Trusting the cloud storage – OneDrive (for business) breaking the integrity of documents

There are three qualities that the cloud storage system should comply to: confidentiality, integrity, availability (CIA).

Most of us store documents in the cloud to have them available on different machines and assume that the service will be available for the time being. The confidentiality is usually the primary concern for a lot of us – who can access our documents when they are stored in the cloud. But we rarely think of integrity – will our documents change without out consent or knowledge.

According to Myce, this is exactly what happens to OneDrive business costumers. The authors tested the integrity of many document formats and discovered than just some of them are altered. The HTML and PHP files get an injected header. While Word, Excel and Publisher files get a uniquely identifiable code added.

As I understand OneDrive for business (or SharePoint that is behind the scene) automatically adds UUID for tracking documents and control. This is supposedly a normal behaviour of this document management system. Even so this is NOT acceptable in the cloud sync as there are many consequences and implications of such behaviour. For example users cannot have (even if required by law) verifiable records if checksums of documents change. Not to speak about the increased lack of trust of cloud storage services if the files are altered without the consent. Files’ metadata should be kept in separated (hidden) files to keep the integrity of the documents intact.