measures through its AWS Nitro System, a purpose-built hardware-based security platform that has been independently validated by the NCC Group, a leading cybersecurity firm. The system’s architecture is designed to address data separation and privacy concerns, ensuring complete isolation of your agency’s sensitive data from other customers. This comprehensive security approach is further strengthened by contractual guarantees in AWS Service Terms, which explicitly prohibit the use of customer data for model training or tuning.

Figure 2. The Nitro System provides enhanced security that continuously monitors, protects, and verifies the instance hardware and firmware.

When using Amazon Bedrock, AWS’s fully managed service for deploying generative AI models through secure application programming interfaces (APIs), your input and output data remains private and is never shared with model providers. The Nitro System architecture fundamentally prevents any external access to your data or workloads. These protections go beyond technical features. They are commitments, providing both technological and legal assurance of your data’s privacy and security.

Make sure to use Federal Information Processing Standards (FIPS) 140-3 validated cryptographic modules when accessing Amazon Bedrock through a command line interface or an API. You can verify the service-based FIPS endpoints per region here.

Access and control

  1. What network security layers are in place to protect our information?
  2. Is our data encrypted?
  3. Does the user possess the required permissions to view the AI response?

AWS delivers enterprise-grade network security through a multi-layered architecture. At its foundation are Amazon Virtual Private Clouds (Amazon VPCs) with precisely defined boundaries for each workload. These environments include security groups functioning as instance-level virtual firewalls and network access control lists (ACLs), providing additional subnet-level protection. This network architecture enables organizations to implement access controls and maintain traffic separation.

AWS PrivateLink establishes private connectivity between networks and AWS services through a dedicated fiber backbone, eliminating exposure to the public internet. Data security is further strengthened through end-to-end encryption, with all data encrypted at rest using AWS Key Management Service (KMS) and in transit using FIPS-compliant protocols. This comprehensive security approach creates an environment where data remains protected while still being accessible to authorized users through secure private channels.

Access control serves as a critical security component in AI model interactions. Customers need to make sure the system validates user permissions and determines appropriate access levels for model features. This validation ensures users receive only relevant and authorized information.

Figure 3. This architecture uses AWS PrivateLink to create a secure, private connection from the client’s account to Amazon Bedrock, completely isolated from the public internet. The separation of client and Amazon Bedrock service accounts, combined with Virtual Private Cloud (VPC) endpoints, ensures that AI processing remains secure and network-isolated, while still being accessible to authorized clients.

Criminal Justice Information Services (CJIS)

  1. How can you ensure our sensitive criminal justice data isn’t used to train your AI?
  2. How can we maintain control over our data when it’s used by AI?

Public safety organizations can confidently deploy mission-critical applications and maintain Criminal Justice Information Services (CJIS) compliance on AWS’s secure infrastructure. To make sure sensitive criminal justice data isn’t used to train AI models, AWS implements additional guardrails that include deeper isolation layers. Through dedicated Nitro hardware and isolated enclaves, the system creates secure computing environments with separate CPU and memory resources, preventing unauthorized access even from AWS personnel. These isolated environments are designed to process highly sensitive data, including criminal justice information (CJI), with an extra layer of security.

Data control in AWS is enhanced through the Nitro System’s robust isolation capabilities. This hardware-based security technology creates secure boundaries that protect sensitive information during AI operations while maintaining strong isolation from other systems.

Organizations can process confidential AI workloads with strict control over their information. Even in the event of unauthorized access to an Amazon Elastic Compute Cloud (Amazon EC2) instance, the Nitro security model helps maintain system integrity. Throughout the entire AI processing lifecycle, data remains protected and under customer governance through the system’s comprehensive security design.

Conclusion

Selecting the right generative AI provider is crucial for public safety agencies handling sensitive data. AWS addresses critical security concerns through its Nitro System for data isolation, multi-layered security controls, and end-to-end encryption, while Amazon Bedrock provides customizable guardrails for content and compliance.

As public safety agencies explore AI solutions, they must prioritize providers demonstrating strong security measures, data privacy, and regulatory compliance. AWS’s commitment to these principles—combined with its technological capabilities—enables public safety agencies to leverage AI’s potential while maintaining the highest standards of data protection and security.

To learn more about how AWS works with public safety agencies, visit this webpage.

TAGS: , , , , ,
Rhea Lingaiah

Rhea Lingaiah

Rhea is a solutions architect at Amazon Web Services (AWS) focused on US state and local government. She is passionate about supporting her government technology (GovTech) customers with their AWS technical journey and enjoys helping them to achieve their migration, modernization, and compliance objectives.

Doug Gartner

Doug Gartner

Doug assists strategic government technology customers to design and build their application architectures on Amazon Web Services (AWS). He has more than 15 years of software engineering experience and has supported the design and implementation of many large-scale software applications. His primary expertise lies in distributed computing and data engineering.

Prajwal Shetty

Prajwal Shetty

Prajwal is a GovTech solutions architect at Amazon Web Services (AWS) who collaborates with justice and public safety customers. He designs purpose-driven solutions that foster an efficient and secure society, enabling organizations to better serve their communities through innovative technology.