Apple Drops Plans for iCloud Full Encryption
As reported by Reuters on January 22, 2020, Apple has dropped plans for full encryption of the iCloud for iPhone users. This was in response to complaints by the FBI that such encryption would harm investigations. Certainly the need for the availability of data by law enforcement agencies in cases such as the Saudi Air Force officer who killed three people in Pensacola, Florida, can be argued to be valid. It should however, raise larger questions as to the total security of cloud based computing and the efficacy of using it for businesses.
Cloud Computing and Businesses
Cloud computing is experiencing tremendous growth in the business sector. On the face of it, there are many advantages to cloud computing for businesses. It is a scalable solution that meet a company’s growth, it offloads requirements for back up and disaster recovery, and it improves document control. That however involves some serious consequences.
A business’s data is priceless. When you offload the responsibility for maintaining the security of that data you cannot be certain your best interests are being met. Ask yourself this. How often do you ask somebody to hold your wallet or pocketbook? You have no real way of determining security of your data because there is no standard of protection for cloud service providers.
You are also handing over incident mitigation to another party. In the all too likely event of a data breach, or denial of service, or other cyberattack, a company will have little flexibility to respond to the incident.
Another major concern is the loss of control over users of data inside a company. Once an employee has access to data in a cloud based system it is impossible to monitor and control how that data is being used. This is of even greater concern to companies that must operate in compliance to information security regulations. Examples of such regulations include International Traffic in Arms Regulations (ITAR), and Health Insurance Portability and Accountability Act (HIPAA) where such loss of control can lead to non-compliance which has serious repercussions.
Business Data Security is Important
Maintaining the security of a business’s data is a primary concern in today’s world. This requires that those that are serious about cybersecurity take the long view and not follow the pack. Asking the hard questions may bring answers that make seemingly convenient choices far less than appropriate. Having a comprehensive program to address these concerns such as an Information Security Management System (ISMS) is often the best solution. CVG Strategy can help you establish and maintain a viable solution for your data security.