Encrypt and secure OneDrive files. How feasible is Encryption?

OneDrive has little security features, but enough to protect files on the cloud for average users. If you have sensitive information that you store to the cloud, you must take some measures for securing OneDrive files in the event of a data breach. This article talks about the options to secure files on OneDrive and whether encryption is feasible.

encrypt onedrive files

Encrypt & secure OneDrive files

Without anything on your part, the default methods of security of files on OneDrive are as follows:

  1. Password Protection
  2. Sharing Choices
  3. Encryption during Sync

Password protection is nothing except for the usual login process. You can add another layer of security to the process by enabling two-step authentication for OneDrive. Once you enable the two step authentication for Hotmail or Outlook, it is applied to your entire Microsoft account and you will have to go through it to use any of the Microsoft services, including XBox, etc. For apps that require offsite authentication (for example, fetching emails on desktop Microsoft Outlook), you have to create a key that you can use with such apps.

Sharing choices are the default permissions that you exercise to share files with different people. You have three options: Only Me, People with a Link, and Public. Files having “Public” as sharing option can be viewed by anyone. Files shared using a link may be accessed by people having link to that file. No password is required. “Only Me” is self-explanatory: no one except you can view files uploaded. By default, the sharing options are set to “Only Me” for files in folders other than Shared Documents and Photos.

Note that if you upload a file via smartphone OneDrive app, there is no guarantee that the default option would be “Only Me” as I have come across statements where people said such files are “shared with friends”. It is better to check the sharing options carefully from a tablet or even the smartphone after uploading the file. If you are uploading a file to a folder that has setting of “Public”, its content will acquire the sharing setting and may be visible to anyone stumbling upon the file. Hence, I reiterate that check the share settings after you upload the file(s).

OneDrive says that its apps use 256 bit encryption when syncing files. That is, if you are uploading a file to OneDrive, a secure connection is established. However, there is no encryption after the files are uploaded and it has a reason. We’ll come to it when studying feasibility of encryption on OneDrive later in this article.

Encrypting OneDrive files for security

There are many third-party programs available to encrypt entire hard drives or on a file to file basis. The Windows Club has a list of some of the best free file encryption software. You can use these programs to encrypt the entire OneDrive folders on your local computer, so that when they are uploaded, they are encrypted – or you can encrypt only the ones containing sensitive information. You may also use Windows default BitLocker or NTFS encryption to encrypt the files.

Feasibility of File Encryption on OneDrive

But is this kind of encryption really feasible?

In my opinion, if you are uploading files to OneDrive for your own use, encryption will give you an edge – though it may slow down process of opening and saving files as it has to de-crypt them before opening. But if you intend to share it with others, is it still feasible? Check out the next section.

As said earlier, if you are using OneDrive as a remote storage for yourself only, encryption is ok. But if you are to use OneDrive for collaboration, it will be hard for others to find a program that is able to decrypt the files properly. Suppose you encrypt a folder with TrueCrypt before uploading it. Others can also install TrueCrypt as it is free. But will it really help them in collaborating?

The process of decrypting the files is also tough and takes too long. And it is not necessary that the other party can decrypt it always. As far as I know, encryption key is not stored with the file information. If that doesn’t happen, how is the other party going to decrypt the file for collaborating or anything?

In such cases, the whole purpose of OneDrive is defeated because though you can share the files, you cannot have the other person access them easily or maybe, the other person may not be able to access it at all.

Hence files on OneDrive are not encrypted by the company. If you encrypt them, do it for your own usage. If you wish to use OneDrive for collaboration and real time file sharing, encryption will be a hurdle big enough for others to give up.

Read: Tips to secure OneDrive account.

These are my own views. I do not know if there is any solution available for sharing encrypted file along with the encryption key or how easy it would be. If you have thoughts on this, please do share.

Posted by on , in Category General with Tags
Arun Kumar is a Microsoft MVP alumnus, obsessed with technology, especially the Internet. He deals with the multimedia content needs of training and corporate houses. Follow him on Twitter @PowercutIN

7 Comments

  1. If I need to share anything in the cloud, especially OneDrive I use Microsoft Rights Management. This way, only the intended recipient(s) can open, read, view or edit the files and it works well with Microsoft Office, including Outlook (desktop and web).

    https://portal.aadrm.com/

    Also, I would avoid TrueCrypt like the plague as it’s now very unsecure.

  2. SmartFTP

    Files can be stored encrypted (AES-256 CTR mode) on OneDrive using the latest version of SmartFTP.

  3. Tshikishio

    Hello Sir, this is not true. OneDrive now encripts our Files.

    “However, there is no encryption after the files are uploaded”

  4. Arun Kumar

    Can you please give me any link saying that Onedrive files are encrypted? I could not find any official blog claiming encryption during storage. For transmission of files, it employs PFS encryption, which should be good enough.

  5. herdivet

    This link is to the Office365 Blog and it has a section that claims they have encryption on Office365 files. Above that section in the blog they state they are rolling out encryption and Mobile Device Management in Quarter I of 2015 – I haven’t delved any further in to it yet, so take it for what it’s worth:

    http://blogs.office.com/2014/10/28/office-365-latest-innovations-security-compliance/

  6. ReadandShare

    “OneDrive for Business” — as mentioned in your link — is a completely different product from the free “OneDrive” that’s offered to individual users. Files stored in the free “OneDrive” is NOT encrypted.

  7. Bradford

    How has it been demonstrated to be insecure? Afaik the owners just stepped away without justifying how it was insecure, and no future audits have found anything to report.

Leave a Reply

Your email address will not be published. Required fields are marked *


3 + 7 =