Hey You, Get Off of the iCloud

Tuesday, June 28, 2011

Kelly Colgan


Article by Ondrej Krehel, Identity Theft 911

There are more than 200 million iPhones and iPads out there in consumer land. Most of them are connected to a Mac or PC via iTunes, Apple’s popular music player and file sync program.

Every time the phone or tablet is connected, by USB, to the host computer, iTunes can automatically sync your selected music, documents, photos and contacts.

There’s no prompt when you download Lady Gaga’a new album and add it to a playlist that’s on your phone. The music simply shows up on your device after a short background sync.

imageBut what about when you use multiple computers for multiple devices? What about those pesky wires? This is what Apple’s trying to work around with its recently announced iCloud service.

With iCloud, in theory, all your computers and devices will always be in sync, so long as they’re connected to the Internet.

There are several services out there that do this, such as Dropbox, Box.net and Google Documents, but Apple is claiming its service will be comprehensive, free and easy.

Frankly, this concerns me. The general perception out there is that cloud computing is less secure than classical data storage. And this is a good thing.

Many people pick and choose what kinds of files they want to backup online with, say, a Dropbox-like service that lets you download your documents from any computer with an Internet connection.

Though we might want our grandmother’s famous recipes available wherever we go, we probably don’t—and shouldn’t—feel the same way about our tax records.

Recent cloud-based data breaches have solidified this notion in the popular consumer mind. My concern is that Apple, which has mastered the art of slick marketing, could make the American consumer a whole lot less skeptical, and a whole lot less secure.

Spreading data around the Internet is a fundamentally bad idea. This is why, I believe, cloud-speak is loudest among marketing people and avoided by most IT departments.

Clouds might make syncing Lady Gaga easier, but they add one more threat vector to the list. Now along with a smartphone being lost or a computer being hacked, you have to worry about whether or not the cloud can be breached.

This is not a farfetched scenario. Just ask Sony.

imageOndrej Krehel, Chief Information Security Officer, Identity Theft 911 Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.

Possibly Related Articles:
Cloud Security
Service Provider
Apple Cloud Security Storage Data Center Consumers iCloud
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.