Data stored in Apple's iCloud deemed 'safe' for most users
Chris Foresman at Ars Technica took a closer look at Apple's iCloud in an effort answer the question: "How safe is my data stored in iCloud?" He came away with the conclusion that Apple's service is at least as safe as using any other remote server, and maybe even more than most.
"All data is transferred to computers and mobile devices using secure sockets layer via WebDAV, IMAP, or HTTP," he wrote, explaining that all data except notes and e-mails is encrypted on Apple's remote servers.
Aside from someone obtaining an e-mail address and password associated with an iCloud account, he found the service is "safe" from hackers, and regular users can feel confident with sharing their data.
One potential security concern could be an Apple employee with direct access to files and data on the company's servers. But the company's own privacy policy plainly states that the company takes "administrative, technical, and physical" cautions to safeguard data.
Apple does not publicly disclose how it encrypts user data when it is stored on its remote servers, but sources who spoke with Foresman indicated the company is relying on Microsoft Azure for iCloud, aligning with a rumor that surfaced last September.
"Using a WebDAV client, we were able to access some of our iCloud data by guessing the server name and path; once authenticated, that data was human readable," he wrote. "Since we know that Apple decrypts this kind of data, the company is likely using some type of file-system encryption that is decrypted on the fly when requested from an authenticated device or computer."
E-mail is not encrypted through iCloud because no mainstream consumer IMAP providers encrypt messages on disk. Instead, messages are usually encrypted by the e-mail client and then decrypted by the receiver using a shared key.
As for notes, they are shared using IMAP to allow syncing with the Mail application in OS X 10.7 Lion. Foresman theorized that may change with the forthcoming release of OS X 10.8 Mountain Lion, which will have its own dedicated Notes application.
The iCloud umbrella of services launched last October, replacing Apple's previous cloud-based option, MobileMe. It includes former MobileMe services like Find My iPhone, Mail and Contacts, as well as Documents in the Cloud, iTunes in the Cloud and more.
39 Comments
I recently enabled iCloud for Numbers on my iPad, even though I don?t own Numbers on Mac or anyplace else, and it?s great as an automatic remote backup! Better than Time Machine. Every change I make is backed up to the cloud within seconds. I need that peace of mind if I?m going to switch my accounting to iPad. Which I am now doing
Even if I never actually care about ?synching? that work, having such a complete and painless backup is terrific peace of mind. (I do, in addition, download the file from iCloud to my Mac as another local backup occasionally. And even without Numbers I can view the file on Mac, which is nice.)
The dynamic duo of iCloud and Time Machine not only gives me peace of mind when working with important documents, but also takes a huge burden off of the storage capacity of my new iPad. I have a feeling that in the near future, storage capacities of mobile devices will matter less and less, especially if you have a cellular enabled device
Wake me up when NSA or CESG come up with an endorsement...
I have a feeling that in the near future, storage capacities of mobile devices will matter less and less, especially if you have a cellular enabled device
iCloud and other cloud-based services along with faster connection speeds do offer some relief from local storage but I don't think it's even close enough to make local storage matter less. I see storage capacities rising with time, not so much because the technology and cost permits it, but because we will want it. Even textbooks from iBookstore are averaging 1.5 GB which is too large for streaming to a device on an as needed basis.
Just remember when using the magical cloud servers that your documents become the property of that company.