What IT can do if Apple doesn't act
Should Apple do nothing, here's what IT can implement under the existing iOS technology management to limit data sharing -- with or without iCloud as a factor: Provision iOS policies that disable app installation or block specific apps, use VDI technology such as Citrix Receiver and/or an HTML5 app so that the data stays in your data center, and that force encrypted backup of data. There are also ways to use iTunes at work to "own" the device, so users are less able to connect to other personal devices and accounts. Of course, these techniques work best with devices supplied by the company, as they restrict much of what a user would want to do on a personal device; if your goal is a BYOD or shared-ownership scenario, these techniques would be too restricting.
For issues such as national privacy laws, you'll have to keep that information on servers whose location you know, and that means not moving it to local apps, whether on smartphones, tablets, laptops, or PCs. Instead, you need to use pricey approaches like Citrix or VMware VDI clients, or some sort of Web-based tools (perhaps corporate Google Docs, though it's not so great on mobile devices) for working with that data.
That CSO I mentioned earlier wants more control than what I'm proposing or what iOS 4 supports today. Although he was willing to forgo the capability on iOS devices before the iCloud question arose, he'd like per-app management for file sharing and ability to copy or email data, as BlackBerry Enterprise Server (BES) offers on BlackBerrys. You can get some of that today via an iOS-capable MDM tool, but he doesn't want to have two management tools, saying it's cheaper to provision BlackBerrys to everyone. That last statement made me wonder how willing he really is to support iOS -- the iCloud issue may have caused someone already on the fence to climb back down, at least until detailed information becomes available from Apple. But he also cited the E.U. privacy issue, which does in fact apply to his firm's international operations.
Has Apple undermined iOS's acceptance in business?
Regardless of his individual circumstances, that CSO's larger concerns do exist at other companies and deserve Apple's consideration. Several people I know in the MDM industry tell me these iCloud concerns are widely shared, even if not necessarily well-founded.
It would be a shame if Apple's iCloud promotion and subsequent silence casts on a shadow on one of iOS's key strengths: its ability to work well in both consumer and business contexts. After all, iOS is the most securable mobile OS after BlackBerry. After all, iCloud doesn't change the underlying sharing capabilities and approaches of iOS -- it just makes them easier to use. With one huge exception, that is: If it's syncing business data that can't be uploaded to a "foreign" cloud server, there could be a real problem with iCloud, iOS, and business compliance.
This article, "Does iCloud make iPhones and iPads a security risk?," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.