Earlier this month it became widely publicized that Apple maintains complete control over the master encryption key to their marquee cloud offering, iCloud. Now, to anyone familiar with security and encryption this should come as no surprise. In order for nearly all consumer cloud services to provide anywhere access to data the provider must be able to encrypt and decrypt data on the fly. But it brings up the bigger question of, who should I trust with my data?
The consumer cloud
To even begin to answer that question, we need to first look at what types of data are being stored inside Apple’s iCloud. For our purposes, we’ll break the data into two sets: general media files and personal files. The first group consists of music, movies, books, and mobile apps – not exactly what you’d call sensitive data. If a third-party were to gain access to your music library, it wouldn’t be the end of the world. The second group, however, is made up of much more personal documents, including notes, calendar events, mail, contacts, and user settings. This is personal information, there’s no question about it, but would a hacker or rogue Apple employee really go through the effort to read your email, text messages, and photos? Maybe if you are Scarlett Johansson – but that’s a different story…
In the end, the consumer cloud means trusting a vendor, in this case, Apple. As a user, you trust them to do the right thing in terms of how they handle security and encryption, both in terms of technology and internal policies. Again, the issue here is trust. You have no control over the encryption key, therefore the possibility of your data being compromised by a malicious hacker or Apple employee is always present. The ultimate question is, are you willing to hand over this trust in return for the convenience of being able to sync your photos, messages, and music across your laptop, phone, and tablet? I believe, and history would suggest, most users are.
The enterprise cannot rely on trust
When it comes to the enterprise it’s a different story. Controlling access to data and protecting it from malicious hackers, competitors, ex-employees, etc. is a top priority for IT. For the traditional storage infrastructure, this means all the hardware sits inside the four walls of the organization. Servers are locked inside racks, which are locked inside a server room. Policies are administered with an access control system and IT has tight control over all aspects of data storage as well as the corporate network.
When moving data outside those “four walls” this all changes. Data is no longer inside that locked server room, but scattered across multiple data centers located in multiple geographies. Personal email and photos are one thing – sensitive corporate IP is another. Security and encryption must be done right:
- The security and encryption system must be proven. OpenPGP comes to mind here. It’s open to the degree that it is peer reviewed and with that comes a rock solid encryption scheme trusted with the most sensitive data out there.
- IT generates and holds the crypto keys – if the encryption happens before the data leaves for the cloud and the storage vendor doesn’t have a copy of the keys, there is no way anyone can read the encrypted data.
- There is an acceptable level of redundancy within the cloud (or clouds) the data is stored on. This has more to do with data protection than security, but lost data can, in some circumstances, be even more damaging than hacked data. Amazon’s eleven-nine’s is a good example of this.
IT is not (and should not) be willing to trust a storage vendor or cloud storage provider with access to their data. When it comes to enterprise data – there is simply too much at stake. Nasuni’s Rob Mason said it best in the following statement: “We trust our employees, but we do not ask our customers to share that trust. This is good security practice. No strong encryption scheme should rely solely on trust.”
Do you trust Apple with your personal data? Would you trust a storage vendor to hold the keys to your corporate data? Sound off in the comments below.