Abstract

In recent years, use of internet has increased manifold. People have started creating more data, and instead of saving it locally, people have started preferring storing it “online”. Companies are also following the same path to maintain accessibility and availability of their data. Thus, data has become a central part of our lives. People, companies, and institutions rely heavily on cloud storage solutions these days for managing their data. Some of the main cloud storage solution are Google Drive, Dropbox, and OneDrive. These are sophisticated solutions developed by tech giants, and general expectation of the public is that these solutions are reliable. But in the past, there have been instances where data of people and companies was leaked or compromised through these platforms. These platforms use different approaches and models to safeguard their data and for accessing it. The security incidents that happened in past were due to reasons like poorly implemented third party integrations, weak access controls, unexpected API behaviours. This study aims to study these three platforms and compare their vulnerabilities and security controls. The study focuses on cloud specific vulnerabilities like OAuth behaviour, Authentication flow, Exposure to API-based attacks, and Frequency of historical breaches. The study collects and analyses real-world data from several sources, including the HaveIBeenPwned breach records, the CVE database, and datasets. These datasets help in comparing how often each platform appears in reported breaches, what types of weaknesses are most common, and which attack vectors occur repeatedly. The study uses a mix of quantitative and qualitative analysis to present a realistic view of each platform’s strengths and limitations. The findings suggest that no single platform delivers a complete security solution. The study also provides practical recommendations for improving platform security. These recommendations can support organizations that rely on multi-cloud environments where applying single approach is not possible. The overall aim of this thesis is to help organizations better understand the risks related to cloud storage platforms and to support decision-makers in selecting right controls that strengthen data protection practices.

Library of Congress Subject Headings

Cloud computing--Security measures; Computer storage devices--Security measures; Data protection

Publication Date

12-2025

Document Type

Thesis

Student Type

Graduate

Degree Name

Professional Studies (MS)

Department, Program, or Center

Graduate Programs & Research

Advisor

Khalil Al Hussaeni

Advisor/Committee Member

Sanjay Modak

Campus

RIT Dubai

Plan Codes

PROFST-MS

Download

Share

COinS