Most of us have been using cloud storage services for years. We’re all familiar with services like Dropbox, Google Drive, and Microsoft OneDrive. And these are just a few of the most popular ones. These big name services have a lot to offer. They are flexible, fast, and versatile, not to mention inexpensive (often free). Once you’ve got one of them set up, you can access your files from anywhere, and know that if something happens to your computer, you will quickly be able to recover all your important files.
This is all great, but when you use these services, you are trusting them to keep your data secure and private. They encrypt your data so it is secure while traveling across the internet and also secure while it is sitting on their servers. But because they encrypt your data for you, they can decrypt it if they so wish. Or if they are ordered to by the local government. Or if some powerful intelligence agency “convinces” them that it is in their best interest to do so.
…What the world needs now is a cloud storage service that is not subject to uncontrolled access by intelligence agencies. —Mikko Hypponen
Even if the home government isn’t trying to get access to data stored in the cloud, hackers are. Hackers are constantly assaulting cloud storage systems of all types, looking to steal, well, whatever they can get their hands on. It really is dangerous out there.
Here at Restore Privacy, our goal is to help you keep your private data secure. Everything else, such as how much free storage space a service offers, or how well it works with other software and services, is secondary. That’s why this guide focuses on what we call secure cloud storage.
What is secure cloud storage and why do you need it?
We consider secure cloud storage to be a cloud storage system where you, not anyone else, controls the keys used to encrypt and decrypt your data. If you control the encryption keys, the cloud storage service can’t decrypt your data, period. The government can demand it, some scary intelligence agency can insist on it, but it won’t matter. Only you can decrypt your data.
Secure cloud storage services use a variety of techniques to protect your data. From storing your data in secure facilities with armed guards and biometric locks like something out of a spy movie, to using the latest and greatest encryption algorithms, they offer enhanced security over the big names in the cloud storage space.
We’ve been busy reviewing secure cloud storage services to see which ones do the best job or protecting your precious data. This is what we’ve found:
The best cloud storage services
While we haven’t reviewed every cloud storage service that claims to be secure (there are dozens), we have done deep dives into the leading services. All technical considerations aside, you want a secure service that has the corporate backing and resources to be around for a while. So we ruled out most of the more obscure services for now. If any of them gain a critical mass, we’ll check ’em out in the future.
For 2021, here are our recommended secure cloud storage services that can protect your privacy in the current privacy-hostile environment. You’ll find a short summary of each service below, along with links to our in-depth reviews of them.
1. Tresorit – Best secure cloud storage solution
|Price||$10.42/mo; 200 GB|
Tresorit, based in Switzerland, is our pick for the best secure cloud storage service in 2021. It utilizes end-to-end (zero knowledge) encryption and offers a full set of features for businesses, teams, and individuals. The company stores your data in Ireland by default, but business accounts can select from several jurisdictions. A 2019 audit by Ernst & Young indicates that Tresorit is a trustworthy service.
Tresorit’s business-oriented plans provide tools for managing users ad their data across the organization. The service is compliant with HIPAA, GDPR, FedRAMP, and numerous other data protection regulations, making it suitable for a wide range of corporate applications.
Tresorit is a great choice for business users. Its value for individuals isn’t so clear. The free plan offered by the company is very limited, and the paid plans will probably be overkill, leaving you paying a high price for features you don’t need.
Check out our complete Tresorit review.
2. Sync.com – Zero-knowledge cloud storage based in Canada
|Price||$96/yr; 2 TB|
Number 2 on our list is Sync.com. Sync.com offers plans for every type of user (individual to enterprise), but we think it is probably best for individual users. Their zero-knowledge infrastructure looks to be as secure as you can get, although they still haven’t published any third-party test results. If you only need a small amount of storage (5 GB), and don’t need a Linux sync client, their free plan could be ideal for you.
Sync.com has both pros and cons when it comes to business use. It offers plans with unlimited storage and bandwidth, as well as several team-oriented features and compliance with industry standards such as HIPAA, GDPR, and PIPEDA. The biggest business drawback is the requirement to store all your data in Sync.com’s Sync folder. This could result in incompatibilities with other crucial business apps and services.
For more on these pros and cons, see our Sync.com review.
3. NordLocker – Versatile encryption and cloud storage system
|Price||$3.99/mo; 500 GB|
Tresorit and Sync.com are cloud storage products that are designed to be secure. NordLocker is an encryption service with cloud storage capabilities. If you want the maximum possible security for your data, this is an important distinction. Secure cloud storage services will encrypt your data whenever it is not at rest on your computer. They use zero knowledge encryption so that no one, not even them, can decrypt your data.
But what about when the data is on your computer? What if someone gains physical access to your computer? The files on your computer are not encrypted. Someone with access to your device will have full access to your files as well.
But NordLocker does things differently. You move the files and folders you want to protect into a special folder called a locker. Anything you put in the locker is encrypted automatically, and only accessible when NordLocker is unlocked. This means that your files can remain safely encrypted even when they are on your computer.
NordLocker offers their own secure cloud storage for lockers. Their lockers are also compatible with any other cloud storage services. That’s big because it means you can store lockers in other cloud storage services, knowing that your data is safe regardless of which service you use.
If this versatile tool sounds good to you, here’s a link to our complete NordLocker review.
4. Nextcloud – The best cloud storage for self-hosting
Nextcloud is different than the other services we’re recommending.
First, it is a FOSS (Free and Open Source Software) system. As the name implies, it is free to use. And the fact that it is completely open source means that you can be reasonably confident that no one has done anything nasty in the code that would jeopardize the security and privacy of this service.
Nextcloud is designed to allow you to store your data on your own secure servers, or on third-party servers. By hosting on your own servers, you can keep all your data safe inside the corporate firewall. By syncing to third-party servers, you can get up and running quickly while letting someone else handle the maintenance of your data servers.
Nextcloud is also very versatile and expandable. One example of this is Nextcloud Hub. The hub allows you (and your team) to:
Share and collaborate on documents, send and receive email, manage your calendar and have video chats without data leaks
As a fully on-premises solution, Nextcloud Hub provides the benefits of online collaboration without the compliance and security risks.
The ability to host Nextcloud on your own hardware is important, since Nextcloud’s end-to-end (E2E) encryption is not fully funcitonal yet. Even so, we see Nextcloud as a powerful, flexible, and free cloud storage solution with huge potential. Between the core product and the 100+ apps you can add to it, you can create anything from basic cloud storage to a complete environment for home or business use.
By self-hosting on your own secure servers, you can build a free (or low cost) secure cloud storage system that rivals anything out there. And once end-to-end encryption is available, you will be able to do the same, even without hosting everything yourself.
Here’s our full review of Nextcloud.
5. MEGA.nz – Consumer-oriented, zero-knowledge cloud storage
|Based in||New Zealand|
|Price||$5.45/mo; 400 GB|
MEGA is a popular secure cloud storage service that was started by a gentleman named Kim Dotcom in 2013. Unlike some of its competitors, it provides desktop and mobile clients for every major operating system. In addition, MEGA features zero-knowledge, end-to-end encryption and a free plan that includes 15 GB of storage (boostable up to 50 GB if you complete certain tasks.
One potential drawback to this service is that it daily data transfer limits that can leave you waiting until the next day of you try to move too much data at once. Still it is a strong choice for individual users.
If you are looking for secure business storage, MEGA looks less appealing. They do offer business plans with unlimited storage and transfer capacity, plus built-in chat, contacts, and file preview capabilities. But other services, including Tresorit and pCloud have stronger corporate offerings. In addition, New Zealand laws result in MEGA’s ToS containing some troubling clauses you’ll want to study before naming MEGA as your secure corporate cloud storage service.
Here’s our MEGA review.
Secure cloud storage FAQ
When looking for the best cloud storage that is private and secure, you may have some questions. So let’s cover the basics.
Does the country where the company is located matter?
It does indeed matter which country a cloud storage service is located in. National laws governing the storage and transmission of online data vary greatly. Some countries respect your online privacy more than others. Countries like Switzerland have strong data protection laws in place. Others, like the United States and the UK, have a bad record for protecting your privacy. Countries that don’t respect your privacy could well lean on your cloud storage provider to give them access to the data you have stored on the service.
That said, the country a secure cloud storage service is located in matters less then it does for a regular service. As we discussed previously, a secure cloud storage service can’t decrypt your data. You control the encryption keys, not them. Even if they are ordered to hand over your data to the authorities, or are hacked by some third party, none of them can read your data.
Now, this doesn’t necessarily mean that the service knows nothing about your data. Depending on how any particular service works, they may still have access to:
- Billing information (name and anything else you provide when registering)
- Metadata like when you log on or off the system, your IP address, and other personally identifiable information
- Who you share encrypted files with
- The names of files or folders containing your encrypted data
This means you need to think carefully about the threats you want to protect your data against and how the country it is located in affects those threats (your threat model) before choosing a service.
Does the country where my data is stored matter?
You need to be aware that the country your data is stored in is not always the same as the country your cloud storage service is located in. For example, Sync.com is based in Canada. It also stores your data there. MEGA, on the other hand may store your data in their home country, New Zealand, or in unspecified European countries that “have an adequate level of protection under Article 45 of the GDPR,” with their decision on which location to use being based on your physical location.
As with the country the service is based in, the country where your data is stored matters. Local laws govern the servers your data is stored on. Imagine that some hypothetical secure cloud service was headquartered in Switzerland, but they stored your data in China (perhaps the least privacy-friendly country in the world). China’s horrible privacy laws would apply to the servers containing your data, despite the company itself being under the privacy-friendly laws of Switzerland.
Even though your data is protected by the encryption you control, all other things being equal, it makes sense to look for a service that is both based in, and stores your data in, a privacy friendly jurisdiction.
What is the best approach to data security for cloud storage?
Now we need to talk about different approaches to ensuring your data is secure in a cloud storage situation. There are three states we need to look at: your data in transit, your data at rest in the cloud, and your data at rest on your device. Data in transit is data that is moving between you (your computer, smartphone, or web browser) and the servers where it is stored. Data at rest is data physically stored somewhere.
Data in transit
Data in transit needs to be protected against anyone who manages to intercept it while it it traveling between you and the cloud servers. Most services use TLS/SSL encryption to secure data transmitted over the Internet. This encryption gets applied before your data begins to transit the Internet and is removed when your data arrives at its destination.
Note that TLS/SSL only protects your data while it is in transit. Once your data arrives at its destination, the TLS/SSL encryption is removed. Unless the data is encrypted before the TLS/SSL is applied, the recipient will be able to read the data as soon as TLS/SSL is removed. This kind of encryption is strictly for protecting data in transit. We need some other encryption solution for data at rest.
Note: Data can be in transit in two different environments: in public networks like the Internet, or in private networks like your LAN or your company’s private network. In general, a private network should be a more secure environment for your data than the public Internet. Some secure cloud services allow you to create your own secure server within your own private network so your data isn’t exposed to internet-based risks at all.
Data at rest
Data that is at rest is data that is being stored somewhere. When you store your data with a cloud storage service, your data will be at rest in the service’s servers. For that data to be secure, it must be protected from unauthorized access. This protection can be physical and procedural: the servers are in a secure location, with no unauthorized persons allowed access to it. Many cloud storage services offer this type of security.
The problem with this type of security is that you need to trust the cloud service to keep your data secure. If their security procedures fail, or if someone breaks into their secure location, your data could be exposed. Even if the service does everything perfectly, local authorities can force them to provide access to your data in defiance of company policy.
A more secure solution to the data at rest situation is to encrypt the data before storing it on the cloud servers. That way, the only people who can read the data are the ones that know how to decrypt the data sitting on the server. This is typically done using AES-256 or some similarly powerful encryption algorithm.
Combining TLS/SSL encryption for data in transit, with AES-256 or similar encryption of the data at rest, and that sounds like a complete encryption solution. But is it really?
Who holds the keys to your data?
The most convenient way to do things is to have the cloud storage service handle the encryption / decryption of your data. The TLS/SSL provides security for your data while in transit, and the encryption they apply once the data arrives protects it while on their servers. But you still have to count on the service to protect the security of your data.
The most secure approach is for you to control the encryption keys for your data. You encrypt the data before it leaves your device using encryption keys that never leave your device. Then you device encrypts it again with TLS/SSL before sending it to the server. At the server end, they strip off the TLS/SSL encryption, and store your data, which is still protected with the encryption you control. Since the service never sees your keys they can’t decrypt your data no matter who leans on them to do so.
With a design like this, you don’t have to trust anyone else to take proper care of your data. You just need to be able to trust the service’s client not to share your keys with the service itself. That is a risk, but if the cloud storage service uses open source clients and is reasonably popular, you can feel safe. That’s because any hanky-panky carried on by the client app will likely have been exposed by someone who decided to investigate the code.
We also need to talk about the security of data stored on your device. Many cloud storage services store you data in unencrypted form on your device. If someone gets access to your device, they get access to your data too.
One service that specifically addresses that problem is NordLocker. With NordLocker, your data is stored encrypted even on your own device. The only way to decrypt the data is to log into NordLocker. Storing the data encrypted at rest on your device provides an extra layer of security.
A system like this, where only you can encrypt/decrypt your data, is called end-to-end encryption. Unless you are considering a service where you can host your own data on your own secure private network, you need some form of end-to-end encryption for the best security.
Why should I pay when I can get a free account?
In times like these when money is tight it can be very tempting to use a free secure cloud storage account. Even so, there are several good reasons to pay for your secure cloud storage. They include:
- Functional limitations – Free accounts never have all the capabilities of paid accounts. Usually you are limited in the amount of data you can store with a free account, the amount of data you can upload and download in a month, or you are limited in the amount of time you can use the free account.
- Support limitations – Most free accounts provide limited customer support. They often force you to ask questions or look for help in discussion forums where free users try to help each other.
- Limited features – Paid accounts frequently offer additional features that free users don’t have access to. File version tracking (or tracking for longer periods of time), enhanced security features like 2FA, and business-oriented features like onboarding and collaboration tools, are just a few of the features that you’ll only get with a paid account..
Whenever possible you should test a service using a free account. No point in spending money then finding out the service doesn’t meet your needs. But once you are sure it does meet your needs, I urge you to get a paid account. , if your data is important enough to need secure cloud storage, it is worth investing in a paid plan. Besides, the more paying customers a service has, the more likely it is to still be around in the future.
Should I use a VPN with my secure cloud storage service?
Short answer is a resounding YES! Secure cloud storage services protect your data from outsiders. But that doesn’t mean they won’t collect some personal data on you anyway. Many cloud storage services log information about your activities on their system. Things like when you log on, how long you stay logged on, along with your IP address.
Gathering your personal data and tying it to your IP address can be useful for the service. But it offers no benefits for you and even some potential risks. If you use a VPN to connect to a secure cloud storage service, the service will record the IP address of a VPN server instead of your IP address. Since each VPN IP address is typically shared by tens or hundreds of users, it will go a long way toward protecting your privacy as you use the storage service.
See our list of the best VPNs here.
Wrapping up the best cloud storage services
This concludes our roundup of the best cloud storage services that do well with both privacy and security.
They may not be as famous or easy to use as Google Drive, or sync with third-party services the way OneDrive does. Still, the secure cloud storage providers we recommend in this guide offer enhanced security in this world where your data may be the most valuable commodity you own.
You should read through the short summaries of the top-notch services we’ve listed here. When you find one you like, follow the link to our full review, then sign up and give it a good workout for a few weeks. Do this work now and you will soon be still taking advantage of the best cloud storage for your needs and securing your private data better than ever before.
To learn more about these and other secure cloud storage solutions, you can check out these reviews:
- Tresorit Review
- MEGA Cloud Review
- Sync.com Review
- Nextcloud Review
- IDrive Review
- pCloud Review
- SpiderOak Review
- NordLocker Review
This secure cloud storage review was last updated on August 11, 2021.