When deciding which cloud storage provider to use, most of us prioritize convenience over security.
Of course, convenience is important. If you can’t get your hands on your files when you need them, there’s very little point in having a cloud storage account. At that point, you’d be better using a USB stick.
However, security is equally as important. In fact, it’s arguably even more important. If you use cloud storage a lot, you probably have a vast number of sensitive documents in there. You might use your account for everything from bank statements to passport copies.
Clearly, you don’t want those files to get into the wrong hands. But is your provider doing enough to protect you? In this article, we take a look at which cloud solutions are the most secure.
Google Drive boasts 800 million users and 15 GB of free storage, thus making it the most popular cloud storage provider on the web.
Interestingly, it wasn’t until 2013 that Google enabled any form of encryption on its servers. The company was only forced to act after the revelations about NSA surveillance from around that time.
Today, the situation has improved. When you upload files, Google encrypts the data using the TLS standard. When your files reach Google’s servers, they are de-encrypted then re-encrypted in 128-bit AES. The encryption happens before Google adds the data to your account, therefore reducing the risk of data leakage.
Lastly, the AES keys themselves are encrypted with a master key. It adds a secondary level of encryption protection.
Google Drive’s biggest weak spot, which also afflicts some of the other services I’ll talk about shortly, is its password.
Of course, the password technology itself is not insecure. Rather, the problem is Google Drive uses the same password as the rest of your Google Account. If a hacker gets hold of your login credentials, they’ll have access to all your documents, emails, and web history. It’s a frightening thought.
Microsoft OneDrive is the other big player in the world of cloud storage. Users only receive 5 GB of free space with their Microsoft Account, but Office 365 subscribers are automatically bumped up to 1 TB.
When you’re sending data from your computer to your cloud account, OneDrive deploys SSL encryption. Unless you have a business account, however, the service does not encrypt your data when it’s “at rest” (i.e. when it’s sitting in your account). If you’re a security-conscious user, this will immediately set off alarm bells.
Business users can also benefit from per-file encryption: if the encryption of one file is hacked, the rest of your documents will stay safe. Personal users enjoy no such benefit.
Microsoft is also open about how it might share your data with third parties. Here’s a direct quote from the company’s Privacy Statement:
“We will access, transfer, disclose and preserve personal data, including your content . . . to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.”
“If we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property belonging to Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.”
Finally, like Google Drive, OneDrive is prone to user error. Microsoft offers features like two-step verification and access logs to try and minimize the weak point, but it remains problematic.
iCloud is the final one of the “big three” services. It’s arguably not as user-friendly as OneDrive and Google Drive, and it also covers a lot more stuff. In fact, Apple puts everything from Find my iPhone to Keychain under the iCloud umbrella.
It made headlines in 2014 when hackers leaked celebrity photos on the service to the public. Despite initial reports claiming a flaw in Apple’s API allowed bots to make unlimited attempts at brute forcing the password, it was later revealed that phishing attacks were to blame. In truth, Apple iCloud security is highly robust.
In terms of data transfer and storage, iCloud mirrors Google Drive. Your data is encrypted using SSL when it’s in transit and is stored in 128-bit AES when it’s on Apple’s servers. The only data stored in 256-bit AES is anything linked to Keychain.
Because iCloud is also the way iPhones, iPads, and even Apple Mail and Contacts backup their data, Apple uses secure tokens. Any apps that connect with iCloud use a token rather than asking you to keep a copy of your iCloud password on your device.
Dropbox differs from the Google Drive, OneDrive, and iCloud. Unlike those three, it’s not linked to a vast ecosystem of other apps and services. It’s the most well-known “standalone” provider.
Perhaps worryingly for users, it’s frequently been in the news over the last few years for a series of security breaches. In 2012, a comprised password was used to enter an employee’s account which in turn reveal user’s email addresses. Then, in 2014, hackers claimed to have almost seven million users’ email addresses and passwords.
It’s a shame the company’s external security processes are suspect because the security for your files is among the best in the industry.
The app uses SSL/TLS when data is moving between your computer and the company’s servers. When the data is at rest, it uses 256-AES encryption. It can also unlink data from your account if someone steals the encryption keys, thus preventing a small hack becoming a serious issue.
Dropbox’s two-step verification comes in the form of a text message or from a “Time-Based One-Time Password” (TOTP) app.
Box is Dropbox’s great rival. It’s more enterprise-focused than its rival, and its security systems reflect that.
IT admins have a dashboard from which that can easily manage users accounts, including access and sharing policies, and a centralized management of all files.
The company’s Box KeySafe feature is particularly interesting. It lets organizations manage their own encryption keys using AWS KMS and AWS CloudHSM.
Lastly, there’s a whole host of business-specific features that will be valuable to employers while being of little interest to end-users. They include in-region data storage in Europe, Asia, Australia, and Canada, compliance with regulatory mandates such as ISO 27001, ISO 27018, SOC 1 (SSAE 16), PCI DSS, FedRAMP, and data loss prevention.
None of them necessarily make your data more secure, but they certainly help to make your business more secure.
Do You Trust Cloud Storage Providers?
If nothing else, I hope this article has made you realize that not all cloud storage is born equal. Even between the three biggest names in the sector, there are noticeable differences that can dramatically affect how secure your data is.
If you never plan to store more than an odd recipe or family photos, these security considerations might not be important to you. But if you use cloud storage as an extension of your computer’s hard drive, you need to give careful thought to where you store your data.
Do you use cloud storage providers for sensitive documents? Are you confident in the ability of providers to protect you? As always, you can leave all your thoughts and opinions in the comments below.
Image Credits: SaidAuita/Shutterstock