It's a no-win situation for IT: As Apple's iCloud online storage and syncing service gets closer to reality (the latest credible rumors peg its release for October), lots of vendors are promoting private cloud tools to keep enterprise data out of iCloud and instead confined to IT-managed servers. But these tools simply won't work, and IT risks wasting time and money for false security if they're betting their data security on such an approach.
iCloud will be built in to iOS 5, which will run on most iPhones, iPads, and iPod Touches manufactured in the last several years. It will be part of Mac OS X Lion, which you can expect most Macs to run within a year. And it will be available in a limited way in Windows Vista and 7. Given the fact that iPhones and iPads now dominate corporate smartphone and tablet use, iCloud will be in nearly every business -- wanted or not.
[ Learn what iCloud does and doesn't do to mobile data management -- and how to use public cloud services with the iPad and other mobile devices. | Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]
The risk of iCloud is actually less than many in IT fear: Data is synced only in compatible applications on devices tied to the same Apple ID. At iOS 5's launch, that will be Apple Mail, iCal, and Address Book for locally stored mail, calendar items, and contacts; server-based data will remain in IMAP and Exchange servers, as before. Additionally, iPhoto (or the My Pictures folder in Windows) and Apple's trio of iWork productivity apps -- Pages, Numbers, and Keynote -- will be support iCloud sync as well.
Over time, more apps will use iCloud data syncing to share data across the same apps on users' other Apple devices. The data could be synced to a user's Apple mobile devices, Mac (likely a personal device), and in a limited way Windows (photos, bookmarks, and non-server-based email, contacts, and appointments) if the user installs iCloud on it. But other users' devices or computers and non-Apple mobile devices will not have this capability.
The real risk in corporate data leakage has been around for a couple years, though without the panic that iCloud set off in some quarters. I'm talking about Dropbox and Box.net, the two main cloud-based file-sharing services. They work on practically everything: PCs, Macs, iOS devices, Android devices, BlackBerrys, and so on.
Many apps -- especially the productivity-oriented programs most likely to be working with corporate data -- have hooks to at least one of those services, for easy sharing across not only a user's own computers and devices but anyone else he or she grants access to the Dropbox or Box.net account. (SugarSync, Google Docs, and others also offer such hooks to developers, but they're much less widely adopted than Dropbox and Box.net within mobile apps.) The security risk of these services far outweighs that of iCloud.