How secure are Dropbox, OneDrive and Google Drive?

How secure is OneDrive?

Although Microsoft Windows is the number one targeted platform for hackers and cybercriminals, so far OneDrive (formerly called SkyDrive) has remained fairly free of any serious breach headlines.

Does this mean it's the most secure of the services we have covered here? Not really, as none of them have actually suffered a direct data breach (rather than user-compromised access) that has come to our attention.

Encryption at rest is available on OneDrive, but only for business users

Much of the public concern surrounding OneDrive security is actually that user-error stuff once more; the wrong file sharing permissions and password insecurity mainly. Actually, files aren't shared with other people unless you save them in the Public folder or choose to share them.

Microsoft does reserve the right to scan your files for 'objectionable content' (as does Apple iCloud) which could lead to deletion of the data and your account. That is seen by many as a reason to look elsewhere as file security cannot be guaranteed if the content provider deems it objectionable.

As for data security outside the snooping realm, while data is encrypted in transit using SSL it remains unencrypted at rest. Unless you are a user of OneDrive for Business as from the end of last year Microsoft introduced per-file encryption which encrypts files individually each with a unique key; so if a key was compromised it would only access one individual file rather than the whole store.

All OneDrive users do get access to two-step verification though, which further protects the login via One Time Code app or text message.

How secure is cloud storage: summary

Although the cloud remains for many something of an unknown quantity as far as security is concerned, the truth is that data security is never black and white but rather fifty shades of grey.

Attaining a 100 percent secure data storage solution is akin to grabbing your shadow; you can get very close but will never actually do it. So you have to determine what is 'close enough' as far as cloud services are concerned. This determination may be decided for you if you are a business which is regulated and has to meet compliance requirements, and that may mean that not all your data can be stored in the cloud.

For consumers and most small business users though, the cloud is actually pretty secure these days. Data encryption is, if you'll excuse the pun, key here. Just about every cloud store will encrypt data in transit, that is as it's transferred into and out of the cloud, and some (usually if you buy the business version of the service) will encrypt it at rest, or while it is being stored, as well.

While data not being encrypted at rest, or if it is then the cloud provider managing the keys, does mean that the data can be indexed, de-duplicated, compressed and easily restored in a worse case scenario it also means that your data isn't as secure as it might otherwise be.

If you really want to ensure that your data cannot be peeked at, then encrypt it yourself BEFORE you send it to your cloud storage provider. If you have control of the keys, then 'the men in black' cannot borrow them for a quick peek without you knowing about it.

Taking control of your own data security by using an on the fly encryption service such as BoxCryptor for example, is a good step towards mitigating risk in the cloud. Another is to be aware that the weakest security link is not the cloud provider, but rather you yourself. Follow security best practise in terms of password construction and use (don't re-use passwords across services) as well as employing two-factor authentication where available and your risk mitigation level gets even better...

This article originally appeared at pcpro.co.uk