With companies, hackers and governments all after your data, cloud storage can be a significant risk to your privacy, as well as the best way to protect it. Finding a good service can be tough, though, as the biggest providers often claim to offer more protection than you get. In this article, we’ll be looking deeper into Microsoft OneDrive security to see how good the service really is at protecting your files.
Ultimately, if you’re looking for the best cloud service for security, OneDrive isn’t it. Being under the watchful eye of the U.S. government with no zero-knowledge encryption leaves your data uncomfortably easy to access.
However, Microsoft OneDrive is far from the worst cloud storage provider out there. It offers a “personal vault,” AES 256-bit encryption and the free use of Office 365 with most OneDrive storage plans. It’s also an inexpensive option for quickly saving documents that are filling up your hard drive, although you shouldn’t be keeping anything too private on there.
OneDrive Security: Cloud Storage Risks
The cloud is a great place to store data. Cloud backups help prevent data loss from fires, floods and theft, while cloud storage is an easy way to increase your storage space or sync multiple devices.
However, that doesn’t mean you should rush to store all of your data online without considering the security of cloud storage. Even features like the OneDrive personal vault and file encryption may not prevent your files from being spread across the internet, where anyone can access them.
How Secure Is OneDrive?
OneDrive follows many best practices for data security, especially for a provider focused on usability and features. However, many of these protections come in the form of optional tools, so you will need to manually enable them to keep your data safe.
First is two-factor authentication with the Microsoft Authenticator mobile app. This will stop anyone from getting to your files even if they figure out your password. For example, if a thief accesses your device with a saved password, your phone acts as a second form of authentication.
You can also protect more sensitive data with the OneDrive personal vault, as it requires another form of identification and automatically locks after a certain amount of time. This is especially useful if your device is compromised while your regular storage folder is unlocked.
Some attacks can affect multiple accounts, which is why Microsoft also has a data-breach notification service. If your account becomes vulnerable from a hack or a mistake, the notification service will advise you on how to protect it. However, this system isn’t perfect, as it won’t alert you if the encryption key still seems safe.
On the other hand, not all cybercrime targets file access. Instead, some criminals use malware to cause data loss. If anything manages to get past the OneDrive virus and ransomware detection system, you can recover lost data for up to 30 days and revert any file up to 25 versions.
Is OneDrive Encrypted?
Regardless of any optional tools, encryption is still the king of data protection. Although it was initially reserved as a OneDrive for Business security measure, OneDrive now offers at-rest and in-transit encryption as standard for all users and file types.
However, your encryption key stays in Microsoft’s hands, rather than your own. This means that OneDrive does not offer zero-knowledge encryption, even with the OneDrive personal vault.
Are Sensitive Documents Safe in OneDrive? Security vs Privacy
Without zero-knowledge encryption, OneDrive could theoretically unlock your files and read them without your permission. Although there is no evidence of this happening in the past, with the amount of information Microsoft collects, your data security and privacy could be at risk.
Outside of a serious data breach, a third party would need to get permission from Microsoft to look through your files. Although there are almost no cases where this has happened, Microsoft is based in the U.S., so laws like the CLOUD Act and the Patriot Act make it possible for your data to be collected on the rare occasion that a judge approves a subpoena.
Considering this, it wouldn’t be unreasonable to be concerned about OneDrive’s security. For a more private storage solution, try a provider outside of the Five Eyes, such as Tresorit, a zero-knowledge service based in Switzerland.
How to Maximize OneDrive’s Security
Despite OneDrive’s security issues, there are ways to protect your data from unwanted access while it’s in the cloud. This is because you can add a second layer of encryption through third-party apps.
Software like Boxcryptor encrypts your data before it goes to the cloud, rendering it useless to anyone without your password. You can — and probably should — do this for any storage service, especially when the most well-known providers, like Dropbox, have security problems.
However, utilizing OneDrive’s two-factor authentication and its personal vault will further maximize your cloud security. There’s really no reason not to use these protections, as they’re available for every OneDrive user, even if you aren’t on Windows 10.
Another basic form of protection is improving a weak password. Simply making it longer is a good start, but using a password generator to randomize the text will make it almost impossible to crack. If you’re worried about remembering the password, most of the best password managers have solid free plans.
More Secure Cloud Storage Alternatives to OneDrive
When it comes to the most secure cloud storage service, there are two clear candidates for the top spot. Both Sync.com and pCloud protect you from all kinds of online dangers, and they also have zero-knowledge encryption, so only you can access your data.
Sync.com currently comes in first place for security. Its zero-knowledge, AES 256-bit encryption is available for all file types and users — even on the free plan — so your data is never at risk. Sync.com also has a system similar to the OneDrive personal vault, for an added layer of protection.
Not to be outdone, pCloud does provide a similar level of security to Sync.com. However, unless you’re a business user, you will have to pay an extra fee to get zero-knowledge encryption through the pCloud Crypto add-on. Although this isn’t a dealbreaker, it does leave free users vulnerable.
Although Microsoft hasn’t experienced a OneDrive hack, you should still take security precautions. Extra layers of protection — such as two-factor authentication, a stronger password and add-ons like Boxcryptor — will make it harder for anyone but you to access your files.
However, that doesn’t mean OneDrive is a huge vulnerability. Having years of experience in cloud storage, OneDrive provides tools that make up for some of its weaknesses. Plus, Microsoft OneDrive’s block-level syncing and flawless integration with Windows 10 and Office 365 would be nearly impossible with stronger protections.
Overall, OneDrive is a decent cloud storage service for some of your files. If you aren’t storing sensitive data and you make use of the personal vault, the risk may be worth the benefits.
What do you think about the security of OneDrive? Let us know your thoughts in the comments section below. Thanks for reading.