What's the best encrypted cloud storage provider?

Choosing a cloud storage provider? Consider these platforms, security guidelines, and tips when setting up your account.

Cloud storage provider icon with a green lock check badge.

Cloud storage is a convenient, safe way to manage and share important documents and files. However, choosing the proper cloud storage platform and setting it up properly are prerequisites to ensuring good security and privacy practices for your data.This article outlines some best practices to employ when you’re using cloud storage services, including security practices, data protection guidelines, and suggestions for the privacy and encryption practices to keep your data safe. We’ll also cover some of the most popular cloud storage providers and analyze their security practices, encryption schemes, and privacy policies.

Why cloud storage?

Before cloud storage, sharing files and information was slow, frustrating, and significantly less secure. Files were either sent over email, or shared in physical form using USB drives, portable hard drives, or other cumbersome hardware. In contrast, cloud storage allows users to upload, store, and share data online, from gigabytes of research and documentation to personal photos and videos. Users can manage permissions, choose providers with different encryption practices, and ensure compliance with data processing regimes, such as GDPR and CCPA. Now, user data is stored on servers that are owned and operated by a service provider, which subsequently owns, operates, or rents storage in data centers. Consumer cloud storage providers include Dropbox, Box, and Google; other companies operate cloud storage services for enterprises and applications, such as Amazon Web Services (AWS).The service provider makes the data available to the user over web, iOS, Android, and other consumer applications. This allows users to access the data from any device that has an internet connection, or to sync data locally with a desktop folder (in fact, this was one of Dropbox’s biggest innovations that sparked initial massive growth). The cloud storageservice provider subsequently manages the security of the data, and the user or organization will not have to worry about losing the data if a single device is lost or stolen. Furthermore, unlike some portable USB drives or hard drives, access to sensitive data can easily be revoked or via cloud permissions, yielding significant safety benefits.

Cloud storage encryption overview

In this section, we’ll cover the most common encryption schemes used on cloud data storage services. These include disk encryption, symmetric encryption, and end-to-end encryption, wherein the cloud provider never has access to user data.Symmetric encryption: Symmetric encryption is a type of encryption where the same key is used to both encrypt and decrypt data. This means that anyone with the key can access the data, so it is important to keep the key secure. Symmetric encryption is typically faster than asymmetric encryption, but it is less secure since the key is shared. Generally, symmetric encryption is used for disk encryption on cloud provider data centers; if you see the term AES-256 used to describe a provider’s encryption model, it generally refers to them using a symmetric encryption scheme.In this model, cloud providers generally have access to both the encrypted key and encrypted content, giving them full access to decrypt users’ files. As a result, examining providers’ privacy policies, transparency reports, and guidelines for accessing user data. A transparency report is a way for technology companies to outline how their practices may limit user privacy on their platform, such as providing widespread access to law enforcement. Most big tech companies, including Google, Facebook, and Apple, publish transparency reports.End-to-end encryption: End-to-end encryption is a whole step above basic symmetric key encryption: Unlike using a single symmetric key, end-to-end encryption allows users to store files on the cloud without giving cloud providers access to any of the content. Even if the messages are intercepted by a third party, they will be unable to read them.End-to-end encryption - sometimes known as client-side encryption or zero-knowledge encryption - has become frequently used in messaging applications in order to protect the user’s privacy - for example, iMessage, WhatsApp, and Signal incorporate end-to-end encryption by default. Most of the biggest cloud storage providers - even ostensibly secure cloud storage providers - are not end-to-end encrypted. Below, in reviewing different storage providers, we cover end-to-end encrypted providers that provide this additional level of protection.Using a desktop encryption tool: When it comes to encrypting files for the cloud, some particularly sensitive users may choose to encrypt files themselves. For example, one common and widely trusted method is to use an app such as GPGTools to encrypt your files before uploading them to the cloud.GPGTools uses asymmetric encryption with a public and private key, which means that only you will be able to decrypt the files using your private key. Another method that can be used is to create an encrypted disk image using a tool such as TrueCrypt. This will create a virtual disk that can be mounted and used like any other disk, but the contents will be encrypted.Finally, you can also use full-disk encryption on your computer if you are using a cloud service that allows you to do so. This will encrypt all of the data on your hard drive, including the operating system, and will require you to enter a password each time you boot up your computer.Generally, we do not recommend using your own encryption tools, such as GPGTools, unless you are well equipped to manage your own encryption keys. Remember: If you lose all copies of your encryption key, you may be completely unable to recover your files!

Using 2FA

Two-factor authentication (2FA) is an additional layer of security that can be used to protect online accounts when using cloud storage providers. When 2FA is enabled, a user is required to provide not only their username and password, but also a second factor, such as a one-time code generated by an app on their phone.2FA can help to protect against account hijacking: Even if a hacker knows your password, they will not be able to access your account without also having your second factor, which may be an SMS code sent to your device or a PIN entered from an authentication app. 2FA can also be useful in cases of phishing attacks, where a hacker may try to trick you into entering your login details on a fake website. If you have 2FA enabled, they will not be able to login to your account even if they have your password, as they will not have your second factor.2FA is not perfect, and it can be bypassed in some cases, such as if a hacker has physical access to your device and is able to see the one-time code as it is generated (some more sophisticated SIM-based attacks also present risks to 2FA). However, it is still a valuable security measure to take to ensure total data security, and it can greatly reduce the risk of your account being compromised. Using 2FA in combination with a strong password or password manager yields quite strong protection against account compromise.

Cloud storage providers

Dropbox is a file hosting service that offers cloud storage, file synchronization, personal cloud, and client software. It was founded in 2007 by MIT students Drew Houston and Arash Ferdowsi as a startup company, with initial funding from seed accelerator Y Combinator. Dropbox has expanded far beyond simply offering online storage; the company offers real-time collaboration products (Dropbox Paper), e-signature capabilities, and enterprise features.Google Drive is one of the most popular and widely used consumer cloud storage providers, largely because it comes directly integrated with Gmail, Google Docs, and additional Google products. Google Drive offers more storage space for free than Dropbox – 15GB compared to Dropbox’s 2GB - and also integrates with a number of other Google services, such as Gmail and Google Docs, making it a more seamless experience for users who are already invested in the Google ecosystem.Tresorit is a cloud storage service founded in 2011 in Switzerland. The company provides personal and business cloud storage solutions with end-to-end encryption. Tresorit is headquartered in Zurich, Switzerland and has offices in Budapest, Hungary and San Francisco, United States. Tresorit is an end-to-end encrypted, zero-knowledge service, which means that the company has no way to access your data. Dropbox, on the other hand, is not end-to-end encrypted. This means that Dropbox employees could access your data if needed. However, note that Tresorit is more expensive than Dropbox. Dropbox’s 500 GB storage plan costs $9.99 per month, while Tresorit’s 500 GB storage plan costs $19.99 per month.Sync.com is a Canadian cloud storage and file synchronization service based in Toronto, Ontario. The company was founded in 2011 by Dmitry Buterin and James Beshara. Sync.com offers a relatively standard cloud storage service that syncs across devices. The company offers storage plans with large amounts of space available, largely targeting creative professionals who frequently generate files that can consume gigabytes of storage space.OneDrive is personal cloud storage offered by Microsoft. Similar in features to Google Drive or Dropbox, OneDrive is well suited to personal use for file storage or photo storage. However, the product is not end-to-end encrypted, and it offers additional features when used on Windows devices or across the Microsoft ecosystem. As a result, we suggest testing OneDrive, but you may prefer another provider if you are not already ingrained in Microsoft Office and operating systems.ProtonDrive - offered by the company behind ProtonMail - is a relative newcomer to the cloud storage market. ProtonDrive offers a number of features that make it similar to Tresorit on best security practices, but with a different user experience for sharing, link sharing, and more. Like Tresorit, all data stored on ProtonDrive is encrypted before it is uploaded to the server. This means that even if the server is hacked, the data will be unreadable. Second, ProtonDrive offers two-factor authentication, which adds an extra layer of security.Skiff Drive is a fully private, end-to-end encrypted cloud storage provider with an intuitive design and apps for Android, iOS, and more devices. Skiff Drive provides all of the easy sharing and usability features you would expect, including file sharing, link sharing, and public folder sharing. Skiff Drive also offers unique security features, such as sharing expiration and watermarking. Skiff Drive’s encryption is completely client-side, ensuring that no one else can access your data. Finally, Skiff Drive is the only end-to-end encrypted provider that can be optionally configured to integrate with decentralized storage via the InterPlanetary FileSystem (IPFS), which yields another level of censorship resistance and data ownership. Skiff’s encryption protocols are open-source and described in their whitepaper.

