Encrypting data before storing on third-party servers. Also called "zero-knowledge encryption," zero-access encryption ensures that a user's data stored on OneDrive, Google Drive or other cloud storage provider cannot be divulged if the server is hacked and the data are stolen. Only the user has the private key, and the decryption is done on the user's computer after downloading the files.
If cloud providers encrypt uploaded data, they have the private keys, which means if the service is hacked, the private keys may be available to decrypt the data.
Zero-Access vs. End-to-End Encryption
Zero-access refers to stored data, whereas end-to-end means data in transit. See
end-to-end encryption and
Proton Mail.