When looking to achieve the highest levels of privacy and security for any data which is stored upon the cloud, a cloud storage provider making use of secure, zero-knowledge encryption which is applied by default is, without doubt, one of the best ways to go!
In a nutshell, a cloud storage service making use of zero-knowledge encryption ensures that all data stored upon the service is securely encrypted before it leaves a user’s local device and remains encrypted and secure throughout its entire time stored upon the cloud. Once stored upon any cloud storage server in this encrypted form, said data will remain protected and unusable by the cloud company and their employees (or any other form of unauthorised access including from cyber-attacks) until it is downloaded again by the intended account holder with the correct decryption key.
Whilst, in theory at least, all data stored upon 3rd party cloud services is potentially vulnerable to various dangers including cyber security breaches, data theft, preying eyes and unauthorised modifications, zero-knowledge end-to-end encryption has proved itself as one of the most effective methods of mitigating such data security issues when making use of the cloud!
In this remainder of this guide, I will be digging more into the use of zero-knowledge encryption in more depth and how it can be a game changer in securing important data which is stored upon the cloud. I will then be going on to list some of my favourite cloud storage services with zero-knowledge end-to-end encryption built into them towards the end of this guide – Let’s go!
What is Zero-Knowledge Encryption?
Zero-knowledge encryption refers to the process whereby all data is encrypted upon a client’s local device before it leaves said device to be stored else ware. In the case of this guide, this would see the data stored upon a cloud storage service, but this same concept could also apply to any other storage mediums such as external hard drives, USB flash drives and network attached storage (NAS devices) amongst various others.
By encrypting all data before it leaves the local computing device in question, we can be sure that if this data is ever compromised in any way during its time in cloud storage (e.g., it could be stolen or subject to unauthorised access attempts by rouge IT staff), then the data itself will always stay safe and private given that it will remain in its encrypted state the entire time (with the original owner being the only one with access to the decryption key).
Top 5 encrypted cloud storage providers:
Below is a quick look at the top 5 encrypted cloud storage services mentioned in this guide, scroll down further for the full and detailed list of encrypted cloud services.
Whilst the zero-knowledge encryption of data could take place with a varying number of different encryption technologies which are available as of today, the use of AES 256-bit encryption is widely considered as the top choice by providing the best balance of high security encryption whilst also minimising any performance issues which often come with the encrypting and decrypting of data. As such, AES 256-bit encryption is proving to be a leading choice for delivering secure, zero-knowledge encryption amongst many popular cloud storage providers as of today.
NB – Use of strong, zero-knowledge AES 256-bit encryption is one of the best ways of securing any files which are stored upon the cloud. This encryption is virtually impossible to break and ensures that, even if the security of your cloud storage provider is compromised in any way, your data will remain safe and unreadable to anyone except the original owner!
As well as providing secure encryption of any data which is sent to cloud storage initially, zero-knowledge encryption can also be useful from a usability standpoint as many cloud storage services implementing such technology will automatically encrypt and decrypt data automatically as it enters or leaves an authorised device via their own website or apps. Whilst it would be possible to make use of 3rd party encryption tools and pre-encrypt any important files before they are added to a cloud storage drive in the first place, a service with the zero-knowledge encryption and decryption technology automatically embedded into any desktop or web-portal software makes the whole process as seamless as is possible!
NB – Whilst using a provider with built-in zero-knowledge encryption technology is often much simpler than employing a 3rd party solution beforehand, it does bring with it the potential risk that the encryption technology could be compromised or weakened in some way! With this in mind, always be sure to only make use of trusted and reliable cloud storage providers (such as those reviewed right here on BestBackupReviews.com) or look for services which make their software open source meaning the IT security community can see and verify the software works as it is intended to!
Zero-Knowledge vs End-to-End Encryption
Zero-knowledge encryption and end-to-end encryption, whilst slightly different on a technical level, often go hand-in-hand when it comes to looking at secure cloud storage services. Zero-Knowledge encryption, as already discussed, simply means that any data is encrypted on a local device with only the original data owner knowing the encryption password before it is sent away to another medium for storage (such as the cloud). End-to-end encryption, on the other hand, refers to the process of keeping data secure and encrypted the entire time it is in transit between two devices such as a local computing device and a cloud storage server.
