For anyone seeking the highest levels of privacy and security for any data stored upon the cloud, a cloud storage provider utilising secure, zero-knowledge encryption which is applied by default is, without doubt, one of the best ways to go.
In a nutshell, a cloud storage service making use of secure zero-knowledge encryption will ensure that all data is securely encrypted before it ever leaves a user’s local device and will remain encrypted the entire time it is stored. Once stored upon any cloud storage server in this encrypted form, data will remain protected and shielded from misuse by the cloud company and their employees (or any other form of unauthorised access) until it is downloaded again by the intended account holder with the correct decryption key.
Whilst, in theory at least, all data stored upon third-party cloud storage services is potentially vulnerable to various dangers including cyber security breaches, data theft, preying eyes and unauthorised modifications, zero-knowledge encryption has proved itself as one of the most effective methods of mitigating such data security issues.
In this specialist encryption-focused cloud storage guide, I will be looking at the use of zero-knowledge encryption and how it can be a game changer in securing important data stored upon the cloud. I will then be listing some of my favourite encrypted cloud storage services which feature zero-knowledge encryption towards the end – Let’s go.
- Zero-knowledge encryption
- Secure file sharing tools
- iOS & Android apps
- 5GB Free account
What is Zero-Knowledge Encryption?
When referring to Zero-knowledge encryption, this concerns the process whereby all data is encrypted (scrambled) upon a client’s local device before it leaves said device to be stored elsewhere. In the case of this guide, this would see the data stored being upon a cloud storage service, but this same concept could also apply to any other storage medium including external hard drives, USB flash drives and network attached storage (NAS).
By securely encrypting all data before it leaves a local device, we can be sure that if this data is ever compromised during its time in cloud storage (e.g. it could be stolen or subject to unauthorised access attempts by rouge IT staff), then the data itself will always remain private. This is achieved thanks to the zero-knowledge encryption techniques applied before the data was sent to the cloud which ensures it will remain in this encrypted state the entire time it is stored away from the user’s device (with the original owner being the only one with access to the decryption key).
Top 5 Free Backup Software Choices:
Below is a quick look at the top 5 backup software solutions mentioned in this guide, scroll down for the full and detailed list of free backup software titles.
| Provider | Solution | Pricing | Website | |
|---|---|---|---|---|
| 1 |  | Proton Drive | 5GB Free / 200GB from €3.99/m | |
| 2 |  | Sync.com | 5GB Free / 150GB from $3.50/m | |
| 3 |  | MEGA.IO | 20GB Free / 200GB from €3.33/m | |
| 4 |  | Internxt | 1GB Free / 1TB from €1.99/m | |
| 5 |  | Nordlocker | 3GB Free / 500GB from $2.99/m |
Whilst the zero-knowledge encryption of data could take place with a varying number of different encryption technologies which are available as of today, the use of AES 256-bit encryption is widely considered as the de facto gold standard choice by providing the best balance between high security encryption whilst also minimising any performance overhead issues which often come with the encrypting and decrypting of data. As such, AES 256-bit encryption has proven itself to be a leading choice for delivering secure, zero-knowledge encryption amongst many popular cloud storage providers.
NB – The use of strong, zero-knowledge AES 256-bit encryption is one of the best ways of securing any files which are stored upon the cloud. This level of encryption is virtually impossible to break and ensures that, even if the security of your cloud storage provider is compromised, data will remain safe and unreadable.
As well as providing secure encryption of any data which is initially sent to cloud storage, zero-knowledge encryption can also be useful from a usability standpoint given that many cloud storage services now implement such technology by default. This means that these encryption-focused services will automatically encrypt and decrypt data automatically as it enters or leaves an authorised device via the cloud providers own website or apps.
Whilst it would be possible to make use of third-party encryption tools (such as Cryptomator) and pre-encrypt any important files before they are uploaded to cloud storage, a service with the zero-knowledge encryption technology built-in to any desktop or web-portal software helps to make the whole encryption and decryption process much easier to manage.
NB – Whilst utilising a cloud storage provider with built-in zero-knowledge encryption technology is often much simpler than employing a third-party solution, it does bring with it the potential risk that the encryption technology could be compromised or weakened. With this in mind, always be sure to only make use of trusted and reliable cloud storage providers (such as those reviewed further down in this guide) or look for services which make their software open source meaning the IT security community can verify it works as intended.
Zero-Knowledge vs End-to-End Encryption
Zero-knowledge encryption and end-to-end encryption, whilst different on a technical level, often go hand-in-hand when it comes to assessing secure cloud storage services. Zero-Knowledge encryption, as already discussed, simply means that any data is encrypted on a local device with only the original data owner knowing the encryption password before it is sent to another medium for storage (such as the cloud). End-to-end encryption, on the other hand, refers to the process of keeping data secure and encrypted the entire time it is in transit between two devices such as a local computing device and a cloud storage server.
Whilst these two terms (zero-knowledge encryption and end-to-end encryption) are sometimes used together or even interchangeably, it can sometimes be hard to work out exactly what is being offered in relation to secure cloud storage services.
Some cloud storage services do offer end-to-end encryption on the basis that they encrypt all data as it is sent to and from the cloud service and also when it is stored at rest upon their own cloud storage servers. In some cases, the cloud provider will also control (or manage) the encryption keys on behalf of their users in such scenarios meaning that (technically speaking) they also have access to the contents of the files (meaning such a service could be classed as encrypted cloud storage, but it will not be zero-knowledge encryption in such cases).
Zero-knowledge encryption, on the other hand, ensures that data is always encrypted using a key only the original owner of the data will have knowledge of and is done so on a local device before any data is transmitted to the cloud. This means, even if the cloud storage service doesn’t make use of encrypted data transit or encrypted storage servers themselves (or it is in-use, but in some way compromised), all data will still remain safe and secure given it is already encrypted before it leaves the local device.
NB – When making use of true zero-knowledge encryption which sees data encrypted on a local device before being stored elsewhere, all services will effectively then become end-to-end encrypted by default. Other services might encrypt all data whilst it is stored upon their own cloud storage servers, but if they manage the key on behalf of their users then such data is less safe than data secured by the original user on their own device beforehand.
Zero-Knowledge Encryption and Privacy Issues
Whilst we have already established that zero-knowledge encryption is extremely useful for protecting the security and integrity of any data which is stored upon the cloud, it is also a useful tool in helping to maintain user privacy along the way.
Whenever a file is encrypted, it will no longer reveal any details about its contents due to all information pertaining to the file being scrambled. On the other hand, when a file is stored in an unencrypted state, it will often have associated meta-data stored alongside it which could not only compromise the security of the data itself, but also the privacy of the owner of the file as well.
For example, a photograph taken on a smartphone might also include a date, timestamp and GPS coordinates which are stored alongside the image itself. Whilst this additional meta-data could prove very useful in certain circumstances such as organising holiday photographs, it also has the potential to reveal a user’s location which might otherwise be kept secret when using zero-knowledge encryption.
This is, of course, just one example of how the privacy of the individual can be directly related to the contents and meta-data associated with files which might be sorted in the cloud. Whilst a provider making use of end-to-end encryption and managing the encryption keys for their users will be of a big help in mitigating such risks, only the use of zero-knowledge encryption will help to remove such privacy risks completely.
Encrypted Cloud Storage FAQs
Zero-knowledge encrypted cloud storage provides users with the ability to securely encrypt all of their data on a local device before it is stored upon the cloud. This approach ensures that the data remains encrypted at all times whilst being transferred to and stored upon the cloud service and that no-one except the original data owner will have access to it.
In general, most cloud storage which is offered by reputable cloud operators remains safe to use. With that being said, the application of secure zero-knowledge encryption provides an additional layer of data protection when storing data in the cloud and can help protect against potential issues including cyber security threats which even reputable cloud providers could become subject to.
Zero-knowledge encryption is a very important concept in that it provides some of the most secure means of securing data which is realistically possible. This method of encryption, which relies on the owner of the data holding their own encryption keys (or passwords) is more secure than encryption managed by a third-party provider in that no-one except the original owner of the data ever has possession of the encryption key. This means a cloud storage service providing zero-knowledge encryption will always remain superior in terms of security architecture versus one which simply offers “end-to-end encryption” with the key centrally managed by the provider.
