By Ondrej Krehel,
There are more than 200 million iPhones and iPads out there in consumer land. Most of them are connected to a Mac or PC via iTunes, Apple’s popular music player and file sync program.
Every time the phone or tablet is connected, by USB, to the host computer, iTunes can automatically sync your selected music, documents, photos and contacts. There’s no prompt when you download Lady Gaga’a new album and add it to a playlist that’s on your phone. The music simply shows up on your device after a short background sync.
But what about when you use multiple computers for multiple devices? What about those pesky wires? This is what Apple’s trying to work around with its recently announced iCloud service.
With iCloud, in theory, all your computers and devices will always be in sync, so long as they’re connected to the Internet. There are several services out there that do this, such as Dropbox, Box.net and Google Documents, but Apple is claiming its service will be comprehensive, free and easy.
Frankly, this concerns me. The general perception out there is that cloud computing is less secure than classical data storage. And this is a good thing. Many people pick and choose what kinds of files they want to backup online with, say, a Dropbox-like service that lets you download your documents from any computer with an Internet connection. Though we might want our grandmother’s famous recipes available wherever we go, we probably don’t—and shouldn’t—feel the same way about our tax records.
Recent cloud-based data breaches have solidified this notion in the popular consumer mind. My concern is that Apple, which has mastered the art of slick marketing, could make the American consumer a whole lot less skeptical, and a whole lot less secure.
Spreading data around the Internet is a fundamentally bad idea. This is why, I believe, cloud-speak is loudest among marketing people and avoided by most IT departments. Clouds might make syncing Lady Gaga easier, but they add one more threat vector to the list. Now along with a smartphone being lost or a computer being hacked, you have to worry about whether or not the cloud can be breached. This is not a farfetched scenario. Just ask Sony.
Ondrej Krehel, Chief Information Security Officer,
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.