In moves that acknowledge public distrust of police and government agencies following Edward Snowden's "big reveal," two leading smartphone providers – Apple and Google – have upped their security, making it harder for police and government officials to access data from a user's phone.
The Wall Street Journal reports Google has announced that its upcoming Android OS upgrade will make data encryption the default setting. While encryption is currently an option, the average user probably doesn't understand what encryption is, much less know how to turn it on.
In a similar move, Apple standardized encryption in its recent upgrade to iOS 8. According to Newsweek, Apple has gone one step further, saying that this encryption will mean it won't be able to give government authorities or police access to any data stored on user phones. Data from iCloud and iTunes, which is stored on Apple's servers, will still be available to authorities with proper legal authorization.
What's the takeaway for an IT professional?
- Be prepared to meet higher data standards.
- Be wary of cloud providers and third parties that don't encrypt your clients' data.
What Increased Encryption Standards Mean for App Developers and IT Professionals
Apple and Google are both known for being ahead of the curve. In fact, earlier this year we saw Google calling out other webmail providers for lax encryption protocol (see our article, "Google's 'End-to-End' Like a Seat Belt for Email"). We're likely to see other companies put an increased emphasis on encryption standards, which means you'll need to keep pace.
Whether you're a developer or an IT consultant, your work will come under greater security. Clients will have more questions about what happens to their data. This means consultants will need to…
- Pay closer attention to encryption standards. This includes cloud providers and third-party sites their clients use.
Whatever area of IT you work in, be prepared to pay more attention to data security issues. Simply put: you'll need to step up your game.
Cloud Liability: Understanding How Data Travels in the Cloud
You can ensure client data is encrypted while it's on their servers, but you don't know what happens once it leaves the company and travels to the cloud.
Cloud security is complicated. Data is usually encrypted when it's transferred to the cloud and while it's stored there, but some cloud providers don't encrypt data as it is passed between their servers. In fact, for a long time, Microsoft didn't encrypt server-to-server communications with its cloud services.
When you set up a client's cloud backup, SaaS, or other third-party IT solution, make sure these services handle your client's data properly. For example, as we reported in "Banking Trojans: Not Just for Banks Anymore," new malware has been attacking Salesforce users and stealing data before it is encrypted and transmitted to the cloud. In court, you could be held responsible for not protecting your clients from a known security flaw.
Even though they don't have the resources to compete with Google or Apple, IT consultants and mobile developers still need to meet the industry leaders' data security standards. That's a tall order.
For tools that help you manage your business liabilities, check out TechInsurance's risk management resources for IT professionals.