Launched by Apple to replace the MobileMe program which expires on June 30th, 2012, iCloud is a mobile data storage solution. Released to the world in October, 2011, the goal of iCloud is to allow all iDevices owned by one Apple ID to harmonize data between devices as well as preserve data in the event of a technological failure. While a fabulous application for personal use, there are unintended consequences when used for business.
Let’s preface this discussion with the fact that iCloud usage is optional and can be easily disabled. Packaged with all iOS 5.x devices and 10.7.x Lion devices as a software update, it can be deselected and not included in your Mac environment. However, iCloud is clearly a challenge to organizations with BYOD (Bring-Your-Own-Device) program. The BYOD programs allow new technology to part of the solution set for business users. BYOD programs would have to control access and disable this feature from updating to iCloud in order to meet business guidelines for maintaining secure data.
With iCloud, the syncing and backup of the data is automatic, almost instantly copying all data and merging it onto a server located in North Carolina, USA. Unlimited space is not provided, but 5 GB of data is allowed per Apple ID. Contacts, calendars, purchased applications; iTunes music, etc. are all synced. The threat to data security is substantial.
Data security is a driving force within IT and an important consideration for IT Asset Management that touches all aspects of the IT lifecycle. It is critical to preserve proprietary data, meet legislated restrictions such as the U.S. patient privacy HIPAA Act as well any contractual obligations. Data breach costs include financial and reputation consequences and are well documented for both public and private organizations.
Even with years of experience protecting organizational data, the threat from applications like iCloud are virtually invisible. Unless individually deselected, Apple applications such as iPhoto, Contacts, etc. will update to the cloud. IT managers will be able to patrol their own device, but what about the average user who is generally unaware of these risks? Mobile consumerization brings an ease of use and acceptance of these types of services with little thought to the business risks. And what about a lost device? Signed in under an Apple ID, an executive’s iPad attached to their cloud could be worth millions with the only security measure in place being a 4-digit code that prevents access to the iPad.
Cloud security concerns have been a hot-button topic among IT Asset Managers and IT security personnel for some time. The unique challenge that iCloud brings is its ease of use and availability. The ability to upload information onto a public server outside of the control of your organization as easily and quickly as you can with iCloud makes spy movies obsolete IF not carefully handled.
In the end, all it takes is one. It’s one mistake, one missed checkbox, one document, to have a severe data breach on your hands. Education, training, and diligent monitoring of BYOD and Mac environments will mitigate this issue. As stated earlier, in controlled and secure environments, the iCloud update can be passed over and not activated in your organization. But, in the end, all it takes is one.