The more private my data, the more important is encryption.
But that should be encryption the cloud owner (like Dropbox or Amazon) itself can’t unencrypt, so they shouldn’t have the key needed for that. So they can’t encrypt my original document (because they know the key then) .
I have to do that myself.
Cloud encryption platforms encrypt data when it is transmitted to and from cloud-based applications and storage, as well as to authorized users in different locations. In addition, these tools encrypt data when it is stored on cloud-based storage devices. These measures prevent unauthorized users from being able to read data as it travels to and from the cloud or read files when they are saved to cloud storage. Storage vendors like Amazon Web Services (AWS), Dropbox, Microsoft Azure and Google Cloud provide data-at-rest cloud encryption. The software handles encryption key exchanges and the encryption and decryption processes in the background, so users don’t need to take any additional steps beyond having proper authorization and authentication to access data.
There are two good ways to encrypt data that’s held on a cloud service: using a zero-knowledge service or encrypting your files before uploading them. Both methods work well, as long as the service doesn’t hold your encryption keys or password and uses AES 256-bit encryption or an equivalent to keep your privacy safe.