Apple Gets Serious About iOS Data Protection - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:29 PM
Kurt Marko
Kurt Marko
Connect Directly

Apple Gets Serious About iOS Data Protection

Its iCloud service will be a one-stop content, document, application, and configuration synchronization service for mobile devices and PCs.

At the risk of sounding like a broken record to those who have been following my columns, with mobile devices gaining parity with PCs in the pantheon of enterprise information tools, users and IT must come to grips with the snippets of sensitive data they are rapidly accumulating. Besides the usual security "hygiene" advice everyone should be tired of hearing (but I can't resist repeating: use a screen lock, the longer the password the better, use a tracking and remote-wipe service to erase data on lost or stolen devices, use a VPN on public Wi-Fi networks), some users have also recognized the need to back up their smartphone and tablet data.

As noted a couple weeks ago, several vendors have stepped into the backup software void. But at last week's Apple Worldwide Developers Conference, the 800-pound gorilla just undercut the market for many of them with iCloud.

Wireless portability, relatively limited local storage, and the nomadic nature of tablets and smartphones would seem to make the cloud an ideal mechanism for mirroring their contents. So thought Apple, as evidenced by an iCloud feature set that far exceeds rumors that ricocheted around the blogosphere. If you own or support iPhones and iPads, iCloud has you covered come fall, when the service and its enabling iOS upgrade are released.

Apple went all in with iCloud, which many expected would be little more than a music streaming and archiving service. Instead, iCloud will be a one-stop content, document, application, and configuration synchronization service for both mobile devices and PCs (although Windows users won't gain much more than document and calendar sharing).

Essentially, Apple designed iCloud to replicate the "personality" of an iPhone, iPad, and even Mac, and automatically push that personality out to every other device in a user's Apple ecosystem. Thus, iCloud can work as a backup/disaster recovery tool, as long as you trust Apple with your data. Restoring an iPhone or personalizing a new device is merely a matter of wirelessly logging in to an iTunes account and letting iCloud do the rest--personal data, purchased music (not burned, although that's a $25 add-on option), apps, books, and settings will automatically reappear.

While iCloud seems to solve the backup problems for iPhone/iPad users, Apple's announcement still leaves many questions: How might enterprise IT tap into and manage iCloud data for devices it manages? Will there be tools for central command and control? What security technologies and processes will iCloud incorporate? What about non-Apple applications; how soon will they support iCloud? What does iCloud mean for cloud file-sharing services such as Dropbox and SugarSync or for the iOS backup market writ large?

Apple's iCloud initiative has validated the need for a comprehensive (including all user-specific device data), transparent (requiring as little end-user configuration and management as possible), and cross-platform (recognizing that people generate information on many devices and need a "single version of the truth") backup system. ICloud seems to fit the bill for the Apple ecosystem and will likely set the standard for comparable cloud-based services targeting Android, Windows Mobile, and other mobile devices.

Yet Apple realizes that keeping data on the device itself from falling into the wrong hands is still an imperfectly solved problem, as evidenced by a new patent application describing potential new features in iOS local security policies and Apple's "Find My iPhone" service. The document describes enhancements to the standard PIN/passcode screen lock that could progressively increase device security after a number of failed login attempts (indicating that either the device is in the hands of a thief or the owner is very inebriated).

Currently, iOS only offers the nuclear option--a device can be configured to locally wipe all data after 10 failed login attempts. However, using this new technology, after, say, five attempts, an iPhone or iPad might selectively encrypt certain data such as contacts, notes, or locally cached email. Continued failure to guess the right passcode could prompt the device to functionally degrade by disabling outbound phone calls, text messages, or data service and enter a "surveillance mode" in which it surreptitiously records audio, video, and location to an online service like Find My iPhone.

Such dynamic adjustment of mobile device security parameters in response to suspicious activities or usage is a beautifully ingenious and promising new approach to enhancing data protection, providing users with greater control over a device's autonomous defenses while offering powerful new tools for thwarting and capturing thieves. As smartphones and tablets assume even greater roles in our online existence (eventually even replacing our wallets and credit cards), look for Apple and others to embed even more sophisticated, multilayered security systems.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Study: Cloud Migration Gaining Momentum
John Edwards, Technology Journalist & Author,  6/22/2020
White Papers
Register for InformationWeek Newsletters
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll