Overloading Cloud Services With Security Fixes Defeats Their Purpose

NEWS ANALYSIS: There are several things Apple could do to make iCloud really secure, but many of them would make the cloud service useless for its intended purpose.

Clooud Storage Security 2

After I wrote about the problem with Apple's iCloud in which photos of some celebrities were compromised and stolen from their accounts, I received a number of suggestions as to what Apple should do about it.

I'll forget about the suggestions that are unprintable, but there were plenty of people who think Apple should do something. But not everyone is sure exactly what it is Apple should do.

Some things are obvious, including one fix that Apple has already made, which is limiting the number of password entry attempts before the account is locked down. Before the photo thefts came to light, iCloud allowed visitors to make an unlimited number of password tries. Now there's a limit of five tries.

Other preventive measures, such as requiring two-factor authentication before changing passwords, were already available. Another measure requiring two-factor authentication before extracting photos out of iCloud wasn't implemented despite Apple tech support's claim that it was.

But, as Chris Preimesberger points out, some things take time, and some security enhancements for Apple devices and iCloud will be released with the next version of iOS, due this fall. As much as Apple might wish it could snap its corporate fingers and simply make it happen, the company does not have magical powers.

But that's not to suggest that there aren't some things that Apple and any other company that offers cloud services to the general public shouldn't do to improve account security. A case in point comes from Craig Mathias, principal at Farpoint Group, who contends that the big thing that Apple should do is have all data be encrypted in the cloud and in transit.

Mathias pointed out that even if someone were to breach an iCloud account, they wouldn't be able to see anything, except "a bunch of bits," if two-factor authentication were required to access encrypted data. "With the new Mac, you must sync with iCloud," Mathias said, "but is iCloud encrypted?"

But, the fact is, you can only take such things as encryption or two-factor authentication so far. One major reason for using iCloud or other services, such as Microsoft's OneDrive, is that they're an easy way to preserve data that might otherwise be lost. If you had to enter a passcode on your phone every time you wanted to save a photo to the cloud, it's likely that far fewer people would use those services.

This may not sound like a big deal, but then think about what is probably the single biggest concern when people lose their phones these days. It's not the inability to make calls, but the hundreds of photos that are stored on the phone and nowhere else. iCloud and OneDrive serve a primary purpose of providing storage in real time as photos are taken. This is why people use them.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...