Does iCloud make iPhones and iPads a security risk?

The forthcoming free Apple service syncs among iCloud-enabled devices, moving data to devices and cloud servers outside your control

Just when some CIOs and CSOs thought they could adopt iPhones and iPads after assuring themselves that iOS's built-in security capabilities and management support via Microsoft Exchange and/or mobile device management tools were sufficient, now comes iCloud. Could it stop the momentum of iOS devices into business -- or, worse, reverse it?

The iCloud service, to debut with iOS 5 this fall, is free, and many iPhone and iPad users will enable iCloud. iCloud syncs data and files using Apple's data centers as the waystation and intermediate repository among various computers -- including Macs, Windows PCs, and iOS devices such as the iPad and iPhone -- that are registered to the same Apple ID, which is often identical to a user's iTunes Store account.

[ Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]

Upon learning of iCloud, one financial firm's CSO bemoaned, "Many of us are bound by contracts or government regulations to maintain certain levels of security and data governance. ... We were impressed enough with the recent improvements to iOS to consider approving the use of the Apple devices, but this iCloud announcement set things back to square one. We can't have corporate and client data spreading to places and devices unknown, and Apple has been short on security details."

Does that CSO have cause to be worried? Maybe. He's right that Apple has said little about the security details of iCloud, and Apple has not responded to a request that InfoWorld made a week ago to comment on iOS security in light of iCloud. This CSO also is not alone in expressing concerns: "I had customers emailing me before the end of the WWDC keynote," where Apple CEO Steve Jobs announced iCloud on June 6, recalls Jesse Lindeman, product manager at mobile device management (MDM) tool provider MobileIron. Raffi Tchakmakjian, vice president of product management at MDM provider Trellia, likewise tells me that several corporate iOS pilot deployments were put on hold due to these iCloud concerns, as customers await a clearer picture on its security management implications.

What we know about iCloud syncing

Based on what Jobs showed at WWDC, iCloud syncs five kinds of data, and the user chooses what is synchronized:

  • Safari bookmarks across devices registered to the user's Apple ID
  • Media (books, magazines, music, and apps, but apparently not video) bought through one of Apple's online stores via that Apple ID
  • Mail, calendar, and contacts information that is locally stored (that is, not Exchange, IMAP, CalDAV, and so on, as those are handled by their respective servers rather than by iCloud)
  • Files in Mac OS X Lion and iOS 5 applications that use the iCloud Storage API; Apple's iWork suite (Pages, Numbers, and Keynote) will be iCloud Storage-enabled (data in apps not using that API is not synced, and it appears that you can't sync data across different apps, such as between Office and iWork)
  • Pictures in iOS's Photos app, the Mac's iPhoto application, and in Windows' My Pictures folder

If you step back, you'll realize that iOS 4 today syncs exactly the same things -- though manually via iTunes over a physical connection -- as iCloud is promised to sync. Regardless of whether they allow such data syncing via iTunes, most apps today permit their data to be copied into other apps via the Open In facility or emailed, just like on PCs -- access that the app developer determines. Plus, many apps -- including all the major iOS office productivity apps -- let you upload and download files via cloud storage services.

1 2 3 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies