When reading the Terms of Service (TOS) for cloud data providers like Google, Microsoft, or Dropbox, you might be forgiven if you think that your data is safe. Technically, your information is safe from outsider access. But there is another, very important issue to keep n mind – government access to your information without your knowledge.
This article describes the flaw of cloud security in more detail. The essential issue is that all cloud providers have access to your private keys. Because your cloud providers store or have access to your encryption keys, the cloud provider can be compelled to turn over your private information. The threat to personal security access is further jeopardized by the pending CLOUD Act before Congress. The Act loosens the restrictions on what and how federal officials can gain access to your information from your cloud provider.
The reason we use Boxcryptor for our business and personal information is not just because it meets the strict standards of the GDPR and is ISO certified. We use it because it provides me with “zero knowledge Encryption”; the keys I use to encrypt my information are known only to me. The good news is that no one can access that information unless they gain direct access to my keys. The bad news is that if I lose the password, the data is lost forever!
I encourage you to read the article and determine to what extent you feel you need security. No matter what the vendor’s TOS may say about how safe they keep your information, they cannot guarantee that our federal or a foreign government cannot see your personal information. As one of the professors of my MIT course on encryption, Ron Rivest (coauthor of the widely used RSA encryption protocol), said, not using zero knowledge encryption is like leaving the keys to your home under the doormat.