In case you have been living under rock or in a cave recently, Apple champion of the iPad, iPod, and iPhone, is now pushing it's new (well not so new, but more of a re-package of something existing) "hard drive in the sky," iCloud. Apple boasts:
"iCloud is so much more than a hard drive in the sky. It’s the effortless way to access just about everything on all your devices. iCloud stores your content so it’s always accessible from your iPad, iPhone, iPod touch, Mac, or PC. It gives you instant access to your music, apps, latest photos, and more. And it keeps your email, contacts, and calendars up to date across all your devices. No syncing required. No management required. In fact, no anything required. iCloud does it all for you."
As usual for anything Apple makes, people say things like "Wow! It's so wonderful. This product will revolutionize the industry if not the world." And if you are an Apple junkie, that is fine, keep on eating from the orchard.
People who know me best generally know I hate Apple. And why shouldn't I? Apple is rotten to the core. This is because anything Apple is always proprietary, thus if you buy one thing from them, you must buy everything from them. This makes you a slave to your device because it limits you in your options of what you can buy for your device. So you can either get rid of your Apple device and buy something not Apple thus being out more money, or keep it, then by default you must buy everything from them. Not very "free market" now is it?Let me spare you my anti-Apple politics and talk about what my real concern is over the iCloud, SECURITY.
Now "cloud computing" is nothing new. For years, computer users have been storing data online for later retrieval when needed. The difference with iCloud and current "cloud computing" is that instead of simply downloading this data, you can use it and modify it live with out the timeliness of actually downloading it to your tablet, cellphone, computer, etc. Plus, iCloud automatically syncs the data from your device to the cloud.
Functionally, this sounds like a fantastic idea! However, we are all aware of the common stories we hear/read of data being intercepted or of data stored online being hacked/compromised.
We have all received those emails before of "being emailed by our email provider" asking that we email back our username and password or our accounts will be deleted. Obviously a phishing scam, most of us are smart enough to catch this, many are not. Also, social engineering is another very popular means to steal usernames and passwords.
These tactics could easily be used to steal your log in info for your iCloud. However, the iCloud being compromised is much worse as one could have all kinds of private files and documents sitting in the computing cloud for the picking. Where as your email being compromised may at worst have spam sent from it or prove you have been ordering Viagra online. :-D
I know that we all run the same risk of being hacked online as we do with the iCloud. However, most websites we log into to use tell you this, offer advise on being more secure, and even attempt to protect your security themselves. Apple is not offering this same courtesy. Andrew Storms, Director of Security Operations for nCircle, warns:
"Apple's iCloud announcement is missing enterprise security content, and we saw the same thing with the iPhone introduction. They left almost all of the enterprise level security and compliance questions about iCloud unanswered."
He continues:
"It's all too easy to imagine a Sony-scale enterprise attack that leaves IT security teams holding the bag while iCloud ‘grows into' enterprise security requirements."
Wow, scary stuff!
What about businesses who keep sensitive data? I am not saying that these businesses will be using the iCloud themselves, but more and more businesses allow employees to use personally owned devices for work. A question that any business should ask is what assurances are being given that business data is not being sent up and stored in the cloud during a sync?
The convenience of having documents automatically sync to your iCloud aside, what happens when the business wants to delete that information? If the file is removed on one platform, what assurances does the organization have that the file is also eradicated on other devices, and from iCloud itself?What happens if an iCloud users' account is compromised with these documents on it? This could be real trouble for businesses!
Okay everyone, it is time to get out your tin foil hat, it's conspiracy time!
We all know we live in a world where certain nations, ( cough, cough, CHINA, cough!) sometimes monitors, censors, and even persecutes it's own citizens. In case some are not familiar, recently an attack was launched on Google's Gmail which has originated from China (including several other high profile attacks one of which on the Canadian government). During the attack on Gmail, many usernames and passwords were compromised. It was believed to be an attempt from China's government to monitor and censor citizens.In China, many citizens have been jailed for leaking information about the country's censorship activities. China recently jailed a journalist who leaked information about China's attempts to censor coverage of the anniversary of the Tienanmen crackdown. Mind you, Google created a censored search engine for China. Inside China, if you google Tienanmen Square, only tourist images of Tienanmen Square and the Forbidden City across the street pop up.
So if these are common tactics of China, think of the repercussions to citizens once China now not only has access to personal email, but all the data from devices stored in the iCloud. So with these automatic iCloud syncs, can you imagine what kind of "evidence" China will find and use to persecute citizens?
The scary thing is China is not the only nation with these practices!
iCloud has the possibility to be a fluffy cute little Cumulus, or a big stormy, lightening producing Cumulonimbus.
