Apple Introduces End-to-End Encryption of iCloud Backups
In other cybersecurity news …
Apple this week introduced three advanced security features, including end-to-end encryption of iCloud backups, aimed at protecting against threats to user data in the cloud.
With iMessage Contact Key Verification, users can verify they are communicating only with whom they intend. With Security Keys for Apple ID, users have the choice to require a physical security key to sign in to their Apple ID account.
And with Advanced Data Protection for iCloud, which uses end-to-end encryption, users have the choice to further protect important iCloud data, including iCloud backup, photos, notes and more.
Craig Federighi is Apple’s senior vice president of software engineering.
“At Apple, we are unwavering in our commitment to provide our users with the best data security in the world,” he said. “We constantly identify and mitigate emerging threats to their personal data on device and in the cloud. Our security teams work tirelessly to keep users’ data safe. And with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications.”
Craig Lurey is Keeper Security‘s CTO and co-founder.
“Apple’s new data protections, especially the integration of security keys, are a welcome addition to the platform for security-conscious users, especially those who already use a YubiKey device to encrypt their data on iOS devices or want to use a security key, but need more incentive to make the investment,” he said. “Hardware security keys provide one of the highest levels of security for multi-factor authentication (MFA) setups, which is why Keeper allows YubiKey to work with our software.”
Melissa Bischoping is director of endpoint security research at Tanium.
“Apple has introduced these important security features to keep pace with the threat landscape and threats to privacy,” she said. “By leveraging these features, you can know that your data is encrypted. Even if the company holding the data is breached, you have additional assurance that you will not be a secondary victim. I am hopeful that this trend continues, as these protections are essential for reducing the secondary victimization of a services’ users after a data breach.”
