There isn't a day that goes by that we don't get website visitors for this specific question :
How to secure your Dropbox and Google Drive files.
Last week we received an email from one of these visitors asking if our content was still "relevant". I think what he meant was "accurate", but, regardless, it did send me down the research rabbit hole. We verify this information from time to time, always with the hope that the answers will be better.
Sadly, nothing has changed.
An off-handed lunch comment last week reminded me that there are still misguided assumptions about two core services these popular providers deliver:
1. Proactively guarding your files against malware
2. Safeguarding your valuable date with end-to-end encryption
Here's the quick summary from our review of each provider's support documentation.
Question #1: Does [Dropbox] [OneDrive] [Google Drive] scan for malware?
Dropbox
They do not scan your files for malware/viruses when you upload or download them. That means an infected file can live indefinitely on Dropbox and be shared with others.
OneDrive
In Microsoft's words:
"
The Windows Defender anti-malware engine scans documents at download time for content matching an AV signature (updated hourly)."
Today's security needs proactive, always-learning malware detection that doesn't rely on known malware being added to a signature file. Think of this as keeping a list of people you don't want to enter your home after they've broken in.
It's outdated, inadequate protection. Instead, you need
advanced monitoring tools that are continuously listening, learning, detecting what appears to be malware, and blocking it in real time. No after-the-discovery lists.
One important note -- unless you have a centrally managed security policy that prevents this, users can disable virus scanning on their Windows devices.
Google Drive
Google Drive does some scanning but not enough to provide the protection you need. Google scans
only files smaller than 100mb before they are downloaded. If a file is larger than the 100MB limit, Google returns an error and does nothing else.
Like Dropbox, Google Drive doesn't scan files when they are uploaded.
If a file is infected, Google will warn you when you attempt to download the file. However, you can ignore the warning and continue the download. You know what this means.
Why Is This Important To Know?
One of the benefits of online file storage is that changes are automatically synced to all devices associated with the account. One infected file can quickly spread to all your company's devices when they sync.
Uploading files that contain sensitive information is a convenient way to share them with a trusted business partner. However, it only takes a few seconds for those files to be intercepted and valuable data stolen.
Passwords for file sharing are a weak defense. Passwords are too easily cracked.
Question #2: Does [Dropbox] [OneDrive] [Google Drive] perform end-to-end encryption?
First, let's talk about the difference among end-to-end encryption, data in transit encryption, and data at rest encryption. We won't wander into the technical weeds, but the distinctions matter.
Encryption is the process of transforming human readable data into an unreadable format, typically using a key or password.
Data in transit and
data at rest are the commonly used forms of encryption because they are easier to implement and manage.
The data is encrypted while it is uploaded and downloaded (in transit) as well as while it's being stored (at rest).
Anyone with the key, such as a password, can unlock and unencrypt the data.
End-to-end encryption is a specific type of encryption that occurs between two devices to keep the data private and inaccessible to any other parties.
Only the two devices with the encryption key can unlock and read the data.
Even if someone were to intercept and grab the data, they could not decode it.
This is an added layer of data protection.
Dropbox
No end-to-end encryption supported.
They use the standard data in transit and data at rest encryption.
From their support doc:
"
Dropbox doesn't offer client-side encryption. Dropbox also doesn't support the creation of your own private keys. However, Dropbox users are free to add their own encryption. There are many third party applications that provide encryption at both the file and container level."
OneDrive
No end-to-end encryption supported.
They use the standard data in transit and data at rest encryption.
Google Drive
No end-to-end encryption supported.
They use the standard data in transit and data at rest encryption.
From their support documentation:
"When you upload a file of any type to Google Drive, it is stored securely in our world-class data centers. Data is encrypted in-transit and at-rest. If you choose to access these files offline, we store this info on your device."
One Final Thought
The last sentence is important. All three of these services sync your online data with your local device. That means your locally stored data relies on your desktop, laptop or mobile device to provide the proper security safeguards.