Apple iCloud's Security Challenge
Memo to tech departments that were caught flat-footed when people started bringing their iPhones to work: You'd better get ready for the iCloud.
As with the original iPhone, it's easy to see why a lot of workers would want to use the iCloud for both personal and professional use. Let's say you've been working on a presentation all day and you want to bring it home to edit. Instead of doing so the old-fashioned way -- i.e., lugging your company laptop home with you, e-mailing it to yourself or putting it on a flash drive -- you'll soon be able to have it pushed out automatically to all of your iCloud-capable devices, meaning that it will be ready for you on your iPad when you get home.
"iCloud treats the PC as just another device now," says Patrick Wheeler, a senior product marketing manager for endpoint security at Trend Micro. "It becomes just another thing from which you may be accessing data, so it can let users be productive and access business documents on any of their devices."
But as with any new technology, there are big risks involved with iCloud since users could potentially upload sensitive corporate data onto the cloud and have it spread to devices that do not have corporate security protocols. And while this risk is present in just about any cloud solution, Wheeler notes that the iCloud's ability to automatically push out data to multiple devices makes it an even riskier proposition for most business users.
"iCloud really automates the whole process," he says. "You used to make a conscious decision to connect to a cloud service but now it becomes a much more automated decision."
So what's a wary IT department to do in the face of such risks? Well, the first step is to simply acknowledge that you will have to deal with the iCloud in the near future. Tim Roddy, a senior director of product marketing for McAfee, says that cloud services in general have been gathering steam over the past two years and will soon be a staple of the IT landscape.
"Organizations are using the cloud more and more," he says. "Right now it has unstoppable momentum."
As far as specific solutions to securing your data on iCloud or any other cloud services, both Roddy and Wheeler recommend investing in data loss prevention (DLP) software that lets IT departments define what information can and cannot be uploaded from company devices onto the iCloud.
"DLP typically puts rules in place to better identify content," Roddy says. "The software tries to identify patterns for information that you don't want to be leaked out, such as Social Security numbers or documents marked 'Confidential.' But basically the organization sets the rules up and that takes the burden off the end user."
Wheeler thinks that IT departments would also be smart to look at desktop virtualization services that could be used as the primary means to give users access to corporate data. With a virtual desktop interface, users would be getting sensitive data sent to them from a remote central server that can effectively wall off that data from being accessed by other parts of the device and could erase the data from the device once it is no longer being used.
"If you have a virtual desktop you can get access to the data you need, then when that virtual desktop session is over it will disappear from the device and won't get backed up to the cloud," he says. "Taking advantage of application and desktop virtualization is definitely worth looking into."
Of course, Wheeler also notes that none of this software will help you out much if you don't educate your users about what they can and can't put on any device that automatically uploads certain files to the cloud. This will be particularly important with iCloud, he says, since it makes the process of pushing things to the cloud so easy.
"You have to let users know that if their camera roll updates automatically to the cloud then they can't take a picture of a whiteboard with next year's business plan written on it," he says. "Hackers know there is going to be a lot of sensitive data stored in the cloud."
Read more about cloud computing in Network World's Cloud Computing section.