Apple Gets Serious About iOS Data Protection - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
6/23/2011
03:29 PM
Kurt Marko
Kurt Marko
Commentary
Connect Directly
Facebook
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Gets Serious About iOS Data Protection

Its iCloud service will be a one-stop content, document, application, and configuration synchronization service for mobile devices and PCs.

At the risk of sounding like a broken record to those who have been following my columns, with mobile devices gaining parity with PCs in the pantheon of enterprise information tools, users and IT must come to grips with the snippets of sensitive data they are rapidly accumulating. Besides the usual security "hygiene" advice everyone should be tired of hearing (but I can't resist repeating: use a screen lock, the longer the password the better, use a tracking and remote-wipe service to erase data on lost or stolen devices, use a VPN on public Wi-Fi networks), some users have also recognized the need to back up their smartphone and tablet data.

As noted a couple weeks ago, several vendors have stepped into the backup software void. But at last week's Apple Worldwide Developers Conference, the 800-pound gorilla just undercut the market for many of them with iCloud.

Wireless portability, relatively limited local storage, and the nomadic nature of tablets and smartphones would seem to make the cloud an ideal mechanism for mirroring their contents. So thought Apple, as evidenced by an iCloud feature set that far exceeds rumors that ricocheted around the blogosphere. If you own or support iPhones and iPads, iCloud has you covered come fall, when the service and its enabling iOS upgrade are released.

Apple went all in with iCloud, which many expected would be little more than a music streaming and archiving service. Instead, iCloud will be a one-stop content, document, application, and configuration synchronization service for both mobile devices and PCs (although Windows users won't gain much more than document and calendar sharing).

Essentially, Apple designed iCloud to replicate the "personality" of an iPhone, iPad, and even Mac, and automatically push that personality out to every other device in a user's Apple ecosystem. Thus, iCloud can work as a backup/disaster recovery tool, as long as you trust Apple with your data. Restoring an iPhone or personalizing a new device is merely a matter of wirelessly logging in to an iTunes account and letting iCloud do the rest--personal data, purchased music (not burned, although that's a $25 add-on option), apps, books, and settings will automatically reappear.

While iCloud seems to solve the backup problems for iPhone/iPad users, Apple's announcement still leaves many questions: How might enterprise IT tap into and manage iCloud data for devices it manages? Will there be tools for central command and control? What security technologies and processes will iCloud incorporate? What about non-Apple applications; how soon will they support iCloud? What does iCloud mean for cloud file-sharing services such as Dropbox and SugarSync or for the iOS backup market writ large?

Apple's iCloud initiative has validated the need for a comprehensive (including all user-specific device data), transparent (requiring as little end-user configuration and management as possible), and cross-platform (recognizing that people generate information on many devices and need a "single version of the truth") backup system. ICloud seems to fit the bill for the Apple ecosystem and will likely set the standard for comparable cloud-based services targeting Android, Windows Mobile, and other mobile devices.

Yet Apple realizes that keeping data on the device itself from falling into the wrong hands is still an imperfectly solved problem, as evidenced by a new patent application describing potential new features in iOS local security policies and Apple's "Find My iPhone" service. The document describes enhancements to the standard PIN/passcode screen lock that could progressively increase device security after a number of failed login attempts (indicating that either the device is in the hands of a thief or the owner is very inebriated).

Currently, iOS only offers the nuclear option--a device can be configured to locally wipe all data after 10 failed login attempts. However, using this new technology, after, say, five attempts, an iPhone or iPad might selectively encrypt certain data such as contacts, notes, or locally cached email. Continued failure to guess the right passcode could prompt the device to functionally degrade by disabling outbound phone calls, text messages, or data service and enter a "surveillance mode" in which it surreptitiously records audio, video, and location to an online service like Find My iPhone.

Such dynamic adjustment of mobile device security parameters in response to suspicious activities or usage is a beautifully ingenious and promising new approach to enhancing data protection, providing users with greater control over a device's autonomous defenses while offering powerful new tools for thwarting and capturing thieves. As smartphones and tablets assume even greater roles in our online existence (eventually even replacing our wallets and credit cards), look for Apple and others to embed even more sophisticated, multilayered security systems.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll