Is iCloud the Next Big Security Challenge?

Thursday, November 10, 2011

Paula Skokowski

24a688dde3dc9dcafbbd5dfdcf575d03

The line between work and play just got a little blurrier and the potential for a data breach a lot higher with the launch of Apple's iCloud. 

If you are unfamiliar with iCloud, it is a set of free cloud services, including iTunes in the Cloud, Photo Stream and Documents in the Cloud, that work with an iPhone, iPad, iPod touch, Mac or PC to store content in iCloud. 

When content changes on one device, all other devices are automatically updated.  A wonderful service for consumers; however, for enterprises iCloud has the potential to wreak havoc.

Enterprise cloud computing options such iCloud and the proliferation of mobile devices in work environments have created a challenge for IT departments as they struggle to maintain control over how business data is accessed and shared. 

When employees and contractors bring these devices into the workplace, these services can quickly become a security and compliance nightmare. 

Similar to Dropbox, iCloud was designed for consumers; therefore, it lacks the necessary security for stored information and offers no oversight or management control over information that is shared.

Because IT has no visibility or control over the information being accessed or shared, it is impossible to know just how exposed an organization is to a data breach.

As data breaches continue to top headlines and penalties for non-compliance continue to climb, now is not the time to ignore security vulnerabilities. Organizations require more than just a freemium, public, multi-tenant cloud solution.

Enterprise solutions should support a variety of deployment options for virtual environments including VMware, Citrix XENserver, Microsoft HyperV, public, private and hybrid cloud environments, FIPS 140-2 certified deployment and also on-premise physical installation.

The solution should allow you to mix and match different deployment modes and integrate as one solution.

Enterprise-level solutions provide IT administrators with the necessary visibility and control to monitor and manage what information is being accessed, by who and when so the enterprise can comply with industry regulations such as SOX and HIPAA that require monitoring and reporting systems to be in place.

Utilizing security controls, IT administrators and business users can set policies to prevent files from being forwarded to unauthorized users.

Meeting the needs of enterprises requires choice of where to store data, particularly sensitive information. Organizations with an enterprise-level collaboration and file sharing solution in place for mobile devices find the temptation for employees and contractors to use free iCloud and Dropbox-type applications is eliminated. 

IT administrators can manage and audit file sharing, ensuring that users are complying with security policies; and IT managers and compliance officers can be confident that compliance mandates are being met.


Author's Note: This blog post has been adapted for this audience from a Government Security News article.

Possibly Related Articles:
16160
Cloud Security
Service Provider
Apple Compliance Cloud Security Enterprise Security Managed Services Data Center iCloud
Post Rating I Like this!
Default-avatar
James Anderson The article seems to be more about what enterprises can and should do than about iCloud being a security challenge. In fact, using iCloud for this article seems to be more about attracting clicks. I was hoping for how a user having iCloud on their personal device was going to be a security challenge for enterprise systems – which I don't see any more than I do for a user putting organization data onto personal services.

The use of a personal devices to not necessarily imply that they will be using personal services to access and store organization data. That is an employee competence issue, not a technology one.
1321019556
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.