Back to Blog

What to Look for in Secure Document Storage Providers

Secure Storage

As companies generate, store, and share more and more confidential information online, finding a secure document storage provider becomes a priority. There are many different solutions to choose from that range in price from free to hundreds of thousands of dollars a year. Free solutions, like Dropbox, have been popular by consumers and individuals are using it in their workplace for confidential business documents. Using a personal file sharing account for secure document storage of business documents is generally not a good idea, and prompting many companies to take a closer look at secure document storage platforms. Here is a list of five things you must consider when vetting providers.

Offsite Backup for Disaster Recovery- Automatic encrypted online backup is a key component in any disaster recovery plan as protection against hardware failure, theft, virus attack, deletion, and natural disaster. Any secure document storage solution you choose should have this in place to guarantee the safety of your sensitive documents.


Data Encryption - Data encryption is a process that converts data into an unreadable format. The document storage solution you choose should protect documents while at rest using AES. Documents should also travel over encrypted SSL/TLS connections.


User Roles and Permissions - Another way to protect documents from unauthorized access is to set up and enforce user roles and permissions. Not everybody will require the same access to company data, and you should be able to chose who sees what. This is a critical component of any document storage solution, as many breaches are caused by unintentional human error. The odds of that decreases the more that access is regulated. In addition to selecting who has access to what, you should be able to chose what they do with the information- view-only, no download, full access, etc.


Two-Factor Authentication - It's wise to implement two-factor authentication to protect against password-sharing, password-cracking, and carelessness. With two-factor authentication, a second factor is required to verify the user's identity. For example, after entering the correct password, a user may then need to enter a one-time PIN number which is sent to the user's smartphone via SMS.


Privacy- Since you are likely storing sensitive company information in the solution you choose, it is advisable to check the privacy policy of the provider you are considering. How do they treat the confidential information (names, email addresses) of invited users? Do they market to them or share them? Who has acsess to your data? Who from their support team or engineers can see your data? While these questions are often overlooked when evaluating the security of a system, they are important considerations.


This is a jumping off point of items to consider when vetting the security of secure document storage platforms. Other considerations consider ease of use, your company's individual use case, and whether or not the solution is being used for finalized, signature documents or as a collaboration tool. In any case, security should be top-of-mind.


Dropbox VS. Virtual data rooms