Most cloud storage services aren’t end-to-end encrypted and can access your files. Here’s what you should look for when choosing a secure cloud storage service.
From family photos to banking statements, your files contain intimate details about you that should be protected when stored in the cloud. But keeping your files safe is trickier than it sounds since most cloud storage providers, such as Dropbox or Google Drive, don’t provide adequate protection.
In 2016, Dropbox encountered a major hack(new window) in its cloud services, with over 68 million email addresses and passwords stolen and leaked on the internet. While Google Drive hasn’t experienced such a breach, it still holds the decryption keys(new window) to your files and retains the ability to access them at any time.
Thankfully, you can still store files in the cloud safely and securely by choosing a cloud storage provider that respects your privacy. We show you how in this article.
What is the cloud?
Security risks with cloud storage
What is secure cloud storage?
How to choose truly secure cloud storage
What is the cloud?
The cloud refers to a group of remote servers delivering hosted services over the internet. These services include a variety of applications, such as file backup and storage, project management tools, and video games.
Compared to traditional storage, such as flash drives, you don’t need physical access to the servers powering cloud services. This means you can store and access data in the cloud from anywhere as long as your device is connected to the internet.
How does cloud storage work?
When you upload a file to the cloud, it gets saved on a remote server. Your file is no longer tied to your device and is synced across multiple servers. If you’re traveling and don’t have access to the file, you can still download it from the cloud on an internet-connected device. In simple terms, cloud storage works by “giving” you a virtual hard drive you can access wherever you are, whenever you want.
To prevent unauthorized parties from accessing your file, cloud storage providers often encrypt it while it’s in transit from your device to their servers. When your file reaches their servers, it is decrypted and re-encrypted using keys your cloud storage provider owns and manages. This also means your cloud storage provider can access your files when it wants to, undermining your privacy and security.
Security risks with cloud storage
Not all cloud storage solutions are made equal. Most modern cloud storage solutions implement security measures to protect your files, but they’re often not robust enough. If your cloud storage provider suffers from a breach, your files could be exposed and stolen by attackers.
Lack of end-to-end encryption
Popular cloud storage solutions, such as Dropbox and Google Drive, encrypt your file when it’s in transit to and at rest on their servers. But the encryption they use does not include E2EE. In fact, Google Drive and Dropbox retain control of your encryption keys, meaning they can decrypt your files at will. If a hacker breaches Google Drive’s or Dropbox’s servers, they can also steal the decryption keys and access your files.
Server location
Since different countries have different data protection laws, the location of your cloud storage solution’s servers also impacts the security of your files. The US, in particular, is notorious for its mass surveillance laws(new window) — if your cloud provider operates from the US, it’s subject to these laws.
Federal law enforcement in the US can also issue gag orders to prevent an individual from knowing they’re under surveillance. If you’re under investigation and your US-based cloud storage provider receives a court order to reveal your files, it can easily decrypt and hand them over to law enforcement agencies — all without your knowledge or consent.
Legal jurisdiction of the cloud storage solution
The legal jurisdiction of your cloud provider’s headquarters is equally important. Most developed countries participate in intelligence-gathering networks, such as the 5 Eyes, 9 Eyes, or 14 Eyes agreements(new window). These networks create a legal framework for countries to gather intelligence across international borders. If your cloud provider is based in one of these countries, your files could be spied on by foreign governments.
Data breaches and other cyberattacks
According to a 2022 report from IBM(new window), nearly half of all data breaches happen in the cloud. If your cloud storage solution is not end-to-end encrypted, your files and sensitive data could be exposed in a cyberattack.
In August 2021, Accenture suffered a ransomware attack(new window) on its cloud-based services, resulting in a massive data leak. Some of its customers’ sensitive information was compromised and sold on the dark web. Earlier this year, over (new window)three(new window) million user accounts of the cloud-based digital scheduling platform FlexBooker were stolen(new window) and traded on hacker forums. Neither Accenture nor FlexBooker used E2EE to protect customer data.
What is secure cloud storage?
To eliminate security risks, you can use secure cloud storage. Secure cloud storage works just like regular cloud storage but is protected with end-to-end encryption (E2EE).
E2EE is an advanced security protocol that ensures nobody can open your files without your permission, not even your cloud storage provider. When you upload a file to an encrypted cloud storage solution, your file is immediately encrypted on your device and stays encrypted when stored in the cloud. When you re-download the file from the cloud to your device, the file is decrypted using a decryption key you own and control.
