But data residing on the provider's servers could be vulnerable in the event a user account -- or the provider itself -- is compromised. Businesses can always encrypt data at the client end to ensure security, but then they must manage a key distribution process to share files with other users. This also defeats the compression and deduplication feature offered by some cloud providers.
An alternative is provider-implemented "at rest" encryption. Amazon.com's S3 service supports this capability, with user-generated secret keys that Amazon.com stores on behalf of the client. This lets Amazon.com implement compression and deduplication while adding an at-rest encryption layer. Any intermediary provider, such as Dropbox and Spot Documents, running Amazon.com's S3 as a back end can provide this encryption for its users. Some intermediary providers implement their own encryption and escrow the user's secret keys themselves. For example, Box.net offers 256-bit AES encryption with its enterprise-class service.
A concern businesses must address with all at-rest encryption methods is who at the provider has access to at-rest encryption keys. Insider privacy breaches are not uncommon, so business customers naturally want assurances that their at-rest data is protected from interlopers. Alas, no cloud provider seems to address this issue in its published privacy policies, which generally speak to only the privacy of personal data collected for individual user identification and billing.
Box.net CEO Aaron Levie makes verbal assurances, even though the service's published policy doesn't address the issue: "Because we are a cloud-based service, we store the encryption keys so customers are able to retrieve their data from any device, once authenticated. Only based on an explicit customer request or authorization can data be accessed from the service." Other providers were unwilling to discuss their internal encryption procedures.
Businesses also seek extra control over who has access to their mobility clouds. One way providers deliver this control is via LDAP (Lightweight Directory Access Protocol) connectors, which link to business-owned authentication servers. These servers, in turn, can require multifactor authentication, such as biometrics or security tokens. No cloud provider currently offers direct multifactor authentication, although last fall Google added two-factor authentication to Google Apps, via an SMS code transmitted to a user's mobile device.
When they come together, tablets and clouds will be the new style of computing
Given the nearly instant acceptance of tablets by users and the rapid infiltration of businesses by tablets, it seems sure that the new computing paradigm is worth considering. Whether tablets ultimately displace laptops depends a lot on tablet OS makers and their ability to smoothly integrate devices with cloud storage. Ideally you'd just pull up the "cloud storage" panel on your tablet, select one or more cloud providers, and treat them like disks in the sky from any and all applications. Until that happens, users must continue to deal with a patchwork of third-party apps and cloud intermediaries.
But that's still better than syncing files over a USB cable or managing files as email attachments.
This story, "The iPad data dilemma: Where cloud storage can help," was originally published at InfoWorld.com. Follow the latest developments in mobile technology and cloud computing at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.