The launch of Apple's iCloud will bring cloud computing to the masses and with it, new security challenges. CryptoCard SVP Europe Jason Hart looks at the proposition and risks with one of the key launches of 2011.
Apple's iCloud is here, it's big and the question of mass cloud security is now a real and present challenge. Apple understandably believes the cloud is critical in delivering its services to the general public.
Staying ahead of the competition with its ability to create markets where none have existed before, Apple can set the agenda of technology like no other. Delivery of consumer applications via the cloud is only going to grow and the threat of a mass breach of cloud user data is a critical concern for cloud providers as the technology evolves. So how can Apple make sure it's not the victim?
In many ways, the cloud is a logical extension of what security experts already have to deal with every day. From simple SQL injections, distributed denial-of-service (DDoS) and cross-site scripting to more serious attacks, the cloud is just another network to defend and there will be many measures taken to protect Apple's users against malicious code.
The problem for the iCloud, as with any cloud solution, is the ability to identify individuals as legitimate users. After all, it doesn't matter how sophisticated your encrypted virus protection is if the attacker has the right username and password. Whether brute forced, phished or physically stolen, we know that there are hundreds of thousands of compromised username/password combinations out there already.
The iCloud faces a heightened threat due to the premium value of its content: once a hacker comes into possession of another user's details, they could quickly run up thousands of pounds in downloaded audio, video and apps. Because this could be accessed from any device connected to the cloud, it would be easy to hook up, download, disconnect and be gone before anyone had even detected a breach.
So, what are Apple's options? It will certainly need strong defences to protect its network and users against sophisticated assaults, but it is also going to need a way to authenticate users at point of access. As IT services face logins from every angle and all devices, proper authentication will be the key to safeguarding users.
After all, no matter how secure Apple makes its own service, it is powerless to protect against user data obtained from other, less secure services. It's not a coincidence that Apple is facing this challenge now, as the cloud is becoming a fundamental part of our lives.
At work, more people are accessing the office remotely. At home, users are changing habits, shifting away from ownership and towards cloud-based subscription models. In both cases, this is reflected in how they access their data: mostly through mobile devices that log in to online services.
With so many access points that are impossible to account for, it's small wonder that companies are adopting policies that move the focus away from protecting machines to verifying the accounts themselves.
In an increasingly digitised world with thriving on-demand business models, it's no surprise that the cloud has been propelled into the spotlight of the consumer market as quickly as it has.
It's now up to modern companies, from service providers to cloud-based application providers, to make sure that the people buying their products are really who they say they are.