Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Crypto Prices

How Secure are iCloud and Onedrive storage?

Written by  Feb 24, 2020

Stored data goes into the ether somewhere and you rely on the likes of Microsoft and Apple to keep your data safe, but how safe is it?

If you are quite rightfully storing your crypto data online and you want to keep it on the cloud, which choice is best of the two most popular options.

How secure is iCloud?

Apple’s iCloud faced criticism in 2017 when cyber criminals stole photos of celebrities and published them online. It wasn't really an iCloud’s security issue, it had rather more to do with these individuals having their credentials compromised through successful phishing attacks. Apple actually has a pretty good reputation for maintaining security across its devices, although what does that mean for security in its cloud services?

Well, Apple says that data is encrypted both in transit (using SSL) and at rest on the server. Rather than using AES-256 bit encryption everywhere, however, it uses "a minimum of 128-bit AES" which is considerably less secure. The only thing that I can see where 256-bit is employed is for the iCloud keychain (used to store and transmit passwords and credit card data) so have to assume all other data is protected by weaker encryption which is not particularly encouraging.

The iCloud keychain encryption keys, however, are created on your own devices and Apple can't access them. Apple says it cannot access any of the core material that could be used to decrypt that key data and only trusted devices that you have approved can access your iCloud keychain.

Secure tokens are used for authentication when accessing iCloud from other Apple apps for example: Mail and Calendar, and there is optional two-step verification (which can be turned on at https://appleid.apple.com/account/home) via text message or device generated code for making changes to account information or signing into iCloud from a new device.

How secure is OneDrive?

Although Microsoft Windows is the number one targeted platform for hackers and cybercriminals, so far OneDrive has remained fairly free of any serious breach thus far. Does this mean it's the more secure than the iCloud? Not really, as none of them have actually suffered a direct data breach (rather than user-compromised access) that has come to our attention. Much of the public concern surrounding OneDrive security is actually that user-error stuff once more; the wrong file sharing permissions and password insecurity mainly.

Actually, files aren't shared with other people unless you save them in the Public folder or choose to share them. Microsoft does reserve the right to scan your files for 'objectionable content' (as does Apple iCloud) which could lead to deletion of the data and your account. That is seen by many as a reason to look elsewhere as file security cannot be guaranteed if the content provider deems it objectionable.

As for data security outside the snooping realm, while data is encrypted in transit using SSL it remains unencrypted at rest. Unless you are a user of OneDrive for Business as from the end of last year Microsoft introduced per-file encryption which encrypts files individually each with a unique key; so if a key was compromised it would only access one individual file rather than the whole store. All OneDrive users do get access to two-step verification though, which further protects the login via One Time Code app or text message.

Advertisement

Summary

Although the cloud remains for many something of an unknown quantity as far as security is concerned, the truth is that data security is never black and white but rather fifty shades of grey. Attaining a 100% secure data storage solution is never guaranteed; you can get very close but will never actually do it. So you have to determine what is 'close enough' as far as cloud services are concerned. This determination may be decided for you if you are a business which is regulated and has to meet compliance requirements, and that may mean that not all your data can be stored in the cloud.

For consumers and most SME's though, the cloud is actually pretty secure these days. Data encryption is key here. Just about every cloud store will encrypt data in transit, that is as it's transferred into and out of the cloud, and some (usually if you buy the business version of the service) will encrypt it at rest, or while it is being stored, as well.

Whilst data not being encrypted at rest, or if it is then the cloud provider managing the keys, does mean that the data can be indexed, de-duplicated, compressed and easily restored in a worst-case scenario it also means that your data isn't as secure as it might otherwise be.


Data Protection: A Practical Guide to UK and EU law
amazon uk

If you really want to ensure that your data cannot be compromised, then encrypt it yourself before you send it to your cloud storage provider. If you have control of the keys, no one can look at your data without you knowing about it. Taking control of your own data security by using an on the fly encryption service such as BoxCryptor for example, is a good step towards mitigating risk in the cloud.

Another is to be aware that the weakest security link is not the cloud provider, but rather you yourself. Follow security best practice in terms of password construction and use (don't re-use passwords across services) as well as employing two-factor authentication where available and your risk mitigation level improves dramatically better.

If you are new to the Cryptocurrency world and would like to open an account we recommend Cex.io.

Do you find this article useful? Comment below or follow us on Facebook or Twitter.

Carla Thompson

A very experienced freelance Crypto journalist who now prefers to work from home and has such a broad range of knowledge accrued over the years, we would not cope without her influence and ideas.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Follow Us

Advertisement

Popular in News

May 08, 2020

Crypto Wallet options

A cryptocurrency wallet is actually a program that stores private and public keys and it links to the blockchain in orde...

May 22, 2020

Can I create my own cryptocurrency? Yes

If you want to create your own cryptocurrency but you don’t have much experience in coding, you might be wondering if ...

May 15, 2020

Bitcoin and Ethereum recent transaction fee increases

Bitcoin and Ethereum (ETH) fees are going up.

Apr 29, 2020

Brits are the most sceptical about Cryptos future in Europe

Confidence that cryptocurrencies will still exist in 2030 is slightly increasing in Europe but not in the UK. ...

Apr 06, 2020

Reasons why Crypto Traders fail

Anyone who is about to start crypto trading will usually be a little apprehensive, or they are full of enthusiasm; nothi...

Apr 24, 2020

Cryptocurrency Myths: Investing is safer than you might think

In the beginning cryptocurrency had a bad reputation because of links to black market trading, nowadays purchases are fa...

Jun 25, 2020

Kraken announced $150k grant to BTCPay Server

The Bitcoin community has another significant grant to support open-source development.

May 19, 2020

Are VPNs for Crypto transactions necessary?

Virtual currencies are no longer a fad. They are used all over the world and traded on Forex. Aside from the profit-maki...

May 18, 2020

Cryptocurrency hardware wallets are not full-proof

"The fact is that there’s no way to prevent a highly sophisticated attacker with physical possession of the device, an...

Apr 15, 2020

How can you spend Cryptocurrency?

I know that most of you have already heard about crypto but there are still some people who have some blind spots about ...

Mar 31, 2020

Online privacy is a thing of the past say Brits: Protect your Crypto

The following stats make you aware that keeping your crypto account details safe is more important than ever. ...

May 07, 2020

Fake crypto-wallet extensions are in Chrome Web Store again, stealing credentials

Three weeks after Google removed 49 Chrome extensions from its browser's software store for stealing crypto-wallet crede...