In a true zero-knowledge cloud storage environment, forgetting the master password for the account will result in permanent data loss. Some cloud providers will allow recovery of the account in such cases, albeit this will effectively become an empty (new) account given the encrypted data will need to be removed. Some encrypted cloud storage providers provide users with the option to store safely a recovery key (sometime this is a QR code) meaning that access to the data is still possible in cases where the password is lost or forgotten.
NB – The obvious drawback to a recovery key is security. Anyone who finds it can potentially access and decrypt your entire cloud drive. If you use a recovery key, store it securely offline (like in a physical safe or an offline password manager).
Technically speaking, whilst network speeds will not be subject to change when moving encrypted files, the upload or download process might feel slightly slower than when working with unencrypted files. This slowdown (which is, in my own experience, usually minimal) is due to the device in question having to encrypt or decrypt the files as they are moved to or from the cloud storage service (a process which requires the device to work harder than it otherwise would making it seem slower as a result).
While closed-source software can technically be just as secure, open-source providers are generally preferred by privacy advocates because they can build trust with their users more easily. Because their underlying code is entirely public, independent cybersecurity experts and the wider IT community can constantly inspect it to verify that the provider’s security and encryption claims are true. One the other hand, with closed-source solutions, you have to trust that the provider in question is practising what it preaches behind closed doors.
Yes, all cloud storage services could potentially become victims of hacking attacks and cybercrime, potentially exposing personal and private data as a result. With this in mind, it is always advisable to make use of cloud storage with secure zero-knowledge encryption in place by default as this will effectively mitigate any damage in relation to sensitive user data falling into the wrong hands.
Generally speaking, the default security measures available from most reputable cloud storage providers will be sufficient for many typical users and many common cloud storage use-cases. If, however, you do want additional protection for any data which is stored in the cloud then a service offering zero-knowledge encryption which is enabled by default should be prioritised.
Top 7 Encrypted Cloud Storage Services
This section features some of my favourite cloud storage services which feature zero-knowledge encryption embedded and applied by the service by default. In addition to this core zero-knowledge encryption, I have also highlighted various other security features including secure link sharing options, multifactor authentication and advanced recovery options alongside secure collaboration tools when applicable.
Remember, any ratings given below reflect my own opinions and are intended only for use as a guide. Always be sure to check the details for any encrypted cloud storage providers before making a purchase and, if possible, always try and make full use of any free trials before making a decision.
1) Proton Drive
Proton Drive is a cloud storage service from the developers of the now popular privacy-focused email service, Proton Mail. This is a highly privacy and security focused cloud drive service offering which, amongst employing many other leading security features, provides zero-knowledge encryption for all data stored upon the service by default.
Based in privacy friendly Switzerland and employing some of the latest and most secure encryption technologies available (including the use of OpenPGP and elliptical curve cryptography), combined with fully open-source apps and encryption libraries, it is clear that Proton Drive values greatly the privacy and security of their user’s data.
Other security related features available within Proton Drive include secure file sharing links, the encrypting of both file names and contents (for additional security versus encrypting only file contents), sophisticated encrypted file search functionality plus the ability to make use of downloadable recovery files for helping maintain access to the Proton account itself.
Security features aside and Proton Drive provides access to their Drive service by an easy-to-use web portal, native apps for iOS and Android devices alongside desktop software available for Windows and Linux users which allows Proton Drive to be mapped locally. Additional functionality includes advanced file sharing which includes sharing usage monitoring, password protection and automatically expiring links alongside support for automatically backing up photos from smartphone devices.
- Get 5GB free storage
- Zero-knowledge security
- Secure file sharing
- iOS & Android Apps
- Desktop file syncing
- Open source software
- Proton Docs & Sheets
- AES 256-bit encryption
- 2FA Authentication
- 200GB from €3.99/m
Proton Drive offers a 5GB free plan which makes for a great way to test this service out. An upgraded 200GB plan is available from €3.99 per month (when paid annually) alongside the Proton Unlimited plan providing 500GB (alongside several other Proton services including Proton Mail) priced from just €7.99 per month (when paid bi-annually). More information on Proton Drive can be found via the official Proton Drive website.
2) Sync.com
Sync.com is a highly privacy-focused cloud storage provider which employs powerful zero-knowledge encryption on all data stored upon the service by default.
