Cloud storage is a popular mean to store, share and collaborate through the internet. Online file sharing and storing service providers are offering lucrative packages to attract customers. But is the package plan everything? Absolutely not. Security comes first. In this post, I will discuss on which cloud storage provides most secured environment.
In the very beginning of the post, I would like to present the summary of my findings in a table. It shows the current security offerings from 5 selected cloud storage providers.
Here you will find my experience with these cloud storage services and I will also include information collected from expert sources. We will deal with the security features provided by these sample online storage companies to see which provider gives the strongest combination of security tools. At first We’ll take a look on each individual service security features. Then we will sum up them.
Google Drive
Web giant Google provides a bunch of great features on its cloud storage service. Google provides 15 GB free cloud space shared among its Gmail, Docs, Google+ Photos and Drive. So, you need to use Google Drive in a better managed way because the amount of frees space is distributed among more than one service. Google says that, storing data with them is safe. Even if your computer, tablet or phone break, Google Drive data is still safe. The company further claims, the files in its data center won’t go missing.
But, in consumer level, what security features offered by Google? I mean, what can a consumer do to secure their online stuffs? To answer this question, we need to go inside Google Drive’s security features.
At the very first, you’re required a Google account to use Drive. Opening a Google account is easy. Google will suggest you creating a strong password. It obliges at least 8 character for passwords. However, there is no requirement of using case sensitive or mix of letters and numbers in Google sign-up. It could enhance its security though.
Securing the Google account is the main part to secure your Drive. Google offers Two-step verification (Two factor authentication) feature to increase account security. Once this feature is enabled, you will be required to enter an additional security code for logging into any Google service.
In Google account login page, after providing the correct username and password, a verification code will be sent to your mobile phone via SMS. You can only access your Google service by entering this code. So, two step authentication can make Google Drive more secured from hackers. You can also get these codes via smartphone apps.
Google account settings has security question and recovery email/phone feature as well that helps to regain control should any breach occurs. You have control over the apps you give access on your account. There is also login history, IP and device details available to better trace your Google account activity.
Encryption is a crucial feature for cloud service. Although Google Drive uses HTTPS while operation, but it doesn’t yet provide native file encryption service. So, if you want to encrypt files, better do it before sending to Google Drive. You can use Boxcryptor for free to encrypt your cloud files.
Google Drive offers a number of custom sharing options. Using these settings you can define who can access your file, who can download, edit and so on. You can see your file version history on Google Drive. So, if you feel a previous version was needed, you can get that back by right clicking on the target file and selecting ‘Manage revisions’ option.
Summing up, the security of Google’s online storage service is reliant on your Google account security. If you can protect your Gmail ID, then you can also expect a safekeeping of your Google Drive files.
Microsoft OneDrive
Software giant Microsoft’s cloud storage platform OneDrive gives free 15GB storage for every new user. There is also referral and bonus offers that increase this initial amount of free storage. A Microsoft account is needed to use OneDrive. Visit Outlook.com to open a brand new Microsoft account. While sign-up, Microsoft takes some great security steps to protect the consumer from hacking. Microsoft suggests and requires a strong password that contains at least 8 characters with case sensitive letters. It makes sense of security.
OneDrive security is dependent on your Microsoft account’s security. So, if your Microsoft account is safe, that also keeps your OneDrive safe.
Microsoft is serious with Outlook.com account security. When I signed in first time and tried to access the ‘Account Settings’ option, it required me to verify identity using 2-step authentication. For account settings, they turned the feature on by default. If you want to use this extra safety layer in your account login too, then you need to activate two-step verification from Outlook.com account settings.
Microsoft’s Two-Step verification has more advanced features than Google’s. However, both are fine to rely on.
OneDrive uses HTTPS connection in its actions. You can get your account access history from ‘Recent activity’ section on the account settings. Managing your apps which you have permitted to use with Outlook.com is also possible from there.
OneDrive offers free file history feature for office documents. ‘Previous versions’ of other file formats are available to business users. So, if you make a change to your Office documents, you can see the previous version in OneDrive for free. OneDrive files cannot be accessed without your file permission. OneDrive, however does not encrypt your files uploaded to its server. So, if you want to ensure more security of your stuffs, you may choose a third party encryption service like Boxcryptor.
Dropbox
Dropbox is one of the popular online storage providers. It is being used in both personal and business purpose. Dropbox is dedicated to cloud storage only. So their entire concentration is on cloud. Dropbox provides 2GB of free cloud space to the new user. It allows to increase this amount by referral bonuses.
Dropbox says, they take data security with highest priority. While signing up for Dropbox, I found the process easy and quick. They required name, email and password. The account sign-up page suggested to use a good password. But it did not force to maintain a specific security level. It only showed a strength monitor with ‘weak… great’ comments.
However, Signing up to Dropbox may not require instant email verification, but to share files seamlessly, it demands confirming the email. You will get these options step by step.
Dropbox offers file version history feature to get back older versions of files easily. If you edit a file, and later want to get the previous version, simply right click on the newer version and select the ‘Previous versions’ option from context menu.
Your Dropbox account comes with a bunch of extra security tools. You can use two-step verification that requires to enter a unique security code each time for logging to Dropbox. This code is primarily sent to your mobile phone. You also can get the code via smartphone app. Whatever may be the medium, two factor authentication can improve your account security to a great extent.
