How To Stay Secure In iCloud
With Apple's release of iOS 5 and iCloud, there are now several ways to get data easily into and out of your iOS device. However, with the additional methods that make it easier for you to access your data when and where you need it, there also comes the danger of unauthorized access. This how-to helps you understand when, where, and how data is sent and stored with iOS and iCloud, and how the new features affect security.
White PapersMore >>
iCloud is partly Apple's rebranding of its poorly received MobileMe service and partly new features that take advantage of iTunes 10.5 and iOS5. At first blush, many iOS-using friends I spoke with were not overly impressed with the features. Many commented, "I've been syncing for years with Google on my iPhone." But even if you don't plan to use the core syncing services in iCloud, you should take a look at its new features, because there's something for everyone. Tasks such as Wi-Fi syncing and cloud backup, for instance, are not easily done with third-party utilities.
You can use as as little or as much of iCloud as you want. You can turn it off altogether, or configure it to act only as an easy way to find your iPhone. Simply activate your iCloud account using your Apple ID. Go to Settings, iCloud, and turn off everything except "Find My iPhone".
Tap Settings-iCloud to get to the Find my iPhone option.
Turn on Find my iPhone and you'll be able to locate your iPhone, regardless of location, should you lose it.
The only data that gets shared with Apple is your location. The GPS location, along with the Track my iPhone website, will help you locate your iPhone if you accidentally lose it.
Apple's rebranding of MobileMe is most obvious in its Mail syncing--it is usable only with Apple's MobileMe addresses. Despite this weakness, the MobileMe mail service does keep your data secure both when sending and receiving email using the industry standard secure socket layer (SSL). Apple is also using authorization through your MobileMe account to send email, which will cut down on the amount of spam that is sent through Apple's mail servers. (You can also point other mail applications to your @me address using the settings here: http://support.apple.com/kb/HT4864).
To activate iCloud email, you can either point your browser to http://www.iCloud.com or create an @me.com account through the IOS device by selecting Settings, iCloud, and then sliding the Mail button to On.
You can create you iCloud Mail account right on your device with a @me.com mail address
Once your account is created, data is stored on both your IOS device and on Apple's email servers. If you are also using iCloud (or manual configuration of Applications to access iCloud) on other computers and devices, then the data will be stored on these additional computers and devices as well.
Generally speaking, most business users will not be interested in the @me email accounts, as businesses prefer to use their own domain names for marketing and identification. However, separate accounts can be set up under email, and the iOS device will not sync any of the other accounts with iCloud. If by chance you are using the @me accounts for business, then check with your company policy as to whether you are allowed to sync the email back down to other computers you own or control.
Contacts, Calendar, Reminders, Bookmarks, and Notes are treated much the same way, keeping the iOS device in sync with the iCloud and any configured computers. However, the major difference with these apps is that you can sync them offline through iTunes. If your corporate policy prohibits or discourages using third parties to store or sync your calendar and contacts, no problem! Syncing them through iTunes means the information never leaves your computer or phone. These apps also have the advantage of not needing an @me email address from Apple.
Apple also allows Wi-Fi syncing with iTunes, which is a nice feature for you if your company does not want you syncing across the Internet or using third-party syncing apps. You are tied to your local area network's Wi-Fi for Wi-Fi sync, but the speeds are more than adequate for keeping your contacts and email up to date.
There is not a whole lot known currently about how secure the Wi-Fi sync is, but regardless of its own security, third-party, untrusted open Wi-Fi should be avoided for general computing purposes unless the traffic can be protected in virtual private networks. Time will tell if VPN support will include the Wi-Fi sync.
If you're using your own computers and trusted (secured and encrypted) Wi-Fi then the data will only be transmitted securely and stored on your computers and iOS device.
Wi-Fi sync also supports backing up your device via Wi-Fi. The target can either be your computer or Apple's iCloud. The advantage iCloud has for the backup is that you don't need a computer and the backup is off site in case a disaster ruins both your phone and the computer; however, a disadvantage is that the backup is not encrypted whenever it is stored on Apple's servers. There is currently an option to encrypt the backup when you store it on your computer, so hopefully Apple will add this feature in the future.
Photo Stream and Documents and Data work with iCloud in yet another way. They don't require or use syncing; Photo Stream takes all of your pictures and places them in your iCloud. Unfortunately, there currently is no easy way to manage pictures from the phone. This means that unlike contacts, deletions on the phone do not translate to removed pictures on the stream.
The Documents and Data setting allows individual applications to place data in the cloud. This will in theory allow third party applications to share data through the iCloud. This could provide additional backups of your data, or it could also be used for services to identify where you were on a particular document or task.
Basic iOS 5 security
iOS 5 provides basic security functions to protect both your private and company data in the case of loss or theft.
As with any good security plan, safety starts with the physical control of the device. iOS provides "screen saver" functionality in its Auto-Lock feature under Settings, General and is configurable in one- to five-minute increments. This setting defines the number of inactive minutes the device will wait before locking the device.
You can configure your iPhone to auto lock after a set period of inactivity.
But the Auto-Lock setting alone is not enough to keep your iOS device secure. You should combine Auto-Lock with Passcode Lock, also under Settings, General.
You can further secure your device with a passcode. Select Settings, General, Passcode Lock.
You will be prompted to enter a four-digit passcode.
Configuring your four-digit passcode is easy.
Because even a four-digit passcode is relatively insecure if someone is allowed to guess indefinitely, you should also enable the "Erase Data" option on the same screen. You will be prompted with a warning that the iPhone will be erased after 10 wrong guesses.
Your phone can be set to wipe data if too many attempts to access it are made.
An even more secure method than the four-digit passcode option is using a combination of letters and numbers, which can be activated using the "Simple Passcodes" option. Longer passwords are cumbersome on phones, however, so I prefer the shorter numbers and setting the phone to erase data.
When your phone is locked with a passcode, by default it still allows access to Siri. This can be convenient if you'd like to ask Siri for a bit of info without bothering to type in the password, but it also presents a security gap. Anyone else can also ask Siri questions that return data in the form of contacts and other information that you might not want to share.
Even when your device is locked, Siri accepts questions--which could lead to a security breach if your phone is ever stolen.
The iPhone 4S and iOS 5 come with a raft of great features you should try. But don't forget that vendors rarely spell out the security problems new features might pose. It's usually up to you to make sure your data is protected.
By understanding and carefully selecting the options available on your iOS device, you can ensure only the data you intended is shared.