Whilst these two terms (zero-knowledge encryption and end-to-end encryption) are sometimes used together or even interchangeably, it can sometimes be hard to work out exactly what is being offered in relation to secure cloud storage services!
Some cloud storage services do offer end-to-end encryption on the basis that they encrypt all data as it is sent to and from the cloud service and also when it is stored at rest upon their own cloud storage servers. In some cases, the cloud provider will also control (or manage) the encryption keys on behalf of their users in such scenarios meaning that (technically speaking) they also have access to the contents of the files as well (meaning this could be classed as encrypted cloud storage, but not zero-knowledge encryption in this example).
Zero-knowledge encryption, on the other hand, ensures that data is always encrypted using a key only the original owner of the data will have knowledge of and is done so on a local device before any data is transmitted to the cloud service. This means, even if the cloud storage service doesn’t make use of encrypted data transit or encrypted storage servers themselves (or it is in-use, but in some way compromised), all data will still remain safe and secure given that it is already encrypted before it ever leaves the users local device.
NB – When making use of true zero-knowledge encryption which sees data encrypted on a local device before being stored else ware, all services will effectively then become end-to-end encrypted by default. Other services might encrypt all data whilst it is stored upon their own cloud storage servers, but if they manage the key on behalf of their users then such data is less safe than any data secured with a key by the original user on their own local device beforehand!
Zero-Knowledge Encryption and Privacy
Whilst we have already established that zero-knowledge encryption is very useful for protecting the security and integrity of any data which is stored in the cloud, it is also a very useful tool in helping to maintain user privacy along the way as well!
Whenever a file is encrypted, it will no longer reveal any details about its contents due to all information pertaining to the file being scrambled. On the other hand, when a file is stored in an unencrypted state it will often have associated meta-data stored alongside it which could not only compromise the security of the data itself, but also the privacy owner of the file as well.
For example, a photograph taken on a smartphone deice might also include date, time and GPS coordinates which are also stored alongside the image data itself. Whilst this additional meta-data could prove very useful in certain circumstances such as organising holiday photographs, it also has the potential to reveal to a 3rd party a user’s location which might otherwise be kept secret when using zero-knowledge file encryption.
This is, of course, just one example of how the privacy of the individual can be directly related to the contents and meta-data associated with files which might be sorted in the cloud. Whilst a provider making use of end-to-end encryption and managing the encryption keys for their users will be of a big help in mitigating such risks, only the use of zero-knowledge encryption will help to remove such privacy risks completely!
Encrypted Cloud Storage FAQs
Zero-knowledge cloud storage provides users with the ability to securely encrypt all of their data on a local device before it leaves said device for storage on the cloud. This approach to securing data ensures that the data is always encrypted at all times whilst being transferred to and stored upon the cloud and that no-one except the original data owner will have any access to said data.
In general, most cloud storage which is offered by reputable cloud operators is very safe to use. With that being said, the use of zero-knowledge encryption provides an additional layer of data protection when storing data in the cloud and can help protect against many potential issues including cyber security threats which even very reputable cloud providers could become subject to.
Zero-knowledge encryption is a very important concept in that it provides some of the most secure means of encrypting data which is realistically possible. This method of encryption, which relies on the owner of the data holding their own encryption keys (or passwords), is more secure than encryption managed by a 3rd party in that no-one except the original owner of the data ever has possession of the encryption key at any point in the process.
Yes, all cloud storage services could potentially become victims of hacking attacks and cybercrime, potentially exposing personal and private data from their users as a result of said action! With this in mind, it is always advisable to make use of cloud storage with secure zero-knowledge encryption in place as this will effectively mitigate any damage in relation to sensitive user data falling into the wrong hands!
Generally speaking, the default security measures available from most reputable cloud storage providers will be sufficient for many typical users and use-cases. If, however, you do want additional protection for any data which is stored in the cloud then a service offering zero-knowledge cloud storage which is enabled on the account by default should be considered!