Sync.com maintains these high levels of data privacy and security by ensuring all data is automatically encrypted on the client’s device before data transfer begins. This means, when using Sync.com, all data remains encrypted the entire time it is stored upon the cloud and isn’t ever decrypted again until it is retrieved back from the service by the original owner.
Other useful security additions found at Sync.com include the ability to further protect the entire account itself with multifactor authentication (2FA) and enable up to 365-days of historic file versioning which can effectively aid in protecting against malware and ransomware attacks. Also available from Sync.com are advanced file sharing tools with advanced file permissions, the ability to remotely wipe devices with the Sync.com desktop software installed alongside support for full GDPR compliance being observed.
Moving past the data security aspects of Sync.com and we see a service with many other useful features and functions making it suitable as an everyday cloud drive service. Additions include secure file sharing and collaboration tools, up to 365-days of historic file versioning, apps for iOS and Android plus software for Windows and Mac, file deduplication technology plus Microsoft Office 365 integration amongst other additions.
- Get 5GB free storage
- Zero-knowledge security
- AES 256-bit encryption
- Desktop file syncing
- iOS & Android Apps
- Open source software
- Secure file sharing
- Up to 180-day history
- 2FA Authentication
- 150GB from $3.50/m
Sync.com is competitively priced with personal accounts starting from just $3.50 per month for 150GB and $12 per month for 1TB (paid annually) with unlimited data transfer included. Other plans for both personal and business use are also available offering up to 10TB of cloud storage with a 30-day Pro trial or a completely free-to-use 5GB plan – more information on Sync.com plans can be found via the official Sync.com website.
3) MEGA (MEGA.IO / MEGA.NZ)
MEGA is well known as a long-standing provider of privacy and security-focused cloud storage. This is a cloud storage service which prides itself upon offering some of the highest levels of cloud security via zero-knowledge encryption of all data which is uploaded to and stored upon the service by default.
Whilst the full, end-to-end encryption of all data stored upon MEGA by default makes this a very secure and privacy focused service, MEGA continue to raise the bar by offering plenty of other privacy and security related features right out of the box. Also provided by a MEGA account is support for multifactor authentication (2FA), secure file sharing and team collaboration functionality, up to 365-days of file version history (which can be useful for mitigating malware and ransomware damage) plus secure and encrypted web and video chat services to boot.
Security and privacy features aside and it’s clear that MEGA have made great efforts in recent years to add additional functionality over and above the core cloud storage offering for which they are now well known. Additional tools and features now include s3 compatible access protocols (for Pro I plans and higher), a fully featured password manager, a privacy-focused VPN, desktop software for MacOS, Windows and Linux (which support both automatic file backup and synchronisation) plus apps for iOS and Android devices with automatic photo uploads available. MEGA also provide browser plug-ins for enhanced use of the web-based portal alongside command line integration allowing more advanced access to the service.
- Get 20GB free storage
- Open source software
- Zero-knowledge security
- Password manager + VPN
- Desktop file syncing
- iOS & Android Apps
- Secure file sharing
- Up to 60-day history
- 2FA Authentication
- 200GB from €3.33/m
MEGA is priced form just €3.33 per month (when paid annually) for the entry level 200GB plan with plans up to 20TB also available alongside business focused offerings. A generous 20GB free plan is also available making for a great way of testing MEGA out. More information on all MEGA plans can be found via the official MEGA website.
4) Internxt
Internxt has proved itself as an impressive cloud storage service which has been built with the highest levels of user privacy and data security in mind from day one. This approach to cloud storage sees the Internxt service incorporating secure, zero-knowledge encryption for all data which is stored upon the service by default.
Privacy and data security are clearly two core concepts around which the Internxt ecosystem operates and, in-turn, concepts which ensure all data is securely encrypted with AES 256-bit the moment it is uploaded to the Internxt cloud. All data stored upon Internxt remains securely encrypted with only the account holder able to decrypt and access file contents when retrieving said data back to an authenticated device (a device with the Internxt software installed or via use of the Internxt web portal).
Other notable features of Internxt includes native iOS and Android apps (featuring automatic photo uploads), desktop software for MacOS, Windows and Linux alongside secure file sharing tools with password protected sharing available alongside multifactor authentication (2FA) ensuring account access is as secure as is reasonably possible.
