Cloud storage is extremely safe. It’s arguably less risky than physical storage on your local device. But that doesn’t mean there are no security risks. We’ve identified a few key risks you should be aware of and explain how to mitigate them.
What is cloud storage?
First, a definition: Cloud storage is a method of storing and accessing data and files on remote servers you access over the internet instead of locally on physical devices you control. When people say “the cloud”, they’re referring to these remote servers, which are most commonly maintained and controlled by computing providers.
Storing data on the cloud is generally very safe. All major providers use powerful encryption and strict access controls. But as we’ll see below, some storage providers are more secure than others.
1. Account compromise
By far the most common security risk is that someone will break into your account and steal your files. If an attacker can obtain the username and password for your storage service, they can steal your data. Phishing attacks(new window) and malware(new window) are among the ways hackers can breach your account. Your credentials can also be exposed in a data breach and end up on the dark web. If you use a weak password or the same password for multiple accounts, hackers may be able to break into your cloud storage.
Precautions to prevent account compromise
- Two-factor authentication (2FA) — Most cloud storage providers offer 2FA, which lets you add an extra layer of authentication when logging in to your account. This is one of the most effective ways to protect your accounts. With 2FA enabled, you’ll be asked to present a security key or enter a one-time password that was generated on a 2FA app or sent to your phone or email after entering your username and password.
Learn more about 2FA(new window)
- Strong, unique passwords — Never reuse passwords. And always use long passwords or passphrases for your accounts.
Learn how to create(new window) a strong password
- Password manager — Consider using a password manager to securely store and generate unique passwords for your cloud storage accounts. Password managers let you create and autofill complex passwords. Proton Pass also lets you generate email aliases for your accounts so that you can protect your real email address.
- Beware of phishing attempts — Never trust emails or text messages from unknown senders or even unexpected messages from senders you recognize. Hackers can spoof email addresses or create email contents that seem legitimate. Whenever you receive a message from an online service, it’s a good idea to go to that provider’s website directly to log in rather than clicking on the link in the email. Proton Mail offers a suite of phishing safeguards(new window) that help prevent security mistakes.
- Monitor account activity — Regularly review your cloud storage account activity and notifications. If you notice any suspicious or unauthorized activity, report it immediately to your cloud storage provider.
- Secure your devices — Protect your devices with strong passwords or biometric authentication, and ensure they are updated with the latest security patches.
2. Inadequate privacy
Security and privacy aren’t the same thing, but poor privacy protections can lead to security failures. There are a few ways this can happen. If your cloud storage provider has access to your data, there’s a risk of unauthorized access either through a data breach or a rogue employee. Poor privacy protections can also result in your files’ metadata being exposed. And as we’ll discuss more in #5, integrations with third-party services can lead to security failures beyond the walls of your cloud service.
Precautions to protect your privacy
Use a privacy-focused cloud storage solution — Unlike the security measures listed above, privacy mainly comes down to the cloud storage provider you choose. The best technical safeguard for ensuring your privacy is end-to-end encryption(new window), which locks files on your device before they’re ever sent to the cloud. Any service that retains a key to access your data is not truly private. Proton Drive protects all file information with end-to-end encryption so that we never have access to your data.
3. Data breach
Most cloud providers use strong security measures, and data breaches are rare. But there’s always a risk, and data breaches have happened before. Hackers or insiders can gain access to the company’s servers and steal user data. As a customer, there’s not much you can do to prevent this. But you can choose services that take proper security measures.
Prevent data breaches
Choose a service with end-to-end encryption — As mentioned above, end-to-end encryption means your data is encrypted on your device before it’s uploaded to the cloud. So if there’s a data breach, hackers can only get their hands on encrypted files. Some cloud storage services may encrypt the contents of your files but not the metadata, such as file names and file types.
4. Unintentional sharing
Human error is a common cause of data breaches. You or someone in your organization might cause a data breach by simply sharing a file with the wrong person. This can happen if you type an email address incorrectly or set the wrong privacy permissions on a file link.
How to avoid unintentional sharing
- Carefully review sharing settings — Make sure you understand how to configure your cloud service’s share settings. Most providers offer different levels of access permissions, ranging from no access (for example, a password-protected file) to some access (view but not edit permissions) to full edit permissions.
- Double-check your recipients — You can accidentally expose your data to a stranger with a single typo, so always verify your recipients before sharing.
- Set passwords on sharing links — An easy way to mitigate sharing errors is to set a password on your file-sharing links(new window) and communicate the password with your recipient in a separate message. This way even if you mistakenly send the link to the wrong person, the file is still protected by a password.
5. Increased attack surface
Attack surface refers to the potential points of vulnerability that malicious actors can target. Since you’re entrusting your files to a separate company with its own infrastructure, storing your data in the cloud will generally expand your attack surface compared to local storage on your devices, especially if you use the cloud for collaboration or use third-party integrations.
Defend your attack surface
- Minimize third-party integrations — Each integration introduces potential security vulnerabilities. Only use trusted and reputable integrations from known providers. Regularly review and remove unnecessary integrations.
- Keep your software up to date — Software updates usually include security patches that respond to the newest known threats. So keep your cloud storage apps, browsers, and operating systems up to date.
- Use zero-knowledge encryption — Look for cloud storage providers that offer zero-knowledge encryption, which includes strong protocols such as end-to-end encryption to protect your files. The result is that only you have access to the encryption keys, and even the service provider cannot access your data.
Learn about zero-knowledge cloud storage(new window)
Almost everyone uses the cloud in some way, whether it’s for email, social media, or simply backing up files. This ease of use has also created a sense that security in the cloud is also easy. However, your data is only as safe as your account and the service provider you use.
We developed Proton Drive to prevent the most common security risks as part of our end-to-end encrypted ecosystem of services.
- Starting with your account security, you can enable two-factor authentication either with an authenticator app on your smartphone or with U2F or FIDO2 security key.
- Proton lets you monitor account access attempts, so you’ll know if anyone else tries to enter your account.
- Proton Drive uses end-to-end encryption powered by high-performance elliptic curve cryptography(new window).
- You can set the level of access on your file-sharing links and secure them with a password.
- You can also turn off file-sharing links at any time or set them to expire at a custom date and time.
Additionally, Proton Drive uses open-source code, which means anyone can verify our apps encrypt your files’ contents and metadata in the way we say they do. This also reduces the risk of unknown vulnerabilities in our code. Our apps have all undergone third-party security audits.
There are additional security benefits to using Proton Drive alongside our other encrypted apps, such as Proton Mail, Proton Calendar, Proton Pass, and Proton VPN. For example, Proton Mail has strong anti-phishing protections and uses end-to-end encryption, which can increase the security of your cloud storage account and your file-sharing links. With Proton Unlimited, you get access to all of these apps.
Learn more about Proton Drive or read our detailed overview of Proton Drive’s security model.