Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?
Each of these popular cloud platforms boasts robust security - but which does it best?
There’s no disputing the cloud’s dominance in IT today, as most businesses and consumers rely on the services it has fostered. Yet, given that a great deal of information now sits on various platforms operated by third-party providers, it’s critical that businesses are able to trust that the technology will keep their data secure.
So just how secure are these platforms?
We’ve pulled together some of the industry’s leading providers to find out which are the best for securing data, and which should be avoided at all costs. For a more general overview of the pros and cons of each, you can find that here.
How secure is Google Drive?
Google Drive is one of the most popular storage platforms around, largely thanks to how well it integrates with third-party apps and how well connected it is with Google’s other platforms. In fact, Google’s products are so interwoven that there have been concerns that if an account was breached, hackers could do far more damage compared to other platforms.
It’s for this reason that Google has long used HTTPS on all of its services, and has a dedicated team that monitors for compromised account activity. In addition, the platform also uses two-factor authentication and SSL encryption for data in transit to and from your device. However, it uses the weaker 128-bit AES encryption for data at rest.
History of Google Drive hacking
Given that Google’s cloud services are so interwoven, a hack on one service tends to put the others at risk. In 2014 it was claimed that nearly 5 million Gmail accounts had been hacked when a database of user credentials was found on a security forum on a Russian website - although this turned out to be a dump of older phished passwords that had largely been reset by Google in the time since the theft.
How secure is Dropbox?
The second platform on our list enjoyed popularity among consumers as an easy-to-use file storage suite, although it has shifted towards the enterprise market in recent years.
During that time, Dropbox has also improved its security protocols in response to growing threats online, including the encryption of data in transit using secure sockets layer (SSL), and at rest using AES-256 bit encryption. The platform also has stolen and lost device protection, allowing you to unlink devices from your account on the fly.
Business users get some extra features, including the option to set permissions for file collaboration and enable password protection and expirations to any shared links.
Dropbox employees are unable to view the content of your files, although the company does have the mechanism to access files if required to do so, such as during a legal investigation. Metadata is accessible by employees too, normally as part of tech support.
History of Dropbox hacking
Major Dropbox hacks have been few and far between, although those that did slip through proved to be particularly damaging for the company.
The first occurred in 2012, when a compromised password was used to access a Dropbox account owned by an employee. At the time Dropbox said the hack provided an intruder with access to documents containing a handful of customer email addresses, which became the target of phishing attacks. This prompted Dropbox to add two-factor authentication to account logins.
However, in 2016 it was revealed that the hack was much larger than previously thought, with a dumped database of 68 million passwords being leaked online that was said to stem from the initial 2012 breach. Dropbox said at the time that there were no indications that user accounts had been compromised following the incident.
How secure is iCloud?
Apples’ proprietary cloud storage service also maintains robust security for its users, although one high-profile hack has tarnished its reputation in recent years.
Like Dropbox, iCloud uses SSL to encrypt data in transit, although it uses AES 128-bit encryption rather than the more secure 256-bit used by Dropbox. The only exception to this is in the iCloud keychain, used to store and transmit passwords and other sensitive user data, which uses 256-bit encryption.
IT manager’s best practice guide to hybrid cloud
Your blueprint to hybrid cloud successDownload now
However, privacy has become a focus for the company in recent years, making a big deal out of the fact that encryption keys are created at the device level and that Apple can’t access these itself, or any of the data that you might need to decrypt them.
Like many other platforms, iCloud provides security tokens for added authentication when accessing other apps through it, as well as two-factor authentication at login.
History of iCloud hacking
iCloud has actually maintained a solid track record when it comes to its security history, however one incident served to tarnish its reputation. In 2017, iCloud came under intense scrutiny after hackers breached around 50 accounts belonging to celebrities and leaked their contents online. Although the incident was actually the result of successful phishing attacks against a select group of celebrities, the integrity of Apple’s cloud platform was called into question. Even now, the 2017 iCloud hack remains one of the most famous data leaks in history.
How secure is OneDrive?
The last entry on this list is Microsoft’s OneDrive, which has largely managed to remain out of the headlines when it comes to security incidents - although Microsoft’s other services, particularly Windows, are some of the most attacked platforms on the market.
That doesn’t necessarily mean it’s more secure than the other platforms. It generally uses the same standards as others, including data encryption, only with OneDrive this is done by syncing your data to the BitLocker on your hard drive. This means that data is encrypted at rest using the BitLocker, while Microsoft Cloud handles encryption while in transit. An additional bonus of this system is that encryption is done on a per-file basis, meaning that if a key was compromised hackers would only be able to access that particular file.
As you might expect, users also get two-factor authentication at login.
History of OneDrive hacking
Unlike the other platforms, OneDrive has never really been targeted by a major data breach, and most security concerns surrounding the platform usually stem from user error, such as accidentally sharing files with someone they shouldn’t have or using weak credentials. Microsoft has taken steps to remove as many of these issues as possible, and is one of a number of companies championing passwordless logins.
Cloud storage security: A summary
By now it’s widely understood that achieving 100% security on any cloud storage system is impossible, especially given that upholding the integrity of every account is reliant on the user following best practices.
The decision you have to make as a customer is deciding which storage platform does the most to avoid potential security incidents. The factors that influence this decision will vary depending on the nature of your business and whether you have specialist requirements, such as businesses in a heavily regulated industry.
However, for most consumers and small businesses, each of the platforms listed here are generally good enough for protecting data, as each provides some form of data encryption at rest and in transit - which is perhaps the most important thing here. Data protection is also improving all the time, and each of these platforms are being updated with better safeguards each year, meaning you can typically rely on the company to do most of the legwork.
However, if you’re unsure, you can always encrypt data yourself before you share it with an online platform. That way, even in the unlikely event that a company’s encryption keys are decrypted en-masse, only you will be able to access your files.
Perhaps the most cost-effective way to ensure your data never gets leaked is to follow best practice security principles. Scrap all those reused passwords, invest in a password manager, and take advantage of two-factor authentication if you’re given the option.
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers betterDownload now
Remote working 2020: Advantages and challenges
Discover how to overcome remote working challengesDownload now
Keep your data available with snapshot technology
Synology’s solution to your data protection problemDownload now
After the lockdown - reinventing the way your business works
Your guide to ensuring business continuity, no matter the crisisDownload now