Table of Contents
The Cloud Security Problem
Cloud storage services like Google Drive, Dropbox, and iCloud are incredibly convenient — but they are also targets for hackers and subject to data requests from governments. Most cloud providers can access your files because they hold the encryption keys. Understanding the security model of your cloud provider is essential.
Securing Your Cloud Accounts
Strong Authentication
- Use a unique, strong password for each cloud service
- Enable two-factor authentication — preferably with a hardware key or authenticator app
- Review active sessions periodically and revoke unknown devices
Sharing Settings Audit
- Review all shared files and folders regularly
- Remove sharing permissions for people who no longer need access
- Avoid public links for sensitive files — use specific-person sharing instead
- Set expiration dates on shared links when possible
File Organization
- Keep sensitive files in a dedicated, encrypted folder
- Do not mix personal and work files
- Delete files you no longer need from the cloud
Encryption Options
Provider Encryption
Google Drive, Dropbox, and iCloud all encrypt files at rest and in transit. However, the provider holds the encryption keys, meaning they can decrypt your files if compelled by law enforcement or if their systems are breached.
Client-Side Encryption
For true privacy, encrypt files before uploading:
- Cryptomator — Creates an encrypted vault that syncs with any cloud provider. Free and open source
- Veracrypt — Creates encrypted containers for sensitive files
- Boxcryptor — End-to-end encryption layer for popular cloud services
Zero-Knowledge Providers
Some cloud services encrypt files so that even the provider cannot access them:
- Tresorit — Zero-knowledge encryption, based in Switzerland
- Sync.com — Zero-knowledge, Canadian privacy laws
- ProtonDrive — From the makers of ProtonMail
Platform-Specific Tips
Google Drive
- Review third-party app access in Google Account > Security > Third-party apps
- Use Google Vault for compliance and retention (business users)
- Enable Advanced Protection Program for high-risk accounts
Dropbox
- Enable two-step verification
- Review linked devices and web sessions
- Use Selective Sync to keep sensitive folders off shared computers
iCloud
- Enable Advanced Data Protection for end-to-end encryption
- Use strong Apple ID password and 2FA
- Review devices linked to your Apple ID
Combine cloud security best practices with our PDF Tools to process sensitive documents locally before uploading them to any cloud service.
Share this article
Raimundo Coelho
Cybersecurity specialist and technology professor with over 20 years of experience in IT. Graduated from Universidade Estácio de Sá. Writing practical guides to help you protect your data and stay safe in the digital world.
