Skip to main content
Use code “RELIEF12” for a limited-time relief pricing of 12% off your purchase at checkout.
Click here for my Dutch 🇳🇱 website.

How is security and privacy handled in the cloud?

Files can be securely stored in the cloud. The major free providers do everything they can to secure their storage. Users themselves need to secure their accounts.

What is the cloud?

The term ‘cloud’ is used for online work and storage. In this article, we limit ourselves to the services that offer free online storage: OneDrive, Google Drive, iCloud, and Dropbox. More explanation about the cloud is provided in the article ‘What is the cloud?’.

Account Security

All storage services work via a user account. OneDrive with a Microsoft account, Google Drive with a Google account, iCloud with an Apple ID, and Dropbox with a Dropbox account. The big three (Microsoft, Google, and Apple) also use the user account for other things. For example, for their email programs or as a user account for a smartphone. If you use such another service, you already have an account for the storage service of the company. For all accounts, the following recommendations apply:

  • Create a unique and strong password.
  • Secure the account with two-step verification. If the account details unexpectedly become public, two-step verification keeps the door to all files closed.
  • Watch out for phishing and malicious programs. Via email, they try to steal the login details of an account. Don’t fall for it, be alert.
  • Do not store sensitive personal information in the cloud, such as a document with login details or a photocopy of a passport.


With ransomware, malicious software ends up on the computer, with which the files on the PC are encrypted. If a cloud program is installed on the computer, ransomware can also encrypt the files at the cloud service. Many services arm themselves against this.

  • With Dropbox, users can restore previous versions of files. You can then go back to a file that is not encrypted by the ransomware. In the free version of Dropbox, this can only be done per file. Paying users can restore entire folders and even an entire account at once.
  • OneDrive also has this recovery option, but only for paying Microsoft 365 subscribers.
  • Google Drive also has a file recovery option, but it lags behind Dropbox or OneDrive.
  • Ransomware for the Mac (and thus iCloud) is hardly there.

If the threat of ransomware gives an unsafe feeling, you can manually synchronize the folder of the cloud service instead of automatically. Then you know for sure that the cloud service only starts when the files are not encrypted. Of course, you can also keep all files only in the online environment, and not on the local disk of the computer.

Security of the Services

All services secure the online storage of files.

  • Secure connection: The storage services secure the connection so that no one can watch.
  • Encryption of the files: All files that are stored online are encrypted. The key is linked to the account. Without a key, the files are unreadable. Also for employees of the storage service. All data is therefore safe from the eyes of third parties.
  • Double storage: Also, the computers of the storage services can break down. Due to a crash of the hard drive, but also as a result of a fire or other disaster. That is why the files are stored in more than one place. So they can never get lost.

The providers of online storage have an interest in protecting the data of their customers. Their security is well taken care of. Compare it with your own finances. What do you think is safer: have your money managed by a bank or hide your money at home in your three-seater sofa?

What about privacy?

The files are encrypted and therefore only readable by the user. So the privacy of files is well guaranteed. However, all services do store some information about the user. This information is protected in Europe by the General Data Protection Regulation (GDPR). Personal data may not be viewed or used. Services must indicate why they store which data. For example, there must be a clear reason to ask for someone’s age. The services may use data that cannot be directly traced back to a person to show targeted advertisements. Microsoft, Apple, and Google are known for this. If you only use the storage service of these companies, you won’t notice much of this. But most people use multiple services from Microsoft, Apple, or Google. This allows these companies to create an (anonymous) profile of the user that is used for targeted advertising.

Reference Notes:

You may already be aware of my collaboration with the Dutch government and their endorsement of my Information Security PubQuiz. If not, you can read about it here. Regrettably, the government education site that underpins part of my PubQuizzes is not available in English. Therefore, I’ve translated the articles from “” and “” and you can read them on my site. The original source for this article, in Dutch, can be found here.