Data stored on a cloud storage provider service is generally well-protected from routine eavesdroppers or man-in-the-middle attacks, but there remain other threats.
Consider Dropbox, just one of many new services provided online for storing data in the cloud. Dropbox is used here as an example because of its popularity and its commendable responses to attacks in the past.
Dropbox has used the experience they’ve gained while under attack to improve their security. Dropbox security policies are in line with industry best practices, but they must also align with industry best practices for running a web service.
This means that data stored on Dropbox may be vulnerable to attacks (for example) by government agencies armed with subpoenas or by criminals who attempt to coerce or extort Dropbox employees with access to customer data.
To prevent such unwanted access to data stored on Dropbox, it is recommended to encrypt data locally so that no one but you can retrieve the plaintext of your data.