My Favourite Zero-Knowledge Cloud Storage
Listed in this section are some of my favourite cloud storage services which feature zero-knowledge encryption embedded within the service by default. In addition to this core zero-knowledge encryption, I have also highlighted various other security features of the below solutions which includes secure link sharing, multifactor authentication and secure collaboration tools when applicable to each service as well.
Remember, any ratings given below reflect my own opinions and are intended only for use as a guide! Always be sure to check the details for any zero-knowledge cloud storage providers before making a purchase and, if possible, always try and make full use of any free trials before making a decision!
Sync.com is a highly privacy focused cloud storage provider which employs full zero-knowledge encryption on all data stored upon the service by default!
Sync.com maintains very high levels of data privacy and security by ensuring all data is automatically encrypted at the client’s device before transfer with said data remaining encrypted the entire time until it is retrieved back form the service by the original owner. Data can only be accessed and decrypted again via one of Sync.com’s secure channels which include the excellent Sync.com desktop software, the secure web portal and the smartphone apps which are available for both iOS and Android devices.
Other useful security additions found at Sync.com include the ability to protect the entire account itself with multifactor authentication (2FA) and up to 365-days of historic file versioning which should prove very helpful should any malware related issues potentially occur. Also available are advanced sharing tools with advanced file permissions, the ability to remotely wipe devices having the Sync.com device software installed as well as full GDPR compliance being observed across all Sync.com accounts.
Moving past the data security aspects of Sync.com and we see a service with many other useful functions including secure file sharing and collaboration tools, up to 365-days of historic file versioning, apps for iOS and Android, file deduplication technology plus Microsoft Office integration plugins amongst many other useful additions.
Sync.com is competitively priced from just $8 / month for a 2TB account with unlimited data transfers to and from the service included. Other plans for both personal and business use are also available which offer up to an unlimited quota of cloud storage on certain plans with a 5GB free to use account also available – more information on all Sync.com plans can be found via the official Sync.com website.
Internxt is an impressive cloud storage service which has been built with the highest levels of user privacy and secure, zero-knowledge encryption in place across the entire service form the very start!
Privacy and data security are clearly two core concepts around which the Internxt service operates and, in-turn, ensures all data is securely encrypted with AES 256-bit the moment it is uploaded to the Internxt cloud. All data stored upon Internxt remains securely encrypted with only the account holder able to decrypt and access file contents when retrieving said data back to an authenticated device (a device with the Internxt software installed or via use of the Internxt web portal).
Other security features of note include Internxt themselves operating under a fully GDPR compliant business set-up helping to ensure maximum user privacy, use of open-source software allowing for greater transparency of the service itself plus multifactor authentication (2FA) ensuring account access is as secure as is reasonably possible.
Other notable features of Internxt include useful apps which are available for both iOS and Android devices (with automatic photo upload functionality amongst other things), desktop software for MacOS, Windows and Linux (which contains both file synchronisation and device backup capabilities) plus secure file sharing tools with password protection options amongst other useful cloud related features.
Internxt is priced form just €0.89 / month for a 20GB account with a 2TB account available for just €8.99 / month (amongst other plans). It should be noted that all Internxt plans also feature unlimited data transfer (in and out) as a part of the service as well. Also available is a very generous and fully-featured 10GB free account which is available to all new users of the service – more information on this and the Internxt premium and lifetime plans can be found at the official Internxt website.
3) Proton Drive
Proton Drive is a cloud storage service from the makers of the popular privacy-focused email service, Proton Mail. This is a highly privacy and security focused cloud drive service offering, amongst other security focused features, full, zero-knowledge encryption of all data stored upon the service by default.
Based in privacy friendly Switzerland and employing some of the latest and most secure encryption technologies available (including use of OpenPGP and elliptical curve cryptography), plus a fully open-source approach to building all of their apps and encryption libraries, it is clear that Proton Drive values the privacy and security of their user’s data greatly!
Other security related features of Proton Drive include secure file sharing functionality, the encrypting of both file names and contents (as opposed to just encrypting contents as might be the case with other providers), sophisticated encrypted file search functionality plus the ability to make use of downloadable recovery files for helping to maintain access to the Proton account itself.
