Monday, August 27, 2012

ICloud  - a double edged sword?

iCloud - a double edged sword


There is an inherent logic to using iCloud to backup your I devices. The security of being able to restore from a recent Backup while you are on the road being a major advantage. Apple may have created a stable O/S and a great phone and Tablet, but they are still not bulletproof and my 5 year old can still send them into the dead zone with ease. Dont ask me how, but he does something to send them beyond a simple reboot to recover.

There is also the comfort of being able to locate a misplaced phone and sync data across the iPhone and iPad.

Enter the Corporate conundrum !

Trying to prevent data leakage and restrict access without inhibiting employee efficiency is a problem which dogs corporations across the globe. This balancing act becomes more difficult with the passage of time as more services and features become cloud enabled.

As a Security Analyst I used to be totally anti-cloud but this has become an untenable position as my device usage has increased.

I believe the ICloud may now represent an acceptable risk for the corporate environment....with certain caveats.

ICloud backup of iPhones will enable more support options for executives who now spend a large portion of their time out of the office, and often out of the stae or country. Being able to talk a stressed executive through an iCloud based restore is certainly preferable to having the, wait while a new device (without his or her contacts , calendars and data)is sent overnight. 

Locating a lost device is also a great feature.

The non cloud alternatives for back are insufficient in my opinion. A local iTunes backup is useless when your on the road and gone if your hard drive on your pc dies.

There will be data leakage to the iCloud for sure, but no level of policy, procedure, controls and monitoring can totally prevent cloud leakage. So the logical choice is to embrace a single cloud solution, and the best value, and most compatible is iCloud.

That's all for now.

S.Russell Dyer
BS CNE CISSP CRISC Security+




No comments:

Post a Comment