Cloud storage can help solve the iPad data dilemma
It takes third party apps to tie tablets to the cloud
By Mel Beckman | InfoWorld | Published 14:30, 22 February 11
Most apps are free, but you must pay a subscription to get access to the best cloud services. Although there are free teaser subscriptions available, tablet users seeking to make cloud storage their tablets' "hard drives" will need an intermediate plan that costs $5 to $20 per month for its larger storage capacity and file transfer budgets, advanced sharing capabilities, plug-in applications, and business-friendly features.
All the cloud services apps let you perform essential cloud functions from a tablet: download files from the cloud or, in the iPad's case, open files from the cloud directly into compatible applications (such as Quickoffice and Documents to Go) and push files back to the cloud when necessary. Thus, you'll want to use apps that all work with the same cloud storage service.
Apple's iWork suite only works with its own MobileMe service, for example. You can also access the cloud file system from Mac, Linux and Windows desktops, or via a web portal. Some also have apps for specific smartphone platforms, such as Android, BlackBerry and iPhone.
Advanced capabilities vary by vendor. One trend is to support plug-in "cloud apps" to augment a provider's services by connecting it to other platforms or data sources. For example, a LinkedIn cloud app might streamline file sharing with specified LinkedIn associates. Another trend is the use of data compression and deduplication to reduce the volume of synchronised data, speeding the file transfer process (key on relatively slow 3G networks). Compression ratios of 10:1 or better can be obtained on many data types.
The best tablet cloud services for business
Tablet cloud storage addresses one key requirement businesses crave: control over their data. Cloud storage can be backed up en masse, preserving valuable business information no matter what platform it originates from.
Beyond backup and security, the most requested features by business users, according to cloud storage vendors' own "vote for features" pages, are collaboration capabilities: multiple accounts, user groups, fine-grained permission controls, file locking and version control.
No single provider delivers all of these features. In its team edition, Dropbox (one of the most widely adopted services) lets users create a group service for five or more members, with a shared storage pool and individual quotas, centralised administration, access logging and the ability to retrieve previous versions of a file. The team package costs less than an equivalent number of individual user accounts.
Box.net's Business and Enterprise offering sports similar features and additional collaboration capabilities, including fine-grained permissions control for arbitrary user groups, audit reporting, and custom branding. The latter feature is especially helpful when sharing content with external partners, by making data ownership more visible.
Ironically, Google offers no specific Google Docs app for either tablets or phones, opting to deliver a cross-platform mobile-optimised web portal instead. However, all Google services, including Google Docs, support open APIs that let third parties build apps to access files stored on it. Documents to Go, GoodReader and Quickoffice all connect to Google Docs this way.
Keeping cloud-stored data secure
Business users like what they see with tablet cloud capabilities, but want specific security features, such as encryption and two-factor authentication, that aren't usually part of basic cloud products and apps.
Entry-level cloud services don't generally offer any security beyond a basic user ID and password. Data transfers and cloud storage are both unencrypted. Most cloud services, at least in their business offerings, encrypt data during transmission, usually via the SSL/TLS (HTTPS) protocol. Dropbox is an exception: It encrypts even free account data transfers via SSL.
But data residing on the provider's servers could be vulnerable in the event a user account, or the provider itself, is compromised. Businesses can always encrypt data at the client end to ensure security, but then they must manage a key distribution process to share files with other users. This also defeats the compression and deduplication feature offered by some cloud providers.
An alternative is provider-implemented "at rest" encryption. Amazon.com's S3 service supports this capability, with user-generated secret keys that Amazon.com stores on behalf of the client. This lets Amazon.com implement compression and deduplication while adding an at-rest encryption layer.
Any intermediary provider, such as Dropbox and Spot Documents, running Amazon.com's S3 as a back end can provide this encryption for its users. Some intermediary providers implement their own encryption and escrow the user's secret keys themselves. For example, Box.net offers 256-bit AES encryption with its enterprise-class service.
A concern businesses must address with all at-rest encryption methods is who at the provider has access to at-rest encryption keys. Insider privacy breaches are not uncommon, so business customers naturally want assurances that their at-rest data is protected from interlopers. Alas, no cloud provider seems to address this issue in its published privacy policies, which generally speak to only the privacy of personal data collected for individual user identification and billing.
Box.net CEO Aaron Levie makes verbal assurances, even though the service's published policy doesn't address the issue: "Because we are a cloud-based service, we store the encryption keys so customers are able to retrieve their data from any device, once authenticated. Only based on an explicit customer request or authorization can data be accessed from the service." Other providers were unwilling to discuss their internal encryption procedures.
Businesses also seek extra control over who has access to their mobility clouds. One way providers deliver this control is via LDAP (Lightweight Directory Access Protocol) connectors, which link to business-owned authentication servers. These servers, in turn, can require multifactor authentication, such as biometrics or security tokens. No cloud provider currently offers direct multifactor authentication, although last fall Google added two-factor authentication to Google Apps, via an SMS code transmitted to a user's mobile device.
When they come together, tablets and clouds will be the new style of computing
Given the nearly instant acceptance of tablets by users and the rapid infiltration of businesses by tablets, it seems sure that the new computing paradigm is worth considering.
Whether tablets ultimately displace laptops depends a lot on tablet OS makers and their ability to smoothly integrate devices with cloud storage. Ideally you'd just pull up the "cloud storage" panel on your tablet, select one or more cloud providers, and treat them like disks in the sky from any and all applications. Until that happens, users must continue to deal with a patchwork of third-party apps and cloud intermediaries.
But that's still better than syncing files over a USB cable or managing files as email attachments.
