Just how secure are the most popular cloud storage providers?

The cloud dominates today’s IT landscape for businesses large and small. When it comes to storing data, even consumers are saving their hard drives and relying on services like DropBox and iCloud instead.

Cumulatively, the amount of personal and commercial information sitting on subscription cloud services is massive. That means it’s vital that businesses be able to trust that third party providers will keep their data secure.

How safe are they?

We’ve looked at the industry’s top three providers to find out how each one fares when it comes to protecting information.

OneDrive

The most recent entry on the list of major cloud providers is Microsoft’s OneDrive. While Windows popularity makes it arguably the most targeted operating system in cybercrime, OneDrive has managed to keep itself out of the headlines when it comes to major hacks.

Does that mean it’s more secure than competing services? It relies on common industry standards for protections like data encryption and two-factor authentication; however, OneDrive does it by syncing data to a second technology called BitLocker, which is installed on your hard drive.

So data encryption is split between two systems. BitLocker encrypts the data when it’s ‘at rest’ on your computer, while a second service called Microsoft Cloud handles encryption when the data is in-transit between OneDrive’s could servers and your desktop.

How does OneDrive’s approach to security stack up? So far OneDrive hasn’t fallen victim to a significant data breach, though you can be sure cybercriminals are trying hard to find ways in. Most security concerns with the platform seem to arise from user error, like people not setting strong passwords or user credentials, or sharing files by accident with someone they shouldn’t.

Google Drive

Google Drive is the market leader in cloud file storage.  Google saw an early opportunity to move desktop computing apps into the cloud (e.g. Google Docs) and that made adding convenient cloud storage a no-brainer. Google Drive drive does a good job integrating other third-party apps and connects pretty seamlessly to Google’s other products and services.

That benefit could also be the service’s Achilles Heel as far as security goes. Google’s products are so tightly-woven that some have expressed concern that if a user or business gets breached, the damage done could be far-reaching. A successful hack into any part of Google’s platform could put the other services – and the files stored there – at risk.

DropBox

DropBox is number two in terms of market share but arguably the best-known cloud storage brand. It first made its name in the consumer market, offering dead-easy file storage and a full-featured app. It seemed to be made for mobile, adding to the sense of convenience. Its focus now is very much on convincing more business users to sign up.

To make it more appealing to corporates, Dropbox has upped its security protocols, adding encryption for in-transit data with secure socket layer (SSL) protection. Resting data is encrypted with the AES-256-bit protocol.  Business users have additional options to set permissions for file collaboration, including expiry dates for shared file links, and file-level password protection.

Dropbox can’t usually see your files or their contents, but the company does have a mechanism for doing so if required to by law. Employees can see file metadata.

Dropbox has suffered two big hacks since its launch in 2010. The first came in 2012 when cybercriminals gained access to an employee Dropbox account and used its higher permission levels to access documents containing customer contact details. These customers were later targeted for phishing attacks.

Dropbox responded by adding two-factor authentication to account logins. They were hacked again in 2016, however, with thieves making off with ca. 68 million passwords.

What’s the verdict?

With so many well publicised data breaches in the news, most people understand that 100-per-sent-secure cloud storage is pretty much impossible. The fact that account access depends heavily on end-users following security best practice is essentially a built-in weakness.

As a business, you have to balance the convenience, functionality, and cost-effectiveness of any file storage solution with the risks of data loss, with potential GDPR fines and the damage to reputation a breach can bring.

Want to know more? Ask us about Cloudlysi – the mini-network for company content– today.