WWDC: Apple’s Exclusive Cloud Calculation is the exemplar for all cloud services

Your device determines whether it can handle the request autonomously.
If additional computational power is needed, support will be obtained from PCC.

[…Keep reading]

Your device determines whether it can handle the request autonomously.

If additional computational power is needed, support will be obtained from PCC.

In this process, the request is directed through an Unaware HTTP (OHTTP) relay managed by an external third party, which helps shield the IP address of the originating request.

Only relevant data pertaining to your task will be transmitted to the PCC servers.

There is no storage of your data at any stage, including in server statistics or error records; it is not reachable; and is eradicated once the request is completed.

This also implies no data retention (differing from any other cloud provider), no privileged access, and concealed user identity.

Apple has demonstrably taken significant strides in safeguarding its users against targeting. Unauthorized intruders are unable to access data belonging to a specific Private Cloud user without compromising the entire PCC system. This defense not only applies to remote assaults, but also to efforts made on-premises, for instance, if an invader has infiltrated the data center. This blocks the ability to seize database credentials for launching an assault.

What about the hardware?

Apple has furthermore made the whole system amenable to external security and privacy assessment — indeed, unless the server declares its openness to such appraisal, the information will not be exchanged — hence, no spurious PCC for you.

The company didn’t conclude its efforts there. “We reinforce the inherent protections of Apple Silicon with a solidified supply chain for PCC hardware, making large-scale hardware assaults both cost-prohibitive and likely to be detected,” stated the company. “Private Cloud Calculate hardware security starts at production, where we catalog and perform close-up imaging of the elements of the PCC node before each server is sealed and its tamper-proof switch is enacted.”

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts