Cloud Storage Security Comparison
Every cloud storage service claims that keeping your data and documents safe is their top priority. But can you trust them?
Every cloud storage service claims that keeping your data and documents safe is their top priority. But can you trust them?
Based on publicly available information. If you have an update or suggestion for the comparison table, please let us know at firstname.lastname@example.org.
There are plenty of people who want to and are able to steal your data for their benefit and your demise. Hackers, scammers, careless or malicious employees, unethical cloud service staff, and curious government agencies have all been caught compromising confidential data in the cloud. Dropbox, Box, Google Drive and others claim that your data is “safe”, but they don’t protect your files the way we do. They may encrypt your data but they have the encryption key and the files get decrypted on their servers every time they are accessed. Their administrators can see your files, and so can anyone who manages to gain access to their systems.
Tresorit's end-to-end encryption technology secures your files on your device with some of the highest grade encryption methods available and your files can’t be decrypted in the cloud. This makes them safer than “safe”. No one else has the decryption key, not even Tresorit administrators. Only you and those who you share with have access.
Is your cloud storage secure?
For all the advantages of the cloud, there are some security vulnerabilities too what you have to be aware of.
Use end-to-end encryption
Unlike other services, Tresorit never stores files and passwords in unencrypted or unhashed form.
Tresorit provides a novel approach to secure cloud storage by using end-to-end encryption. We believe you should never have to ‘trust’ a cloud server. With Tresorit you don’t need to.
Using end-to-end encryption, Tresorit encrypts every file and relevant metadata on your devices with unique, randomly generated encryption keys. These keys are never sent to our servers in unencrypted format. Accessing files is only possible with a user’s unique private decryption key. Also, unlike other services, Tresorit never transmits or stores files, encryption keys and user passwords in unencrypted or unhashed form. Due to the strength of Tresorit’s end-to-end encryption and security, breaking this protection would take several human lifetimes. This is why we can never recover forgotten passwords, or hand over your data without your consent in case of a legal inquiry.
Most data management regulation sets a minimum “key strength” of encryption at rest on the provider’s servers and in transit. However, neither protective layer guarantees your provider will keep your data safe in case of a bug, subpoena or the data collection by a government agency.
Encrypting data before it leaves your device prevents your provider - or anyone with access to their systems - from viewing the files you store or share. It is the only known protection against your own service provider, ensuring it cannot comply with subpoenas or government surveillance.
Edward Snowden’s revelations about government spying showed that storing data with US-based providers opens ways to access your data without your consent or knowledge. Strict privacy law in the European Union or Switzerland grants you much higher legal and practical protection. Being disaster proof and protected by 24/7 physical security, Tresorit's datacenters are also compliant with HIPAA, ISO27001:2013 and a host of other certifications.
Access files anywhere securely
Tresorit's mobile apps come with built-in end-to-end encryption and additional control features.
The need for accessing company documents anywhere often motivates the move to the cloud. The question is – do you need to edit files or collaborate on the road? Or are you content with only working from the office computer? With Tresorit, you can enjoy enterprise-level data security from any mobile devices or browser. Using Tresorit's browser version and mobile applications, you can access and edit files offsite, where no company computers are available. This also lets you support a Bring Your Own Device policy to provide access on devices that don’t belong to the company. With the remote wipe feature, you are able to run the risk of losing devices which store important data, by remotely deleting any confidential files store in Tresorit.
Tresorit mobile apps are available for iOS, Android, WindowsPhone and Blackberry and have a high rating by users highlighting the advanced security and ease of use. Use Tresorit's mobile apps, to:
With Tresorit, you can work securely from anywhere you want, across offices, and on the road. Upload and access your files with zero-knowledge encryption from any desktop and mobile device using Windows, macOS, Linux, Android, iOS, Blackberry and Windows Phone.
While some providers don’t allow you to edit files on mobile devices, with Tresorit you can open and edit any files on your phone or tablet.
Additional layers of security is added to all Tresorit accounts to prevent unauthorized access in case a device is lost or stolen. This includes 2-Step Verification, a passcode lock and the ability to wipe a data remotely.
Share files securely
Tresorit makes secure file sharing easy with anyone inside and outside your company
Some businesses only need to backup their data and access it occasionally on the road. But when you work with colleagues on the same file, looking through dozens of email attachments to find the latest version can get old. Tresorit's patented end-to-end encryption technology protects your files whenever they leave your device. Only you and those who you share with can access the content.
Granting limited access to some collaborators can mean the difference between a breach and smooth collaboration. Modifying or revoking permissions at a moment’s notice ensures you react to changing circumstances. User roles define the set of permissions granted by the owner of the tresor to invited users with whom the tresor is shared. Each invitee can be granted a role among the set of manager, editor or reader. As different roles allow rather different user actions in relation to the shared tresor, it is vital to think carefully about what role a user might be granted. In order to maximize customizability, user roles can be changed by the owner of tresor at any time.
Set up shared team folders and decide who can manage, add, edit or view your data. Your team can securely access up-to-date files via browser, any desktop or mobile device - no matter where they are.
Create download links to share files or folders with people outside your company. Keep control with download limits, expiration dates and password protection. Replace email attachments with these secure links, so you can undo mistakes and restrain access by revoking the link.
When collaborating with others, seeing who’s doing what at a glance is useful, especially for larger teams. Services often couple this activity history with version history, so you can roll back to any previous version of a file easily.
Tresorit Digital Rights Management (DRM) adds an extra layer of protection to files stored in Tresorit. From DRM enabled tresors, Editors and Readers are prevented from saving, printing, copying or taking screenshots of DRM protected files. Further, to prevent accidental disclosure of confidential DRM files, a DRM protected file attached to an email cannot be opened.
Keep control of your files
With Tresorit, you can define when, where, and by whom your business data can be accessed
Employees often put business data at risk by bringing their own, uncontrolled file storage and sharing solutions to the workplace. Using Tresorit can help you re-establish your control over critical & confidential data. Tresorit also lets you to have an activity & audit trail to your data to make sure you can comply with regulations or legal requests.
With Tresorit's administrative control, you can limit access to business data for certain employees or teams in your organization, while working with a team distributed across locations and active on several devices. The access policies combined with the granular sharing permissions let you ensure, that for instance, salary files can only be accessed by HR, accounting and the management, and it won't get to unauthorized hands.
When managing a team or business, it’s imperative to see important stats like logins, devices used and accessed documents at a glance.
Assigning users to different groups can help to control access to business data across your organization.
Deciding which devices should be used, and where users are allowed to log into the company account helps you to safeguard business-critical documents.
The key benefit to having users in your Admin Center is that you can monitor their activity, while controlling what they can, and can’t, do. For example, under GROUPS and POLICIES, you can restrict devices used to access Tresorit, enforce 2-Step Verification, setup IP filters, turn off the ability to create Encrypted Links, deactivate “Remember me,” turn-off Sharing, prevent tresor creation, deactivate synching, and enforce Timeout policies. New settings are regularly being added to GROUPS and POLICIES, so be sure to familiarize yourself with this aspect of Tresorit.
Once a policy is created under GROUPS and POLICIES you can assign it to individuals in your account under USERS and DEVICES. For every user there can be a unique policy. The rules set up under GROUPS and POLICIES can be changed at any time.
Additionally, from the Admin Center you can remove and add users as needed, and within seconds. If a user loses a device, you can remove their account by unlinking it; this immediately results in the account being logged out. For mobile devices removing a user also performs a remote wipe, deleting all locally stored files.
How does Tresorit compare to other cloud storage & sharing services?
Tresorit makes it physically impossible to access your files without your authorization.
Don't let Dropbox and others decide who can see your files. With end-to-end encryption you don't need to blindly trust your cloud provider. It would take a 1000 years to break the encryption of Tresorit.
Dropbox, Box, Google Drive and others claim that your data is “safe”, but they don’t protect your files the way Tresorit does. They may encrypt your data but they have the encryption key and the files get decrypted on their servers every time they are accessed. Tresorit's zero-knowledge end-to-end encryption technology gives you maximum protection and still lets you comfortably share, collaborate, and stay productive. Without zero-knowledge technology security is a real problem. Unsecure cloud storage services leave you at risk of harm and how the unbeatable security of Tresorit keeps you safe.
Dropbox, Box, Google Drive and others became popular years ago, when data security threats were not as prevalent as they are today. They claim that data is “safe” with them, but they don’t protect your files the way we do. They may encrypt your data but they have the encryption key and the files get decrypted on their servers every time they are accessed. Their administrators can see your files, and so can anyone who manages to gain access to their systems.
Using Tresorit your files will be completely secure. End-to-end encryption means you hold the keys to your data. You have total control over shared documents.
Tresorit’s main difference compared to Dropbox, and other mainstream cloud storage services, is the ability to turn any folder on your device into a secure “tresor.” What this means is that you do not have to drag and drop files into a special sync folder. Instead, you can drag any folder from its existing location on your computer into the Tresorit app to “tresor it.” This is especially convenient if you’re digitally organized and you’d prefer not to rearrange your files into one sync-able folder.
Only a few providers offer client-side file encryption. The most popular is SpiderOak. But, SpiderOak has two main flaws:
Additionally, SpiderOak is not zero-knowledge when used on mobile devices or a web-browser. By using so-called convergent cryptography, they sacrifice confidentiality to save storage space. Convergent algorithms enable SpiderOak to determine when your content matches the content of others in the cloud. This can leak valuable information about you to outside observers. Read more about how Tresorit compares to SpiderOak.
Services like Sookasa, Viivo, BoxCryptor and Ncrypted cloud have three main disadvantages when compared to Tresorit:
Tresorit encryption takes place in the background. There’s no margin of error, as users don’t have to lift a finger. It’s also easy to share files securely with others, even if they don’t use Tresorit.