Security & Cloud Storage

Security and the privacy concerns that go along with it are a major factor in how businesses and consumers choose cloud storage providers. There are two main types of security offered by major cloud storage providers: Those that offer 'server side encryption', and others that offer 'client side encryption'. Before we study each of these cloud storage encryptions in further detail, it should be mentioned that there is a sub-category of encryption which falls under the 'client side encryption' category, but offers even more security--these types of cloud storage services are called 'zero-knowledge', meaning that the service provider does not have the required decryption key necessary to view the content stored on the their servers.

Let us study each of the three options in some detail in order to have a better understanding of the technology utilized behind each.

Server Side Encryption with Transmission Over SSL

Cloud storage solutions based on server side encryption are the most common. They offer a level of security suitable for most use-cases. As the name clearly suggests, a cloud storage service which utilizes server side encryption, encrypts files once they arrive on its servers, meaning that during transport from the users' computer/tablet/phone the files are not encrypted; however, this should not be a cause for alarm and concern, as the connection between the users' device and the storage company servers is secured using secured sockets layer technology, which establishes a secure connection between the browsers and the remote server. So even though the files themselves are not encrypted, the connection over which they are transferred is.

Client Side Encryption with Transmission Over SSL

Client side encryption is less common in cloud storage service; however, it is something that should be strongly considered for those who wish to have a second layer of security when transferring files over the internet. Client side encryption technology allows for the encryption of files before they are transmitted to the remote server operated by the cloud storage provider. So in addition to the security that the SSL provides, the files themselves are encrypted by a key provided by the storage company. What this means is that the service provider has the key which encrypts and decrypts the data, consequently giving them access to the content of the files (not that they would access your files without your consent, but they could be subject to requests from the government in which case they are obliged to hand over customer data).

Zero-Knowledge Cloud Storage Services

Zero-knowledge cloud storage services are the most secure currently available, because not only do they offer the security of SSL, and client side encryption, but they do so with the use of an encryption and decryption key that never leaves the users' device, meaning that the cloud storage service provider has no way of decrypting the data stored on their servers--the files are encrypted on the users' device before being transferred over SSL, and are decrypted for use after being downloaded from the server by the end user. The one drawback of a zero-knowledge storage service is that if the user loses or forgets the decryption key, there is no way for the service provider to retrieve the data; the data will essentially be lost.