Security features aside and Proton Drive offers additional functionality via smartphone apps for both iOS and Android, sharing functionality with advanced features (including usage monitoring, password protection and automatically expiring access) plus access to a very usable web-based interface which makes managing files on any desktop device easy.
Proton Drive is priced form €3.49 / month for 200GB of storage or from €7.99 / month for 500GB when making use of the 2-year plans (with monthly and 1-year terms also available at a slightly higher price). Also available is a 1GB free-to-use account which is a great way to test out the service prior to committing to a longer plan – more information on both this free account plus the premium services can be found via the official Proton Drive website.
4) MEGA (MEGA.IO)
MEGA is well known as a leading provider of privacy and security focused cloud storage, one which prides itself upon offering some of the highest levels of cloud security available including automatic zero-knowledge encryption of all data uploaded to and stored upon the service by default!
Whilst the full, end-to-end encryption of all data stored upon the MEGA cloud makes this a very secure and privacy focused service, MEGA continue to raise the bar by offering plenty of other privacy and security related features right out of the box. Also included within a MEGA.nz account is support for multifactor authentication, secure file sharing and team collaboration functionality, up to 365-days of file version history (which can be useful for mitigating malware damage) plus secure and encrypted web and video chat services to boot.
Security and privacy aside and it is clear that MEGA have made great efforts to add additional functionality over and above the core cloud storage offering. Additional features include highly functional desktop software for MacOS, Windows and Linux devices (which support both automatic file backup and synchronisation), apps for iOS and Android devices with automatic photo uploads, browser plug-ins for enhanced web-based access and even command line integration for allowing more advanced access to the service when required.
MEGA.IO is priced form just €99.99 / year for the entry level 2TB plan with other plans up to 16TB also available as are business orientated plans. Also available form MEGA.IO is a very generous 20GB free plan which is available to all new users of the service – more information on all MEGA plans can be found via the official MEGA website.
Tresorit is a solid cloud storage service with a clear commitment to providing some of the highest levels of user privacy and data security by encrypting everything stored upon the cloud by default!
Based in privacy friendly Switzerland, Tresorit handle all data to very strict privacy standards alongside all of their user’s data being subject to strong zero-knowledge encryption using AES 256-bit encryption at every stage whilst it is sent to, retrieved from and stored upon the cloud.
Other security related features of Tresorit include secure file sharing and collaboration features with password protection and user rights options included, multifactor authentication (2FA), email encryption plugins plus up to 100 historic versions of files being kept for enhanced malware damage mitigation.
Security aside and Tresorit also performs very well as a cloud storage service in its own right, this sees the service offer features including smartphone apps for iOS and Android (with automatic photo uploads), Gmail and Outlook plugins, a very useful web browser interface plus desktop software for Windows, MacOS and (unlike many others) Linux devices also.
Tresorit is available from $11.99 / month on a personal plan featuring 1TB of cloud storage with the option to get 4TB from $28.49 when billed annually. Various business plans are also available as is a free-to-use 3GB plan as well – more information on all Tresorit plans can be found via the official Tresorit website.
After their founding back in 2013, pCloud has been continuously evolving into what is now a top-rated cloud storage service, one which provides very high levels data security and user privacy thanks to support for zero-knowledge encryption and their adherence to strict Swiss privacy laws and regulations.
One of the key security technologies available within pCloud is the Vault service, a separated area of the pCloud account which, once activated, provides full zero-knowledge, end-to-end encryption of all data using AES 256-bit encryption between the user’s device and the pCloud servers (and is available via the web browser interface, the smartphone apps and the pCloud desktop software as well).
Other security related features of pCloud include up to 30-days of historic file version history being kept by default (which can prove a helpful mitigation tool for malware incidents), multifactor authentication for protecting the account itself plus a secure file sharing service with options for both automatically expiring links and password protection amongst various other security related features.
