Apple has always taken pride in simplifying technology so that its products become embedded in the daily lives of users . The release of Apple’s latest operating system, iOS5, brings with it yet another way to embrace Apple’s devices.
iCloud, which is part of Apple’s iOS5 platform, provides Apple users with 5 gigabytes of free data storage. Not surprisingly given the name of the service, the data is stored in the “cloud” or on remote servers that are not owned by users.
Unfortunately, by simplifying the user’s experience, Apple has also increased the inherent risk that occurs when employees use iPhones and iPads to perform their jobs. Many of the risks of storing information on iCloud are no different than the risks of using other cloud computing services. But the popularity of Apple products and the fact that employees may access their organizations’ networks on their personal mobile devices kicks the risk up a notch.
Employees may use the iCloud in ways that managers and executives don’t know about, such as working on the company’s yet-to-be released product or storing confidential information.
Consider the pros and cons of the iCloud and whether or not your company is willing to accept the risks:
|Cost and ease. Although limited to 5 gigabytes, iCloud offers a free and efficient option for users to back up data that resides on Apple devices. “Pushing” data to the iCloud initially requires 4 clicks to send the data. After the initial set up, users can automatically sync data. During the syncing process, the device continues to function with almost no impact on performance. You can buy additional storage. If 5 gigabytes does not meet your needs, an additional 10 gigabytes costs $20 a year. Up to 50 gigabytes can be purchased for $100 a year.||
Your data in a third-party’s hands. Data stored in the iCloud is no longer within the confines of your company’s network.
This is true for all cloud related services, but since iCloud houses data for millions of individuals and businesses, the number of attempts by hackers to steal the data could be high.
In addition, the risk that organized crime or a foreign government will attempt to steal data is a “clear and present danger” and should not be taken lightly.
Multiple devices can be synced to the Cloud. There are several ways to sync more than one iPhone, iPad or iPod, Mac or personal computer.
To do so typically requires maintaining multiple iTunes accounts as Apple has not abandoned iTunes as an interface to buy music, movies and gain access to applications.
|Employees can move data seamlessly. Over the last decade, companies have spent vast sums securing their network infrastructure and monitoring intrusion threats as well as the activities of employees while accessing the company’s IT resources. With iCloud, employees can sync data across multiple devices without the company being able to track or monitor the content or the ultimate destination of the information. The potential for data leakage, theft or inadvertent disclosure is considerable.|
Syncing across multiple devices. iCloud allows the user to sync e-mail, contacts, and calendars across multiple devices. As Apple explains on its Web site: “You can do things like create a spreadsheet on your iPad and make edits to it on your iPhone.”
This is a welcome change that allows users to seamlessly integrate data that once had to be exported and then reinstalled. Content remains up to date regardless of the Apple device you are working on at the time.
|Intellectual property could be exposed when linked to the cloud. Most companies have some form of intellectual property, which includes patents and trade secrets. In the case of trade secrets, to be viewed by a court of law as such, the information must be suitably protected and kept “secret.” Allowing employees to sync trade secret data across multiple Apple devices, which could be company-owned or personal devices, may increase the chances that the trade secret will be compromised. If a device is lost or stolen, information on all devices could be compromised. Consult your attorney on how best to ensure that trade secrets remain suitably protected.|
“Find my device.” In a potential nod to security concerns voiced about Apple’s previous operating platforms, the new operating system includes a feature to locate a lost or stolen device. Once enabled, you can access a device via an application or on the iCloud Web site. After logging in, synced devices can be located on a map. Then, a message can be sent, the device can be locked, or even remotely wiped of information. The service is not fool proof, but can offer some peace of mind for users.
|Subpoenas can be issued without your knowledge to access information. A cloud computing provider can be served with a subpoena to produce your company’s data. Notification that your company’s data has been subpoenaed may take place quickly, or be delayed for a host of reasons. Because your company does not own the cloud, it will likely not have a clear understanding of what data is being “turned over”. The lack of visibility to data being produced also places your company’s legal counsel at a disadvantage when considering how best to proceed with your company’s defense.|
|There are a wide variety of apps that can be used across devices. iUsers have more than 140,000 apps, including many that can be used for business. With iCloud, apps can be downloaded and accessed on all devices.||There is a chance that a malicious app could access your company network and steal data, delete information and cause other security problems. Some companies develop a list of approved apps and only allow employees to download them for use on their networks.|
As with most developments in technology, benefits do not come without risks. In partnership with your legal counsel, consider the inherent dangers in allowing employees to use their Apple devices to store data on the iCloud. The benefits may or may not be worth the risk. Here are a couple considerations:
Educate employees. Once data resides in iCloud or any cloud computing service, employees may be able to access company data wherever there is an Internet connection. Educate staff members about protecting their company network log-in credentials and the dangers of accessing company data in public places, such as coffee shops, airports, or Internet cafes. Special attention should be given to “phishing” e-mail messages that routinely trick employees into providing their log-in information and passwords. Phishing e-mails may appear to be from a cloud company’s administrator when they are actually sent by fraud rings attempting to steal data.
Be aware of how the cloud affects data e-discovery. Electronically stored information (ESI) is routinely requested in civil, criminal and regulatory proceedings. Have a clear understanding of the processes in place to respond to ESI discovery requests. In the event that your company is required to produce ESI, it should be a smooth process that provides data in a timely manner and creates no doubt that the data is complete and accurate.
Cloud computing on Apple devices and with other services has the potential to reduce your organization’s IT costs, as well as make it more convenient to locate information when working at locations outside the office. However, failing to identify potential pitfalls that are inherent in cloud computing can result in unexpected costs that can far exceed the short-term cost savings. If you are concerned about IT cost savings, contact ECC IT Solutions today at 301-337-3100 for a free technology assessment to help build more profitable IT solutions for your company.