Is Cloud Storage Safe?
Laura Martisiute
Reading time: 11 minutes
Table of Contents
If you use or plan to use cloud storage, you need to know: Is cloud storage safe?
Below, we explain whether cloud storage is:
- Safe to use.
- Good for privacy.
We also look at some steps you can take to improve both your safety and privacy when using cloud storage.
What Is Cloud Storage?
Cloud storage is a service model in which data is maintained, managed, backed up remotely, and made available to users over a network (typically the internet). Instead of storing data on local drives or on-premises servers, cloud storage allows data to be stored on remote servers owned and operated by third-party providers.
You still store things on a server with cloud storage; you just don’t own or ever see the server being used.
Users can access their data from any location with an internet connection.
Cloud storage solutions can be easily scaled up or down according to the user’s needs without requiring a significant upfront investment in hardware.
Cloud storage services often include automatic backup and recovery features, ensuring data integrity and availability even in case of hardware failures or disasters.
Is Cloud Storage Safe?
Depends on your definition of “safe.”
Users should look for cloud storage providers that use strong encryption protocols (ideally, zero-knowledge encryption), implement access control mechanisms like two-factor authentication (2FA), and data redundancy techniques and automatic backups.
For their own part, users should use strong passwords, enable 2FA, and encrypt sensitive files before uploading them to the cloud for added security. The security of the cloud server is the provider’s responsibility, but access security is up to you.
Like any online service, cloud storage providers can potentially be hacked. A 2012 Dropbox breach compromised millions of Dropbox user passwords.
Examples of cloud storage providers include Amazon Photos, Google Drive, and Dropbox.
Is cloud storage safe, according to Reddit?
The general consensus on Reddit is that cloud storage is not usually safe because most cloud storage providers can access your files.
For sensitive files, Redditors recommend either encrypting them before uploading them to cloud storage or storing them on a computer or thumb drive.
Is cloud storage safe for photos?
That depends.
One of the biggest issues is that many cloud storage providers don’t have zero-knowledge encryption, which means they can technically access your files.
Many cloud storage providers also scan uploaded content for illegal material, including CSAM.
These systems can flag innocent photos, leading to severe consequences like account suspension or reporting to authorities.
While automated scanning is intended to protect users and comply with laws, it can sometimes misinterpret the context of images and infringe on privacy. In a famous Google incident, a father’s private medical photos were scanned without his explicit consent, and he was flagged as a criminal.
Is TeraBox cloud storage safe?
There are mixed opinions online about whether TeraBox cloud storage is safe.
According to a TechRadar review, TeraBox has had previous privacy concerns.
The service doesn’t offer zero-knowledge encryption, which means it could potentially access uploaded data, especially given their policy against sharing “objectionable” content, which implies some level of monitoring or scanning.
Previously known as Dubox and now owned by FlexTech Inc., TeraBox has a history of storing data in Chinese data centers, which are often seen as less secure compared to American or European ones.
On Reddit, some users report using TeraBox with no problems; others caution against it. In general, it is recommended that you encrypt your files before you upload them to TeraBox. However, this advice applies to almost all cloud storage providers.
Is Google cloud storage safe?
Depends on your definition of “safe.”
You can read about Google Cloud Storage’s approach to safety on their website.
However, Google Cloud Storage does not offer zero-knowledge encryption by default.
In zero-knowledge encryption, the service provider cannot access the encryption keys at any point. Only the user (or the data owner) holds the keys, and only they can encrypt or decrypt the data.
This ensures that even if the service provider’s infrastructure is compromised, the data cannot be decrypted and accessed because the provider does not have the keys. It provides the highest level of privacy and security since only the data owner has control over the keys.
Users must trust Google to manage their encryption keys securely and to protect their data from unauthorized access.
Also, it’s important to remember that Google could be compelled to provide access to data if required by law, as they have access to the encryption keys.
Is Microsoft cloud storage safe?
Depends on your definition of “safe.”
Microsoft’s cloud storage services, such as OneDrive and Azure, do not currently offer zero-knowledge encryption (ZKE) by default.
Zero-knowledge encryption means that the service provider cannot access or decrypt the user’s data because the user holds the encryption keys.
Microsoft has access to the keys, which means they can decrypt the data if needed, for example, to comply with legal requests.
Azure offers an option called Azure Key Vault, where customers can manage their own encryption keys. This provides more control over key management, but it still does not constitute zero-knowledge encryption because Microsoft could potentially access the keys stored in Azure Key Vault.
However, if zero-knowledge encryption is not a deal-breaker for you, then Microsoft cloud storage might be a good option.
You can read about how OneDrive keeps your data safe in the cloud on their website. You can also read Microsoft’s blog post “3 reasons why Azure’s infrastructure is secure.”
Is OneDrive cloud storage safe?
Depends on your definition of “safe.”
OneDrive is a reputable cloud storage provider with security features that include the following:
- Multi-factor authentication. Users can enable MFA to add an extra layer of security to their accounts.
- Role-based access control. Administrators can control access to data based on user roles.
- Advanced threat protection. OneDrive includes features to detect and respond to potential security threats, such as ransomware detection and recovery and advanced threat analytics.
- Redundancy and backup. Microsoft ensures data redundancy by storing data in multiple locations and performs regular backups to prevent data loss.
- Transparency reports. Microsoft provides transparency reports and detailed documentation about their security practices, enabling users to understand how their data is protected.