Besides E2EE, a secure cloud storage solution should also:
- Be hosted in privacy-friendly countries so you can benefit from strict data protection laws
- Be open source so anyone can inspect the code to verify the security features have been implemented correctly
- Support two-factor authentication to provide an additional layer of security to your cloud storage account
How to choose truly secure cloud storage
Thankfully, you can mitigate the risks associated with cloud storage by ensuring strong protection for your files.
Use end-to-end encrypted cloud storage
The best way to prevent your files from falling into the wrong hands is to use an end-to-end encrypted cloud storage provider, such as Proton Drive. Files encrypted using end-to-end encryption are always secure. Even if your cloud storage provider encounters a server breach, a hacker can’t access your files without obtaining your private key that’s securely stored on your device.
Two-factor authentication
Two-factor authentication (2FA) provides additional security to your cloud storage account by requiring two pieces of information when you sign in: your password and proof of possession of a device. Together, they help determine you’re the owner of the account. 2FA comes in many forms, but the most popular ones are one-time verification codes generated by an authenticator app (TOTP), and security keys (also known as hardware keys or 2FA keys).
Read the privacy policy
Privacy policies explain how organizations collect, store, and secure your personal information. Reading your cloud provider’s privacy policy is a great way to determine how safe your data is. For example, Dropbox’s privacy policy(new window) states, “your files may be disclosed to third parties” if they determine “such disclosure is reasonably necessary”.
On the other hand, Proton’s privacy policy states, “we do not have the technical means to access the content of your encrypted emails, files, and calendar events”. Even if we receive a court order to turn over your documents, we can’t since we don’t have the decryption key to decode your encrypted files.
Server location
As explained earlier, knowing the location of your cloud provider’s servers is critical to protecting your files. You should always pick a secure cloud storage provider with servers located in countries not part of any intelligence-gathering network.
Known for its political neutrality, Switzerland is home to some of the world’s strictest data protection laws. Any foreign surveillance request must first be examined by a Swiss court for legitimacy and validity. If you’re being investigated under Swiss law, you also have a legal right to be notified of all surveillance procedures.
Swiss privacy laws
Switzerland is one of the few countries in the world to have data-processing regulations built into its constitution, allowing Swiss companies and residents to benefit from strong privacy protections. In 2020, the Swiss parliament passed a new law to the Federal Data Protection Act(new window), including the following changes:
- Genetic and biometric data now fall under the definition of sensitive data.
- The principles of “privacy by design” and “privacy by default” must be applied to all software, hardware, and services created by Swiss companies. These principles require companies to integrate the protection and respect of user privacy into the products or services they develop.
- In the event of a data breach, Swiss companies must notify the Swiss Federal Data Protection and Information Commissioner promptly.
These changes come into effect on September 1, 2023. Because of this, Switzerland is one of the best countries to keep your data safe and private.
The better way to secure your files
Since your files and documents can reveal a lot of sensitive information about you, keeping them safe is a critical priority. With Proton Drive, all your files are encrypted automatically — no technical knowledge or special skills are needed. All you need to do is create a Proton Drive account and upload them.
Proton Drive also comes from the same team that built Proton Mail and Proton Calendar, and it uses the same E2EE to secure your files. Unlike Google Drive and Dropbox, Proton Drive is designed so no one can access your files without your permission. All contents of your file, including its name, extension, size, and other metadata, are automatically encrypted. We also use cryptographic signatures on all files and signatures so they cannot be tampered with.
All Proton services, including Proton Drive, support TOTP and security keys. With 2FA or a security key enabled, even if a hacker compromises your password, they will not be able to sign in to your Proton Drive account without access to your TOTP or security key.
We own, operate, and invest heavily in our own servers in Switzerland and Germany. Our servers are protected with fully encrypted hard disks and located in security centers with biometric access. Even if our hardware is confiscated, your files are still kept safe with end-to-end encryption.
When you use a Proton Drive account, you can:
- Use our free cloud storage plan which gives you up to 1 GB of storage
- Share your files with others by creating secure, password-protected links
- Set sharing time limits that give you control over who can access your files and for how long
- Monitor suspicious activity by tracking the number of times your files have been downloaded
- Search for files easily, even when they’re end-to-end encrypted
If you want to support our mission of building a better, more private internet, consider upgrading to a paid Proton Drive account for 200 GB total storage and priority support.