Moving past the many security related aspects of pCloud and we see the service itself also offering many great features including virtual drive mapping, automatic file synchronisation, device backup software, multimedia playback support and brandable file sharing pages amongst many others.
pCloud is priced form just $49.99 / year for 500GB with personal plans ranging up to 10TB in storage as of time of writing. Also available are family plans allowing up to 10TB of cloud to be shared between up to 6 users and business plans allowing up to an unlimited quota of cloud storage (plus other business-related functionality) form just $7.99 / month per user. More information on all pCloud plans, including the 10GB free account, can be found via the official pCloud website.
iDrive is a well-known cloud provider with multiple cloud related products available, this includes secure device backup functionality combined with full, end-to-end encrypted cloud storage together in a single, easy to use and cost-effective service.
iDrive ensure high levels of data security across their entire service by automatically applying zero-knowledge AES 256-bit encryption to all files locally before they are sent off to the iDrive cloud (with iDrive having no knowledge of the encryption key nor the key being stored upon their servers at any point). This highly secure approach ensures maximum privacy is maintained at all times and that all data remains encrypted throughout the whole time it is stored upon the cloud (meaning no one, including iDrive employees, can see the stored file contents).
Security aside and it should be noted that iDrive offer a very competitive cloud service in many other areas as well. Features of the personal cloud plan include up to 50TB of cloud storage, real-time device backup with additional support for disk imaging and NAS backups, virtual drive mapping software, advanced file sharing and collaboration options plus the ability to make use of iDrive Express which allows for large cloud recoveries via a shipped external hard drive.
iDrive is priced form just $2.95 / year for the iDrive Mini plan which provides 100GB of cloud storage for a single user, the iDrive personal plan provides up to 50TB of cloud storage and supports multiple devices form just $79.50 / year for 5TB of cloud storage. More details on all iDrive plans, including business focused options and the 10GB free account can be found via the official iDrive website.
NordLocker is a highly security and privacy focused service which brings together a great piece of desktop encryption software plus a very cost-effective cloud storage service into what is clearly a very credible offering.
Whilst NordLocker does provide full AES 256-bit zero-knowledge encryption of all data via both the desktop software and the web interface, it is the desktop encryption software which makes NordLocker stand out. Not only does this desktop software make working with encrypted files on any supported device very easy, it also allows for the storing of said files both on the cloud as well as on the local device itself (and there are no limits on local use, meaning even on the free to use plan NordLocker users can store an unlimited amount of locally encrypted files).
Moving on past the main security related features of NordLocker and we see a service which offers many other great features including secure file sharing, smartphone apps for both iOS and Android devices, device synchronisation, multifactor authentication plus the ability to save disk space and stream files to a local device directly from the cloud amongst various other useful features.
NordLocker is priced from $2.99 / month for 500GB of secure cloud storage with a 2TB plan also available form a very competitive $6.99 / month when billed annually. Multiple business plans featuring up to 2TB of storage per user are also available as is a 3GB free account for all new users to the service – more information on all NordLocker plans can be found via the official NordLocker website.
As this guide hopefully makes clear, if you are looking for the highest levels of privacy, security and overall integrity for any personal data which is stored upon the cloud, then a service applying strong, zero-knowledge, end-to-end encryption (by default) is by far the safest way to go!
Looking into this technology a little deeper and it soon becomes clear that zero-knowledge encryption (ideally using AES 256-bit encryption or higher) not only provides enhanced privacy and security by default, but will also protect data in the case that it is ever compromised or subject to a cyber-attack whilst stored upon a 3rd party cloud storage server.
With all of the above in mind, for the best data protection by means of encryption, I would always advise looking for a service which applies strong, zero-knowledge, AES-256bit encryption (or higher) to all data stored which is stored upon the cloud by default. Whilst some services make use of a separate encrypted “secure folder” approach, or even manage encryption on behalf of their users completely (which can be very convenient), nothing matches the security provided by strong, zero-knowledge encryption which is performed locally before any data is sent to the cloud in the first place!
Are you looking for practical help and advice in choosing cloud storage? If so, then be sure to check out our various guides including our Top 10 Free Cloud Storage guide, our guide to the Best Free Cloud Storage Services plus our guide to the Best Cloud Storage for Photographers amongst several others!