However, OneDrive does not provide zero-knowledge encryption (ZKE) by default. Zero-knowledge encryption means that the service provider cannot access or decrypt the user’s data because the user holds the encryption keys, ensuring that only the user can access the data.
Since Microsoft manages the encryption keys, they could technically access or decrypt the data if necessary, for example, to comply with legal requests.
To achieve a level of zero-knowledge encryption, users would need to encrypt their data locally before uploading it to OneDrive. This way, Microsoft would only store the encrypted files, and only the user would have the decryption keys.
Is Dropbox cloud storage safe?
Depends on your definition of “safe.”
Dropbox does not offer zero-knowledge encryption by default. This means that Dropbox has access to the encryption keys and could technically decrypt the stored data if necessary, for example, to comply with legal requests.
Dropbox also has had several security issues over the years. Two recent ones include the following:
- A 2022 breach that affected customers of Dropbox’s eSignature service.
- A 2024 breach affected Dropbox Sign (formerly HelloSign), exposing customer data such as emails, usernames, phone numbers, and hashed passwords. Additionally, the names and email addresses of non-account holders who signed documents were leaked.
Despite these incidents, Dropbox offers several security features, including two-factor authentication and permissions-based access controls. Additionally, Dropbox provides alerts for suspicious activities or new device logins to help identify unauthorized access attempts.
You can read more about Dropbox’s security features on their website.
You can also read our review of whether Dropbox is safe.
Is Degoo cloud storage safe?
Depends on your definition of “safe.”
Some internet users have reported that some of the files they uploaded to Degoo were deleted.
On the other hand, Degoo gets good reviews from publications like TechRadar, which gives it a 4 out of 5-star rating and highlights its “top secret/zero knowledge” feature.
Degoo’s top-secret feature ensures that only you can access your uploaded files.
This feature comprises two main components: zero-knowledge encryption and cross-continent storage replication.
You select a passphrase known only to you, which is never stored on Degoo’s servers. This passphrase encrypts and signs your files, guaranteeing maximum security. Your files are divided into individually signed chunks with redundancy and stored across multiple providers, enhancing both security and reliability.
Is Adobe cloud storage safe?
Depends on your definition of “safe.”
Adobe Creative Cloud and Adobe Document Cloud receive decent reviews from publications like TechRadar and Tom’s Guide.
However, like many other cloud storage providers, Adobe does not provide zero-knowledge encryption by default. This means Adobe manages the encryption keys, and theoretically, they could access the encrypted data if necessary, for instance, to comply with legal requests.
In 2019, Adobe also accidentally exposed about 7.5 million Creative Cloud users.
Is Cloud Storage Private?
Again, depends on your definition of “private.”
Cloud storage can be private, but its privacy depends on several factors, including the service provider’s policies and the measures users take.
While many cloud storage providers encrypt data in transit and at rest, not all providers offer end-to-end encryption (E2EE), where only the user holds the decryption key. For example, neither Google Drive nor Amazon Photos provide end-to-end encryption, which means that both companies could technically access user data if they wanted to.
To be on the safe side, internet users recommend encrypting files before storing them in cloud storage.
Some cloud storage providers scan users’ files for abusive content.
In 2022, a father’s Google Photos account was deactivated after a photo of his child’s genital area, meant for his child’s doctor, was flagged as inappropriate content. Google’s automated systems identified the images as child sexual abuse material (CSAM), leading to the account’s deactivation.
In some cases, cloud users inadvertently expose their own files to other people, for example, if they share a file link with the wrong recipient.
How to Improve Your Safety and Privacy While Using Cloud Storage
Follow the steps below for a more private and secure experience when using cloud storage.
- Create complex passwords. Use a mix of letters, numbers, and special characters to create strong passwords. Never reuse passwords across different services. A password manager can help you generate unique passwords (and keep track of them, too).
- Enable MFA. Wherever possible, turn on multi-factor authentication to add an additional layer of security to your cloud storage accounts.
- Encrypt data before uploading. Use third-party encryption tools to encrypt your files—especially files that contain personal or sensitive information—before uploading them to the cloud.
- Use end-to-end encryption services. Go with cloud storage services that offer end-to-end encryption by default. End-to-end encryption ensures that no one, not even the cloud storage provider, can access your files.
- Have backups. Keep local backups of important data to ensure you have access even if the cloud service is compromised. Store backups in multiple locations to safeguard against data loss.
- Manage sharing and permissions. Share files with specific individuals rather than generating public links and regularly review and update permissions for shared files and folders. Consider using links with expiration dates for temporary sharing.
- Stay informed about security practices. Familiarize yourself with your cloud provider’s security and privacy policies and stay informed about security updates and alerts from your provider.
- Monitor account activity. Regularly monitor your account activity for any suspicious access or changes. If possible, enable security notifications to receive alerts about unusual activity.
- Be cautious with third-party apps. Review the permissions requested by third-party apps connected to your cloud storage account. Only use trusted and reputable third-party apps and services.
Our privacy advisors:
- Continuously find and remove your sensitive data online
- Stop companies from selling your data – all year long
- Have removed 35M+ records
of personal data from the web
Save 10% on any individual and
family privacy plan
with code: BLOG10
news?
Don’t have the time?
DeleteMe is our premium privacy service that removes you from more than 750 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.
Save 10% on DeleteMe when you use the code BLOG10.