Moving beyond this core cloud drive offering and it is great to see that the Internxt service has evolved in recent years to now offer premium account holders the use of a fully-featured antivirus solution, a VPN, a device cleaning utility plus a large file sending service amongst several other new additions. Internxt themselves operate as a fully GDPR compliant business which helps to maximise user privacy whilst electing to make their key software products open-source allows for greater transparency of the service itself.
- Get 1GB free storage
- Secure file sharing
- Open source software
- Zero-knowledge security
- Antivirus + VPN
- Desktop file syncing
- Up to 30-days file history
- iOS & Android Apps
- 2FA Authentication
- 1TB from €1.99/m
Multiple Internxt plans are available with the Essential plan providing 1TB of cloud storage alongside other premium Internxt features from just €1.99 per month (paid annually). Other plans featuring up to 5TB of cloud storage are available as are lifetime plans which see access to the Internxt ecosystem for a one-off price starting at just €380 for 1TB. More information on all Internxt plans can be found via the official Internxt website.
5) NordLocker
NordLocker is a highly security and privacy-focused cloud storage service which ensures all data uploaded to the service is protected by secure, zero-knowledge encryption at all times by default.
Whilst NordLocker does provide secure AES 256-bit zero-knowledge encryption of all data via both the NordLocker desktop software and the easy-to-use web portal, it is the desktop software which really makes NordLocker stand out as a great cloud choice. Not only does this desktop software make working with encrypted cloud files on any supported device really easy, it also allows for the option of storing of files on the cloud which are then streamed to the device on demand (helping to maximise locally accessible storage on the device in-use).
Moving on past the main security related features of NordLocker and we see a service providing many other great features including secure file sharing, apps for both iOS and Android, folder synchronisation, multifactor authentication (2FA) plus useful browser plugins amongst various other useful additions.
- Get 3GB free storage
- Zero-knowledge security
- Secure file sharing
- Desktop file syncing
- Inc. Password manager
- iOS & Android Apps
- 2FA Authentication
- 500GB from $2.99/m
NordLocker is priced from $2.99 per month for 500GB of secure cloud storage with a 2TB plan also available from $6.99 per month (both billed annually). Multiple business plans with up to 2TB per user are also available as is a 3GB free account for all new users. More information on NordLocker can be found via the official NordLocker website.
6) Tresorit
Tresorit is a solid cloud service with a very clear commitment to providing some of the highest levels of user privacy and data security by encrypting everything stored upon the cloud by default.
Based in privacy friendly Switzerland, Tresorit handle all data to very strict privacy standards alongside all of their user’s data being subject to strong zero-knowledge encryption using AES 256-bit encryption at every stage whilst it is sent to, retrieved from and stored upon the cloud.
Other security related features of Tresorit include secure file sharing and collaboration features with password protection and user rights options included, multifactor authentication (2FA), email encryption plugins plus up to 100 historic versions of files being kept for enhanced malware and ransomware-related damage mitigation.
Security features aside and Tresorit also performs very well as a cloud storage service in its own right. This sees the service offer features including smartphone apps for iOS and Android (with automatic photo uploads), Gmail and Outlook plugins, a useful web browser interface plus desktop software for Windows, MacOS and Linux devices.
- Zero-knowledge security
- Secure file sharing
- Desktop file syncing
- iOS & Android Apps
- Up to 25x file versions
- Up to 10GB file support
- Remote drive wiping
- 2FA Authentication
- 50GB from $4.75/m
Tresorit is available from $4.75 per month on the Personal Lite plan (when paid annually) which features 50GB of encrypted cloud storage with upgrade options up to 4TB available. Various business plans are also offered as is a 14-day free trial. More information on all Tresorit plans can be found via the official Tresorit website.
7) pCloud
Since being founded all the way back in 2013, pCloud has been continuously evolving into what is now a top-rated cloud storage service and a strong favourite for many. This is a service which provides very high levels of data security and user privacy thanks to support for zero-knowledge encryption alongside their adherence to strict Swiss privacy laws and regulations as an organisation.
