{"id":17653,"date":"2020-02-06T08:30:10","date_gmt":"2020-02-06T16:30:10","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2020\/02\/06\/news-11388\/"},"modified":"2020-02-06T08:30:10","modified_gmt":"2020-02-06T16:30:10","slug":"news-11388","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/06\/news-11388\/","title":{"rendered":"Is Apple's iCloud folder sharing a shadow IT problem?"},"content":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Thu, 06 Feb 2020 06:35:00 -0800<\/strong><\/p>\n

After a long delay, Apple is preparing to introduce iCloud Folder Sharing across both its Mac and iOS platforms. This is a big blessing for collaboration, but is it safe?<\/p>\n

iCloud Folder Sharing was first announced at WWDC 2019, but delayed until \u2013 well, at present it is still delayed and was only recently made available<\/a> inside the latest iOS and macOS developer betas. Which means it should be on the way.<\/p>\n

Probably.<\/p>\n

How it works?<\/p>\n

It works in a similar way to iCloud file sharing, except you can define shared folders as well as shared files.<\/p>\n

In use, you can choose to make it possible to share a folder with anyone who has a specific link or choose to limit access solely to named parties. You also get to choose if people you share items with can edit them, or just take a look.<\/p>\n

It is reasonable to assume these items\/folders will also be available to those using iCloud for Windows. Mobile device support on other platforms was also recently improved.<\/p>\n

A little bit.<\/p>\n

In theory, iCloud Folder Sharing means Apple now offers a relatively cross-platform tool with which teams can share and collaborate on projects \u2013 though it isn\u2019t as smooth, feature-rich or as cross platform compatible as Dropbox or Box.<\/p>\n

The thing is, with tens of millions of iPhone and Mac users in place across the enterprise market, it seems pretty clear that most of your employees are likely already using iCloud.<\/p>\n

The new feature just makes it more likely they\u2019ll use it more, including to collaborate on projects. After all, one of the huge benefits of the service is that it\u2019s as easy to use as anything else Apple does \u2013 and ease-of-use is one of the big drivers for Shadow IT.<\/p>\n

\u00a0And that is where iCloud may become a bigger problem for enterprise security chiefs trying to handle the challenge of unauthorized use of apps by their mobile employees.<\/p>\n

It is of course true to say that iCloud is a relatively secure system.<\/p>\n

Not only are Macs and iOS devices way more secure than any other platform (though no platform is perfect), but iCloud\u2019s two-factor authentication (2FA), deep platform integration, and the nature of the encryption that protects information as it is transmitted to and from the service all provide good protection.<\/p>\n

The problem with iCloud is (and always is) the user:<\/p>\n

While it is possible to protect your iCloud with complex alpha-numeric passcodes, most people just don\u2019t. Indeed, I can recall reading a recent report that claims around a third of iCloud users still haven\u2019t enabled 2FA on their systems.<\/p>\n

That\u2019s up to them, I guess, but when a highly secure iCloud user with complex passcodes and 2FA enabled chooses to share highly confidential enterprise-related documents inside a folder with another user, how are they to know how well secured that other user\u2019s iCloud access actually is?<\/p>\n

They don\u2019t.<\/p>\n

And this is a problem enterprise security teams will need to address pretty quickly now we know iCloud Folder Sharing is coming.<\/p>\n

I\u2019m certain some enterprises may ban use of iCloud, just as many already attempt ban use of any consumer-grade cloud-based document services, but I don\u2019t think bans work \u2013 they just create a blame culture in which employees become reluctant to seek help when things go wrong.<\/p>\n

It seems much more sensible to assume these things will be used, and take steps to manage such use, than to issue terse memos banning use of services you as the head of department are probably also making use of yourself.<\/p>\n

What does work is policy.<\/p>\n

In this case, it seems sensible for enterprise security chiefs to advise employees who choose to use iCloud for work to protect their account with complex alphanumeric passcodes.<\/p>\n

That\u2019s not the only protection that needs to be put in place.<\/p>\n

Employees must be encouraged to use 2FA and to keep their devices up-to-date (unless controlled by you with an MDM solution.<\/p>\n

This is why. Apple\u2019s iCloud security pages tell us<\/a>:<\/p>\n

\u201ciCloud secures your information by encrypting it when it’s in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you\u2019re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information.\u201d<\/p>\n

Thing is, and this is important, in order for end-to-end encryption to work it is necessary that\u00a0two-factor authentication<\/a>\u00a0is turned on for the Apple ID.<\/p>\n

The difference between how Apple protects your information in iCloud and on your device is encryption. iCloud Drive data is protected by \u201ca minimum of 128-bit AES encryption,\u201d according to Apple.<\/p>\n

That\u2019s quite strong I suppose, but may not be as secure as what you define in your security policy \u2013 and it is important to note that data stored in the drive is not protected by end-to-end encryption while there, though it is encrypted in transit.<\/p>\n

If you want data to be kept securely in your or your employee\u2019s drives, it makes sense to encrypt that information before uploading it.<\/p>\n

While this adds friction to the sharing\/collaboration process it also means your enterprise\u2019s confidential data (or your personal info) has better protection.<\/p>\n

(I\u2019ll be looking at good encryption solutions for this task in the next few weeks, so do follow me on social media to learn what I find out.)<\/em><\/p>\n

You can also deploy MDM solutions<\/a> to control iCloud and data access across your network. Though the best protection will always be to offer approved secure collaboration spaces that are as easy-to-use as iCloud or any other consumer service.<\/p>\n

Even with all the protection in place \u2013 policy, approved collaboration tools, even edge device security, the inconvenient truth is that data will slip, employees with poorly-protected consumer services such as iCloud will use those services, and security problems will emerge.<\/p>\n

That\u2019s why it\u2019s so important to ensure everyone at your organization feels sufficiently safeguarded that in the event something does go wrong they\u2019ll not waste time before letting IT security know a problem exists. Because not knowing a problem exists is usually a bigger problem than the problem itself.<\/p>\n

Summing up: Employees will use iCloud Drive, they already do and now they\u2019ll use it to collaborate on some tasks. They should be encouraged to:<\/p>\n

I\u2019ll be interested to hear any other good advice on this matter.<\/p>\n

Please follow me on\u00a0Twitter<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Thu, 06 Feb 2020 06:35:00 -0800<\/strong><\/p>\n

\n
\n

After a long delay, Apple is preparing to introduce iCloud Folder Sharing across both its Mac and iOS platforms. This is a big blessing for collaboration, but is it safe?<\/p>\n

What is iCloud Folder Sharing?<\/strong><\/h3>\n

iCloud Folder Sharing was first announced at WWDC 2019, but delayed until \u2013 well, at present it is still delayed and was only recently made available<\/a> inside the latest iOS and macOS developer betas. Which means it should be on the way.<\/p>\n

Probably.<\/p>\n

How it works?<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,11064,10480,10554,714],"class_list":["post-17653","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-cloud-computing","tag-ios","tag-mobile","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17653","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17653"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17653\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17653"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17653"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}