Securing Cloud Storage

What "In the Cloud" Really Means for Your Files

When you save a file to Google Drive, iCloud, or Dropbox, it leaves your device and is stored on servers in data centers operated by these companies. Understanding this is the first step to making good security decisions about what you store and how.

The Shared Responsibility Model

Cloud security works on a shared responsibility model:

• The provider's job: Physical security of data centers, server maintenance, encryption in transit, redundancy and backups, uptime.
• Your job: Access control (who can see your files), sharing settings, account security (password + 2FA), what you choose to upload, link sharing configurations.

Most cloud storage breaches don't happen because Google or Apple got hacked. They happen because users misconfigure sharing settings or lose control of their account credentials.

Encryption: What Cloud Providers Actually Do

All major cloud providers encrypt your data in two ways:

Encryption in transit: Your files are encrypted while traveling between your device and the cloud server (using TLS — the same encryption that protects HTTPS websites). This prevents anyone on the network (your ISP, a coffee shop hacker) from reading your files in transit.

Encryption at rest: Your files are encrypted on the provider's servers. This protects against physical theft of hard drives from data centers.

But here's the critical detail: the provider holds the encryption keys. This means:

• Google can technically read your Google Drive files
• Apple can access most iCloud data (with some exceptions)
• Dropbox employees with sufficient access could view your files
• A government subpoena can compel the provider to hand over your data
• A rogue employee could potentially access your files

For most families, this level of protection is adequate. The providers have strong internal access controls and audit trails. But for truly sensitive documents (tax returns, legal documents, medical records), you may want an additional layer — which we'll cover in Lesson 5.

What's Actually at Risk

Think about what's in your cloud storage right now:

• Photos — family pictures, possibly including identifying information about your home, school, children
• Documents — tax returns with Social Security numbers, bank statements, medical records
• Shared folders — files shared with coworkers, friends, or family
• Automatic backups — your phone may be uploading screenshots, downloads, and cached files automatically
• Scan history — if you've used your phone to scan documents, those scans are likely in your cloud

A compromised cloud account doesn't just expose your files — it exposes everything your devices have been quietly uploading in the background.

The Most Common Cloud Security Mistakes

1. Sharing a link with "anyone with the link" access — and forgetting about it. That link can be forwarded, found in browser histories, or indexed by search engines.
2. Not reviewing sharing permissions — Documents you shared with a coworker years ago may still be accessible to them.
3. Using a weak password without 2FA — If an attacker gets into your Google account, they have your entire Drive.
4. Not understanding what's being backed up — Automatic photo backup means your cloud may contain sensitive screenshots or images you didn't intentionally upload.
5. Sharing an entire folder instead of specific files — giving people access to everything in a folder, including future additions.

Quick Security Check (Do This Now)

1. Open myaccount.google.com/security ↗ or your cloud provider's security settings
2. Verify 2FA is enabled
3. Check recent security events for any unfamiliar activity
4. Review third-party app access — revoke anything you don't recognize
5. Check drive.google.com/drive/shared-with-me ↗ to see what others have shared with you (and by extension, what you may have shared outward)