Mobile
Commentary
6/23/2011
03:29 PM
Kurt Marko
Kurt Marko
Commentary
Connect Directly
Facebook
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Gets Serious About iOS Data Protection

Its iCloud service will be a one-stop content, document, application, and configuration synchronization service for mobile devices and PCs.

At the risk of sounding like a broken record to those who have been following my columns, with mobile devices gaining parity with PCs in the pantheon of enterprise information tools, users and IT must come to grips with the snippets of sensitive data they are rapidly accumulating. Besides the usual security "hygiene" advice everyone should be tired of hearing (but I can't resist repeating: use a screen lock, the longer the password the better, use a tracking and remote-wipe service to erase data on lost or stolen devices, use a VPN on public Wi-Fi networks), some users have also recognized the need to back up their smartphone and tablet data.

As noted a couple weeks ago, several vendors have stepped into the backup software void. But at last week's Apple Worldwide Developers Conference, the 800-pound gorilla just undercut the market for many of them with iCloud.

Wireless portability, relatively limited local storage, and the nomadic nature of tablets and smartphones would seem to make the cloud an ideal mechanism for mirroring their contents. So thought Apple, as evidenced by an iCloud feature set that far exceeds rumors that ricocheted around the blogosphere. If you own or support iPhones and iPads, iCloud has you covered come fall, when the service and its enabling iOS upgrade are released.

Apple went all in with iCloud, which many expected would be little more than a music streaming and archiving service. Instead, iCloud will be a one-stop content, document, application, and configuration synchronization service for both mobile devices and PCs (although Windows users won't gain much more than document and calendar sharing).

Essentially, Apple designed iCloud to replicate the "personality" of an iPhone, iPad, and even Mac, and automatically push that personality out to every other device in a user's Apple ecosystem. Thus, iCloud can work as a backup/disaster recovery tool, as long as you trust Apple with your data. Restoring an iPhone or personalizing a new device is merely a matter of wirelessly logging in to an iTunes account and letting iCloud do the rest--personal data, purchased music (not burned, although that's a $25 add-on option), apps, books, and settings will automatically reappear.

While iCloud seems to solve the backup problems for iPhone/iPad users, Apple's announcement still leaves many questions: How might enterprise IT tap into and manage iCloud data for devices it manages? Will there be tools for central command and control? What security technologies and processes will iCloud incorporate? What about non-Apple applications; how soon will they support iCloud? What does iCloud mean for cloud file-sharing services such as Dropbox and SugarSync or for the iOS backup market writ large?

Apple's iCloud initiative has validated the need for a comprehensive (including all user-specific device data), transparent (requiring as little end-user configuration and management as possible), and cross-platform (recognizing that people generate information on many devices and need a "single version of the truth") backup system. ICloud seems to fit the bill for the Apple ecosystem and will likely set the standard for comparable cloud-based services targeting Android, Windows Mobile, and other mobile devices.

Yet Apple realizes that keeping data on the device itself from falling into the wrong hands is still an imperfectly solved problem, as evidenced by a new patent application describing potential new features in iOS local security policies and Apple's "Find My iPhone" service. The document describes enhancements to the standard PIN/passcode screen lock that could progressively increase device security after a number of failed login attempts (indicating that either the device is in the hands of a thief or the owner is very inebriated).

Currently, iOS only offers the nuclear option--a device can be configured to locally wipe all data after 10 failed login attempts. However, using this new technology, after, say, five attempts, an iPhone or iPad might selectively encrypt certain data such as contacts, notes, or locally cached email. Continued failure to guess the right passcode could prompt the device to functionally degrade by disabling outbound phone calls, text messages, or data service and enter a "surveillance mode" in which it surreptitiously records audio, video, and location to an online service like Find My iPhone.

Such dynamic adjustment of mobile device security parameters in response to suspicious activities or usage is a beautifully ingenious and promising new approach to enhancing data protection, providing users with greater control over a device's autonomous defenses while offering powerful new tools for thwarting and capturing thieves. As smartphones and tablets assume even greater roles in our online existence (eventually even replacing our wallets and credit cards), look for Apple and others to embed even more sophisticated, multilayered security systems.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.