How secure is your iCloud data?
Q
Is there anything like Microsoft OneDrive’s Personal Vault for securing data shared between my Mac and iPhone using iCloud?
A
The only data held in iCloud which isn’t routinely encrypted is mail in Apple’s IMAP mail servers; in accordance with standard practice, that data isn’t encrypted, so you should use security measures such as S/MIME if you want protection there. Otherwise, everything you store in iCloud Drive, data in standard Mac apps such as Calendars, Contacts and Notes, and that stored by third-party apps, is all stored fully encrypted when in iCloud, and it’s also encrypted when in transit between your Mac and Apple’s iCloud servers.
Apple uses a sophisticated mechanism which chunks file data together and encrypts it using file content keys. Those are in turn wrapped by record keys stored with the metadata, which are protected by your service key, kept in your iCloud account. This ensures only you have access to them, but they’re also recoverable using the iCloud Data Recovery Service. Most sensitive data like your keychain, health data, Messages and Safari history are handled even more securely, as they’re encrypted locally, in transit and in iCloud storage. Their encryption keys use devicespecific information to ensure only you can access them, and can’t be recovered.
Although you could encrypt data additionally, there’s no easy way to access that on your iPhone or other devices. Some third-party apps offer additional protection at a cost, but there’s no justification with your iCloud account secured with a robust password and two-factor authentication (2FA).