The number of available cloud services is constantly increasing. Dropbox, Google Drive or the iCloud are all vying for customers’ favor. Microsoft also offers its own cloud storage in conjunction with a Microsoft account: OneDrive. We will take a closer look at the cloud solution in terms of security and data protection.

What is OneDrive?

OneDrive is a cloud storage solution from Microsoft. Many users use the service in combination with Microsoft Office 365. For example, they can use OneDrive to create documents and share them with others. As with any cloud, this is possible at any time and from any location, including mobile devices. Files such as pictures or videos can also be stored or accessed via the web browser or an app on a smartphone.

OneDrive was created in 2007 under the label Windows Live Folders (formerly FolderShare). From 2014, Microsoft’s cloud solution was then called OneDrive. Companies usually use the software within the framework of Office 365, thus creating an immediate link between the cloud service and the local creation of files. This enables employees to work on tables or presentations together. By synchronizing the files, colleagues within a team can always access the latest version.

What about security at OneDrive?

The possibilities for collaborative work are many and varied, but what about IT security when using Microsoft OneDrive? Especially the handling of personal data is a recurring topic in the context of data protection. Companies in particular must meet requirements here in order not to risk a violation of the GDPR.

Therefore the question arises how secure is a virtual storage space that links local content on your own computer with online storage. Microsoft’s OneDrive has a few shortcomings when it comes to security. In comparison, TeamDrive is a good and secure alternative to OneDrive.

OneDrive has the classic standard encryption. Using two-factor authentication, users can set up password protection. In addition, the synchronization of data can also be encrypted. In addition, users can configure various sharing options.

Store sensitive data online in OneDrive?

Security is a high need for all employees in a company who work with personal data, passwords or bank data. Such sensitive information is often a sought-after object by hackers. The data must be protected against access by third parties or the provider itself. The ability to securely store data is the decisive criterion when choosing a cloud provider. However, users are not always automatically aware of how secure their own files really are.

One reason for this is that with OneDrive, only the transfer of data is guaranteed by Transport Layer Security (TLS) encryption. This variant of encryption leaves security-relevant gaps. In contrast, TeamDrive offers complete end-to-end encryption.

Encryption with Microsoft OneDrive

In addition to the TLS encryption mentioned above for the transmission of data, Microsoft set up a separate service for encryption at the end of 2019. The service is called “OneDrive Personal Vault“. It is used to back up personal files to a local storage space, which in turn is encrypted by a bitlocker. This function is also used to store personal files such as insurance papers or travel documents. In addition, “OneDrive Personal Vault” is designed to increase protection against hacker attacks. The service will probably also prevent unauthorized access after the theft of an end device on which OneDrive is located as cloud storage.

However, encryption is only ever one aspect of the security of stored files. In recent years, Microsoft, like other international cloud providers, has been repeatedly criticized by data protectionists. In principle, data in the OneDrive cloud is protected from access by third parties. However, Microsoft as a provider theoretically has the possibility of access.

In comparison, TeamDrive uses several encryption methods, such as highly secure end-to-end encryption (AES-256), in which the keys always remain with the user. This ensures that only authorized users can access their own data locally or in a virtual drive. Under no circumstances does TeamDrive have access to the users’ content.

Location of the OneDrive Cloud is not in Germany

The personal content of users in the cloud is secure, but the data is not encrypted at all times. This applies primarily to the transmission path to Microsoft. In addition, the keys are stored locally on Microsoft’s servers. These are located in the USA or scattered around the world. This means that employees of the Group and third parties to whom access is granted can access personal data of users.

Microsoft scans stored files and justifies this by identifying and filtering possible malicious code. This process also serves to comply with various legal requirements. Users lose control over the use of their data through this behavior.

The European Court of Justice has just declared the Privacy Shield invalid, on the basis of which many American cloud providers store the data of users in the USA. The so-called Cloud Act shows just how serious this danger still is. The “Clarifying Lawful Overseas Use of Data Act” came into force in March 2018. Following the enactment of the Trump government in the USA, American companies are forced to provide data on demand. It makes no difference whether the servers are located outside or in the USA. These regulations state that private information in online storage is suddenly accessible to U.S. government agencies. But surely the OneDrive files should not be “public”?

As a German company, TeamDrive relies exclusively on the server location Germany. This means that user data is stored in such a way that it meets the requirements of the GDPR. The strict data protection regulations within the European Union are completely fulfilled. This means that TeamDrive not only complies with GDPR, but also offers a so-called Zero Knowledge System. This means that TeamDrive as a provider does not acquire any knowledge of stored content. There is no access to encrypted private data without the authorization of the owners.

Compliance requirements as a hurdle for OneDrive

Compliance requirements are a problem for companies using OneDrive as a cloud solution. Many companies have to comply with laws or fulfill their own guidelines. With OneDrive, data protection requirements cannot be fully taken into account, although companies must ensure these conditions are met. It can quickly happen that a business file is sent to external colleagues, even if it was not approved for this purpose.

Many private computer users also rely on Microsoft software in their everyday lives. If only because Windows is widely used as the operating system on desktops at home or in the office. Office 365 is also often installed as software. Users rarely deal with similar applications, although good alternatives are available. TeamDrive is one such top alternative, which fulfills both the provisions of the German Data Protection Ordinance (GDPR) and the requirements for managing personal data.

TeamDrive and Microsoft Office

TeamDrive is a very easy-to-use environment for exchanging files online with third parties securely and easily. In particular, the integration of local Microsoft Office applications is possible. An Outlook add-in and MS Team integration support this collaboration. The encrypted storage of data on German servers proves to be an advantage. In addition, there are other reasons for choosing TeamDrive as an alternative to Microsoft OneDrive. These include a high level of confidentiality, because personal data must be strongly protected.

The processing and storage of personal data within the scope of the GDPR is a relevant issue for both private individuals and companies. Here, no stored data may be lost when using sensitive content. With TeamDrive, users always retain full control over personal data because it is stored in the secure cloud application with end-to-end encryption. This means that third parties cannot access it either.

TeamDrive provides all the prerequisites for meeting the strict legal and other requirements of the professional organizations that are imposed on cloud use. Professional secrets not only have to meet the requirements of data protection according to the GDPR, but also have to sign separate agreements on confidentiality. Few providers guarantee these requirements. Often the size of the company itself and other legal requirements stand in the way. These include the US Cloud Act or the Privacy Shield, for example.

TeamDrive as an alternative to the Microsoft cloud

We have compiled the most important functions that make TeamDrive stand out from the crowd when it comes to data protection:

  • Security through end-to-end encryption

  • Confidential Zero Trust System based on our Zero Knowledge Architecture

  • European Privacy Seal: EuroPriSe Certificate

  • No servers in the USA: Compliance with the GDPR and protection against the influence of the US Cloud Act

  • German data center under German control

  • Simple, free onboarding of business partners

  • Integration of Outlook under Windows

In addition to a high level of data security, TeamDrive provides comprehensive service and large storage capacities. Find o