Cloud storage security tips

Follow these tips to keep your data secure.Use encryption: When your data is encrypted, it's much more difficult for hackers and other unauthorized individuals to access it. Many cloud storage providers offer encryption services, but it's also possible to encrypt your data locally on your own computer before uploading it to the cloud. When you encrypt your data locally, make sure you keep the encryption key in a safe place; otherwise, you won't be able to access your data either.Set up your account properly: Use a strong password and set up two-factor authentication. All large cloud storage providers, including Dropbox and Skiff, offer 2FA for user accounts. 2FA provides significantly greater protection in case your password is compromised, which could happen if you reuse passwords or your provider suffers a significant security breach.Choose a provider that you trust: There are a lot of cloud storage providers out there, so it's important to go with one that has good policies and a trustworthy track record of keeping customer data safe. Remember, cloud storage providers may store your personal information, health records, credit card numbers, or more critical sensitive data, so understanding their security rack record is critical.Keep an eye on activity logs: Many cloud storage providers, such as Dropbox, now offer activity logs for folders and files. We highly recommend monitoring these logs for suspicious account access, downloads, or sharing. Note that some activity monitoring features require an enterprise or business plan instead of simply a personal free plan.Be careful what you download: When interacting with other cloud storage providers, be careful before clicking links and downloading files to your computer. Unfortunately, malicious actors have started to use cloud storage to share ransomware, spyware, and other viruses - so make sure you are downloading files from sites and contacts you trust.Using an end-to-end encrypted provider: Ultimately, you may be entrusting your identity, financial information, and family information with the cloud provider you choose. Choosing an end-to-end encrypted provider keeps your information private to you, preventing your storage provider, internet service provider, or anyone else from ever accessing your data.

Switching to Skiff's encrypted product suite

Skiff's end-to-end encrypted product suite offers privacy-first file storage, real-time collaboration, documents, notes, calendar, and email.Every Skiff user has access to the following products:

Skiff Mail (end-to-end encrypted, private email)
Skiff Drive (all data end-to-end encrypted, unlike Notion)
Skiff Pages (for wikis, notes, documents, and real-time collaboration - end-to-end encrypted, unlike Notion)
Skiff Calendar (integrates natively with Skiff Mail)

Skiff's paid tiers include even more value. Users benefit from more aliases, custom domains, and so much more, such as full version history on Pages and Skiff Domains:

Features	Free	Pro	Business
Drive storage	10 GB	100 GB	1 TB
Folders and labels	5	Unlimited	Unlimited
Custom signatures
Auto reply
Schedule or undo send
Email + doc text search
E2EE link sharing
Document limit	Unlimited	Unlimited	Unlimited
Skiff.com aliases	4	10	15
Custom domains	0	2	5
Workspace collaborators	6	6	Unlimited
Doc version history	24 hours	Unlimited	Unlimited

Conclusion

This article covers the history of cloud storage as well as some key tips for using cloud providers safely and securely. When choosing a cloud storage provider, we recommend examining many technical factors - such as whether it employs end-to-end encryption - as well as the policies and terms that govern your account and data.Finally, regardless of the provider you select, you must adhere to good security practices when setting up your account, including choosing a strong password, setting up two-factor authentication, and monitoring activity logs for any suspicious activity.