Apple iCloud: The Cost of Convenience
Cloud services are quickly becoming the standard in online storage thanks to the increasing demand for data synchronization across multiple platforms and devices. Having your data stored in a centralized, online location makes it easy to keep track of your files on-the-go from a computer, tablet, or smartphone while minimizing the amount of local disk space required. Of course, that also means that the data itself is no longer physically under your control.
As a rough analogy, cloud storage is a little like putting money in the bank. The bank tells you your money is there, and they may even let you access your account online to check on it, but the money isn’t physically in your hands. By trusting the bank to take care of it for you, you’re accepting the calculated risk that the benefits and convenience of doing so far outweigh the few and unlikely drawbacks.
But what if the unlikely happens?
What if someone pretending to be you goes to the bank and tries to withdraw from your account? Or worse, what happens if the bank computers contract a virus that erases all trace of your funds?
Obviously, these are extreme cases. Banks in particular have stringent security procedures in place to make sure that the person accessing your account is actually authorized to do so. Financial account information is backed up multiple times and in several locations to prevent tampering or data loss. But as unlikely as these scenarios are, they’re not impossible even at the bank, and when speaking of cloud services, issues like this are far more likely.
The world knows that the new iPhone 5 has finally arrived, and with it the latest update to Apple’s iOS operating system — iOS6. The new OS continues to emphasize Apple’s strong push for their iCloud service; they’re even offering a free iCloud.com email address when you sign up. A big selling point is that your iCloud.com email will remain stored in the cloud and then synchronize wirelessly across your iPhone, iPad, and Mac Book. But unlike the more familiar IMAP account, iCloud accounts offer the ability to remote wipe data in the case where one of your synchronized devices is lost or stolen. This can be very useful, but also extremely dangerous if your account is compromised. (By contrast, LuxSci’s MobileSync Remote Wipe can clear your devices if they are lost or stolen, but cannot clear the centrally stored email, contact, calendar, and task data itself — it can’t be used to delete all of your data).
There have been several recent cases of iCloud users falling prey to hackers using brute force or social engineering tricks to gain access to their account. One of the more high profile instances can be found here. The end result of this particular instance is that the victim lost a year’s worth of data including email, pictures, and documents due to a remote wipe perpetrated by the hacker who broke into his iCloud account.
So should you avoid storing data in a cloud?
Again, it’s a question of trust and calculated risk. You can certainly reduce that risk by using secure, smart passwords and taking advantage of two-factor login authentication whenever possible, but when your data is out of your hands, it’s never a guarantee. The best policy should be to get educated about what you’re using, fully understand the risks, and take the necessary precautions to protect your data in case the unlikely happens. Reliance on the cloud to take care of your data for you may be convenient, but it can come at a high cost.
Here are some important things to keep in mind before you decide to toss all your data into a cloud:
- Does the provider place a priority on security and privacy?
- Does the cloud have a backup policy in place? Is it enabled by default? How many backups does it keep track of, and how long are they available? See LuxSci’s backup options
- Does the cloud offer additional levels of login security? Does it support two-factor authentication? See our article on two-factor authentication
- What is the policy for lost or forgotten passwords? Is it possible to social engineer your way into the account? Will you be alerted to unusual login attempts or behavior? See our recent login security enhancements and our review of our Account Status Reports
For all too many cloud and outsourced providers, security and privacy are not the focus. The larger they are, the more of a target they are as well… This is why we have see so many issues in the past with Apple, Google, Yahoo, etc. This is why, if email and other data is of any significant importance, its probably best to ditch free services, get your own domain name, and choose a specialized provider with a mission that matches your needs. Having your own domain, further, allows you to change providers as needed without changing your addresses and other materials. The worst thing would be to get stuck using some large free provider that you are no longer happy with just because you are using their domain name (case in point … all those old AOL.com accounts) and can’t change addresses because they are in use.