From Dropbox security settings page, you also can monitor and manage your connected devices, login history, linked apps etc. to prevent unauthorized access.
Dropbox uses HTTPS connection on its site and while transferring your data between you and them. Via sharing options, you can control accessibility of your files.
Dropbox itself doesn’t provide file encryption feature before uploading to their server. It says that Dropbox encrypts files while the transition take place and rest of the time. However, You can encrypt your files before sending to Dropbox. To do it, there are many easy to use tools. Boxcryptor is one of them. It uses AES-256 bit standard encryption technology to even enhance your file security.
Copy
Copy is one of the most popular cloud storage service which competes with Dropbox, Google Drive, OneDrive etc. Copy provides 15 GB free online storage to every new user. It also offers referral bonus, so users can increase their free space further. Signing up with Copy takes a few seconds. It asked only name, email address and a password. When I signed up to Copy, it did not require me to choose a strong password. The website just said, the password must be at least 6 characters long.
Copy.com uses secured HTTPS connection while transmitting data between user and its server. The company also said that they store data in encrypted format. However, you cannot encrypt your data on Copy.com yourself. This may frustrate you in terms of security and privacy. But there are third party services to encrypt data before storing at Copy. So, you can easily encrypt your files at first and then store them on Copy! At the moment I wrote this post, Copy was not supported by Boxcryptor. But Boxcryptor said that, they were working on it. However, in the meantime, you can try 7-zip, or AESCrypt to encrypt your files locally.
Copy.com does not offer two-step verification which plays a great role in keeping an account safe. I hope they will soon start offering this valuable feature.
Copy sports file history checker to get back the previous versions of your files. I also did not find any option to review account access history in Copy.com.
Although Copy has a great user interface and functionality, the service lacks of some crucial stuffs.
Mega
Now we start with Mega, ‘the privacy company’. Mega was founded by Kim Dotcom. It provides 50 GB of free cloud storage to each new user. Signing up with Mega will require you to provide your basic information like name, email, password etc. Mega forces to use a strong password. If your password is not secured enough, it says ‘your password is too weak to proceed’.
Mega uses both HTTPS and client side encryption technology. That means, your locally encrypted data will be sent to Mega. When you download them, they get decrypted. As Mega’s security help page says, your files are not readable in the server. The company strongly recommends to never forget your password. Mega password is not only a password. It is the key which unlocks your decryption master key.
Mega says, there is no recovery option for your Mega password. If you don’t have a backup copy of your decryption master key, and in the meantime you ever lose your password, then you will also lose your data stored on its server. So, export your Mega master key from this Mega link and keep it safe. This is really serious.
However, still there are some reports that claim there are weaknesses in Mega’s browser based encryption system.
While Mega offers great security features, it does not have file version history. You can just get your deleted files from its Sync Client app’s ‘SyncDebris’ or Mega’s ‘Rubbish Bin’ folder. Mega provides service access history and apps management options to monitor your activity.
Interestingly, Mega does not have Two-Step Verification feature which could accelerate its privacy and security efforts.
The Sum Up
In the above article, I went through the available security features that offered by 5 popular cloud storage providers such as Google Drive, OneDrive, Dropbox, Copy and Mega. They are all doing well with their own security offerings. Now, let’s have a summary to learn about the availability of some core security feature among them. Here is a handy check list for you.
- Strong password enforcement: Google, Microsoft, Mega forces to use strong passwords. Dropbox and Copy appears to be a bit flexible.
- Email Verification Requirement: All of them require email verification in some points.
- Two-Step Verification: Google Drive, OneDrive and Dropbox provide 2-Step Verification. Copy and Mega don’t provide this security feature at this moment.
- Client Side Encryption: Only Mega offers client side encryption. It is done from the uploading device.
- Server Side Encryption: Dropbox, Mega and Copy keep your files encrypted at their servers. You also can use your local encryption to avoid risk.
- Using Secured Connection (HTTPS): All of the above 5 providers use HTTPS connection. However, Mega allows users to turn it off (Optional).
- Using Security Questions for ID Verification: Google Drive has this feature. OneDrive, Dropbox, Copy and Mega don’t use security question right now.
So, we see, Google Drive covers most of the security features except encryption. Microsoft OneDrive and Dropbox come then. Mega provides a complex security feature like encryption, but it does not have two-step verification like the previous three I just mentioned. Copy should step forward to take the nice looking cloud provider on a more secured estate with two-step verification, strong password enforcement and other innovative security features.
Mega is not the only one with client side encryption, check this out., it has end-to-end encrypted cloud storage, windows folder sync, and also has mobile app access which can also automatically back up to your cloud storage. I like knowing my personal pictures, etc, are encrypted and only accessible by me, especially with all the recent privacy and spying scandals etc, they also had a hacker challenge with a very large cash prize, no one got it, pretty reassuring, it has a free option.
Just to follow up from my previous comment, another similar option is spideroak, as it offers end-to-end encrypted “zero Knowledge” cloud storage ( meaning even spideroak employees can’t see it, as its encrypted and only you have the password) and also has mobile app access plus auto back up from pc. Use this link and get an Extra 1GB Storage Space on top of the default amount!