By John Gruber
Kolide ensures only secure devices can access your cloud apps.
It’s Zero Trust for Okta.
Apple today introduced three advanced security features focused on protecting against threats to user data in the cloud, representing the next step in its ongoing effort to provide users with even stronger ways to protect their data. With iMessage Contact Key Verification, users can verify they are communicating only with whom they intend. With Security Keys for Apple ID, users have the choice to require a physical security key to sign in to their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud Backup, Photos, Notes, and more.
All three announcements are noteworthy and good news, but to me, Advanced Data Protection for iCloud is the big one. Users who opt in will now get end-to-end encryption for backups, Photos, and Notes — everything in iCloud other than email, contacts, and calendars (the open standards for which preclude end-to-end encryption).
For users who opt in, Advanced Data Protection keeps most iCloud data protected even in the case of a data breach in the cloud.
Unmentioned is that Advanced Data Protection will also preclude Apple from handing over unencrypted backups to law enforcement. Turn on Advanced Data Protection and Apple will no longer hold keys to that data. It’s off by default, primarily, I believe, for customer support reasons. With standard iCloud data protection, customer data is encrypted in transit and in storage on iCloud’s servers, but Apple holds keys that can be used for recovery in case a customer loses access to their account. Those same keys held by Apple can also be used to comply with search warrants.
This has been a long time coming.
★ Wednesday, 7 December 2022