What is cloud storage “encryption”?

Nearly every cloud storage company talks about file encryption, but what do they really mean? Not all encryption is alike. For this post we look at where the file in encrypted, instead of the type of encryption.

In the picture to the side, column 1 shows no encryption at all. Your file travels in the clear to the cloud storage provider. Anyone between you and the cloud can see it, and the cloud storage provider can see it.

Column 2 shows encryption on the wire, but decryption when it gets to the cloud storage provider. This protects your document while it is traveling, but not while it is stored with the cloud storage company. The cloud storage company can see and open your file.

Dropbox and Google Drive uses this method. They encrypt your file while it is traveling on the wire, but once it gets to their servers they decrypt. This is how you are able to see an “auto preview” of your file. If the Government came with a subpoena, they would be able to decrypt your file and turn it over.

Column 3 shows encryption on the wire and at the cloud storage provider. With this method of encryption, only you can view the file. The cloud storage company doesn’t have access to it and cannot turn it over to a third party. Even if the government comes knocking on their door, this kind of provider is incapable of opening up your files.

SpiderOak and Wuala use this method of storage. Many backup companies like BackBlaze also use this method.

Column 3 is the safest way to store your files. However, with this method, if you lose your password or encryption key, you will never be able to open those files. You can’t call the companies help desk and ask them to restore the files, because they can’t. Only column 2 type providers are able to look at your files when you call and can help you if there is an issue. It is a trade off between convenience and security. As a lawyer with sensitive information, security should be the priority.

When signing up for a cloud storage provider, make sure you understand what they mean when they say encryption. Make sure you know if they can read your files or not.