One of the key security technologies available within pCloud is the Crypto Vault service, a separated area of the pCloud account which, once activated, provides full zero-knowledge encryption of all data using strong AES 256-bit encryption between a local device and the pCloud servers (and is available via the web browser interface, smartphone apps plus the pCloud desktop software).
NB – The pCloud Vault is a separate area of the pCloud account to the regular cloud storage area. This means to take advantage of full zero-knowledge encryption within pCloud, this separate “Vault” folder must be utilised.
Other security related features of pCloud include up to 30-days of historic file version history being kept by default (which can prove a helpful mitigation tool for malware and ransomware-related incidents), multifactor authentication (2FA) for protecting the account itself plus a secure file sharing service with options for both automatically expiring links and password protection amongst various other security related features.
Moving past the many security related aspects of pCloud and we see the service itself also offering many great cloud features including virtual drive mapping, automatic file synchronisation, no restrictions on file sizes, unlimited file upload speeds, local device backups, automatic photo uploads plus convenient multimedia playback from within the web-based (browser) portal itself.
- Get 10GB free storage
- Zero-knowledge security
- 2FA Authentication
- Desktop file syncing
- Secure file sharing
- Auto photo uploads
- iOS & Android Apps
- 30-day version history
- 500GB from $49.99/yr
pCloud is priced from just $49.99 per year for the entry-level 500GB plan with personal plans up to 10TB also available. Family plans allowing up to 10TB of cloud storage across up to 6 users are also available as are business plans providing up to 6TB of cloud storage form just $7.99 per month / per user (paid annually). More info on all pCloud plans, including the generous 10GB free plan, can be found via the official pCloud website.
8) iDrive
iDrive is a well-known cloud provider with multiple cloud storage products now available. This includes services offering secure device backup functionality combined with full, end-to-end encrypted cloud storage together in a single, easy to use and cost-effective service.
NB – iDirve supports full zero-knowledge encryption when enabled upon the account at point of creation!
iDrive ensures high levels of data security across their entire service by automatically applying zero-knowledge AES 256-bit encryption to all files locally before they are sent off to the iDrive cloud (with iDrive having no knowledge of the encryption key nor the key being stored upon their servers at any point). This highly secure approach ensures maximum privacy is maintained at all times and that all data remains encrypted throughout the whole time it is stored upon the cloud (meaning no one, including iDrive employees, can see the stored file contents).
Security features aside and it should be noted that iDrive offer a very competitive cloud service in many other areas as well. Features of the personal cloud plan include up to 50TB of cloud storage, real-time device backup with additional support for disk imaging and NAS backups, virtual drive mapping software, disk cloning utilities, advanced file sharing and collaboration options plus the ability to make use of iDrive Express which allows for large cloud recoveries via a shipped external hard drive.
- Get 10GB free storage
- Zero-knowledge security
- Desktop file syncing
- iOS & Android Apps
- Secure file sharing
- True archiving file history
- Auto photo uploads
- 2FA Authentication
- 5TB from $6.99/m
iDrive is priced from just $2.95 per year for the Mini plan providing 100GB of cloud storage for a single user. The personal plan provides up to 100TB of cloud storage across multiple devices and is priced from just $6.99 per month (paid annually) for 5TB. More info on all iDrive plans, including the 10GB free plan can be found via the official iDrive website.
Best Encrypted Cloud Storage Summary
As this guide hopefully makes clear, if you are looking for the highest levels of privacy, security and overall integrity of any personal data which is stored upon the cloud, then a service applying strong, zero-knowledge (which is enabled by default) is by far the best way to go.
Looking into this technology a little deeper and it soon becomes clear that zero-knowledge encryption (ideally using AES 256-bit encryption technology or higher) not only provides enhanced privacy and security by default, but will also protect data in the case that it is ever compromised or subject to a cyber-attack whilst stored upon a third-party cloud storage server.
With all of the above in mind, for the best data protection by means of encryption, I would always advise looking for a service which applies strong, zero-knowledge, AES-256bit encryption (or higher) to all data stored which is stored upon the cloud by default. Whilst some services make use of a separate encrypted “vault” folder, or even manage encryption on behalf of their users completely (which can be very convenient), nothing matches the security provided by strong, zero-knowledge encryption which is performed locally before any data is sent to the cloud in the first place.
