How secure is iCloud?
Apple’s iCloud faced criticism in 2017 when cyber criminals stole photos of celebrities and published them online. It wasn't really an iCloud’s security issue, it had rather more to do with these individuals having their credentials compromised through successful phishing attacks. Apple actually has a pretty good reputation for maintaining security across its devices, although what does that mean for security in its cloud services?
Well, Apple says that data is encrypted both in transit (using SSL) and at rest on the server. Rather than using AES-256 bit encryption everywhere, however, it uses "a minimum of 128-bit AES" which is considerably less secure. The only thing that I can see where 256-bit is employed is for the iCloud keychain (used to store and transmit passwords and credit card data) so have to assume all other data is protected by weaker encryption which is not particularly encouraging.
The iCloud keychain encryption keys, however, are created on your own devices and Apple can't access them. Apple says it cannot access any of the core material that could be used to decrypt that key data and only trusted devices that you have approved can access your iCloud keychain.
Secure tokens are used for authentication when accessing iCloud from other Apple apps for example: Mail and Calendar, and there is optional two-step verification (which can be turned on at https://appleid.apple.com/account/home) via text message or device generated code for making changes to account information or signing into iCloud from a new device.
How secure is OneDrive?
Although Microsoft Windows is the number one targeted platform for hackers and cybercriminals, so far OneDrive has remained fairly free of any serious breach thus far. Does this mean it's the more secure than the iCloud? Not really, as none of them have actually suffered a direct data breach (rather than user-compromised access) that has come to our attention. Much of the public concern surrounding OneDrive security is actually that user-error stuff once more; the wrong file sharing permissions and password insecurity mainly.
Actually, files aren't shared with other people unless you save them in the Public folder or choose to share them. Microsoft does reserve the right to scan your files for 'objectionable content' (as does Apple iCloud) which could lead to deletion of the data and your account. That is seen by many as a reason to look elsewhere as file security cannot be guaranteed if the content provider deems it objectionable.
SummaryAlthough the cloud remains for many something of an unknown quantity as far as security is concerned, the truth is that data security is never black and white but rather fifty shades of grey. Attaining a 100% secure data storage solution is never guaranteed; you can get very close but will never actually do it. So you have to determine what is 'close enough' as far as cloud services are concerned. This determination may be decided for you if you are a business which is regulated and has to meet compliance requirements, and that may mean that not all your data can be stored in the cloud.
Also see: Is 2 Factor Authentication Enough?