2.7.1 iCloud configuration

Information

Apple's iCloud is a consumer oriented service that allows a user to store data as well as find, control and backup devices that are associated with their Apple ID (Apple account.) The use of iCloud on Enterprise devices should align with the acceptable use policy for devices that are managed as well as confidentiality requirements for data handled by the user. If iCloud is allowed the data that is copied to Apple servers will likely be duplicated on both personal as well as Enterprise devices.

For many users the Enterprise email system may replace many of the available features in iCloud. If using either an Exchange or Google environment email, calendars, notes and contacts can sync to the official Enterprise repository and be available through multiple devices.

Depending on workplace requirements it may not be appropriate to intermingle Enterprise and personal bookmarks, photos and documents. Since the service allows every device associated with the users ID to synchronize and have access to the cloud storage the concern is not just about having sensitive data on Apple's servers but having that same data on the phone of the teenage son or daughter of an employee.

The remote connectivity of 'Back to My Mac' relies on screen sharing that should already be turned off, if available the users Apple ID (personal?) can be used for remote access to the Enterprise computer rather than through Enterprise managed accounts.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Apple's iCloud is just one of many cloud based solutions being used for data synchronization across multiple platforms and it should be controlled consistently with other cloud services in your environment. Work with your employees and configure the access to best enable data protection for you mission.

See Also

https://workbench.cisecurity.org/files/301