Apple Lets Consumers BYOK; Is Your Cloud Provider Following Suit?

/in


Consumers are used to having their messages encrypted end-to-end so that only those with whom they are communicating can see their messages. But, what about their pictures and documents that are stored in the mobile service provider’s environment? Now, Apple has launched its Advanced Data Protection feature for iCloud’s 850 million users and their 1.8 billion connected devices. Apple’s new opt-in offering will provide consumers with end-to-end encryption for their assets and not just messages, ensuring that only the owner of that iCloud account can access that data, giving them unprecedented control. In the event of a breach or insider threat, Apple users’ data will remain safely encrypted, with keys that they control — even law enforcement officers with a warrant won’t be able to access iMessage archives, photo galleries, or anything backed up to iCloud.

This move comes as Apple implements a suite of other modern security measures, including offering users the ability to verify their identity in iMessage and to use hardware keys such as YubiKeys for two-factor authentication. Security professionals have campaigned for Apple to implement the feature—which is analogous to Bring Your Own Key (BYOK) encryption in the enterprise space—after a host of iCloud breaches have leaked the unencrypted private data of politicians, celebrities, and private citizens. Apple announced that it sees the feature as central to its mission of protecting users’ privacy. The company also stated that as data threats become more sophisticated, the security options made available to consumers must keep pace.

Additionally, Apple’s implementation of end-to-end encryption sends a strong message that it prioritizes customers’ right to privacy and security.

Encryption Key Control is Non-negotiable

By offering end-to-end encryption to nearly a billion users, Apple sets a precedent for the industry at large. If Apple is relinquishing control over encryption keys for consumers, it should also be non-negotiable for enterprise-grade cloud providers to do the same. Data breaches can be highly damaging and embarrassing for individuals. The same is true for companies, many of which are legally…

Source…