Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

A friend asked about putting some of his data on Microsoft\'s OneDrive. I did so

ID: 658146 • Letter: A

Question

A friend asked about putting some of his data on Microsoft's OneDrive.

I did some research, and what I learned seems very surprising.

It appears that all the user data on MS OneDrive is store completely unencrypted (it is only temporarily encrypted during transfer). The only "security" is trusting that whomever they hire to work at their datacenters, along with all of their subcontractors, are not looking at or copying any of the data (which would be trivially easy since it is unencrypted).

Is this an accurate understanding?

What's surprising is the number of people and businesses who apparently keep their data on OneDrive. I'm guessing my understanding is incorrect, or most people are ignorant of how their data is stored.

Explanation / Answer

It is not unusual for cloud providers to have a system in place where they can access their customer's data, because there are all sorts of useful things they can't do without looking at the data. They can't index it, they can't de-duplicate it, they can't compress it, they can't scan it for illegal content, and most important of all, they can't restore it to the user when they forget their password.

That last option is most likely enough on it's own to make encryption a bad security choice for a consumer cloud system.

Note also that there are plenty of security controls that Microsoft can implement to stop some random contractor poking through the data.

Lastly, since Microsoft wrote the client software for the service (and most likely wrote the operating system your friend is using!) then if they are malicious they've already won.

There are alternatives if your friend is still concerned. There are small, specialist cloud providers who do encrypt the data at rest and cannot see it. It is also quite possible to build your own private cloud system. However, both these approaches raise additional questions and issues of their own.

What I would recommend, and what I use myself, is to encrypt any sensitive data locally before uploading it to the cloud.

Related Questions

A freshly prepared sample of a certain radioactive isotope has anactivity of 10.
Question #1678310
A freshman studying medicine at an Ivy League College is a part of his class cre
Question #7904
A freshwater alga has an internal osmotic pressure of 0.45 MPa. The external med
Question #218670
A freshwater pipeline is to be run from a source on the edge of a lake to a comm
Question #3289020
A freshwater pipeline is to be run from a source on the edge of a lake to a comm
Question #3289022
A friction less turntable with rotational inertia 40 kg*m^2/rad^2 spins clockwis
Question #1540712
A friction less turntable with rotational inertia 40 kg*m^2/rad^2 spins clockwis
Question #1543874
A friction pully has the shape of a uniform solid disk of mass 2.50kg and radius
Question #1408214
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
A friend announces a plan to benchmark the performance of his small-cap stocks w
Next
A friend asked you to help him determine the operating cash flow for a new drink

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.