SSL is necessary but not sufficient for data protection in cloud.
Many were led to believe that using SSL is sufficient to protect data when using cloud services. Unfortunately, SSL simply offers a necessary condition, but it is not sufficient enough to provide full protection. This is because SSL is designed to protect data transfer between device and the cloud only. When data is at-rest in the cloud, it remains vulnerable — such as the photo leak case of Jennifer Lawrence. Once cyber attacker gains access to victim’s username and password, all cloud data are accessible. To make the matter worse, SSL is not entirely safe too. Check out this article regarding broken encrypted connection.
In order to truly protect data when using cloud services, we suggest to encrypt the data before sending any sensitive and important information to the cloud. This is known as client-side encryption. Encrypting data before sending to the cloud provides an additional factor of protection. Regardless of whether SSL is broken or not, or whether account in cloud service is compromised by cyber attacker, your sensitive data remain hidden from intruder.