We are excited to share that we are set to begin a new chapter with Dropbox, Inc. Dropbox is acquiring our IP technology to embed natively into the Dropbox product, bringing end-to-end, zero-knowledge encryption to millions of business customers around the world. Check out our blog to find out more!

Why Can’t Boxcryptor Encrypt OneNote?
Jobs Icons Marketing

Jonathan Zimmermann | Marketing Manager


Microsoft OneNote – Why Online Note-taking is Popular Amongst Businesses

When thinking about Microsoft’s Office environment most people instinctively think of Word, Excel, PowerPoint and Outlook, and maybe their Office online pendants. However, there might be a hidden champion amongst the Microsoft Office applications that that is much more powerful than its’ more popular sibling Word: Microsoft’s note-taking solution OneNote.

Although, Microsoft announced that OneNote will no longer be part of the Office software package, starting with Office 2019, it remains a powerful tool, especially for teams. Therefore, we want to provide you with more detailed information on what OneNote is and why it is so popular among business users. We will explain how OneNote works, how OneNote saves files and where those files are then stored. Additionally, we will discuss the most common use cases of Microsoft’s note-taking tool. In the end, we will take a look at possible security concerns related with online note-taking.

What is Microsoft OneNote?

OneNote is part of Microsoft’s Office software and Office online environment. The range of Office products covers applications for word processing, spreadsheets, email, presentations, data bases as well as note taking. For the latter, Microsoft developed OneNote, which is supposed to provide the feeling of working in a sketchbook. And apparently, it does so rather well, replacing pen & paper in many workplaces. This collaboration and note-taking tool includes a build-in structure that enables teams to collect and share knowledge and personal tasks, easily.

How OneNote Works – Notebooks, Pages, Sections and Subsections

All notes are taken on so-called pages. Those pages are sorted into sections and subsections. All sections and subsections comprise a notebook. Usually one creates a notebook for every individual project, department, phone call, or meeting. This helps you to keep your notes structured. One huge advantage of OneNote is that it saves all elements automatically. Therefore, you do not have to worry about forgetting to save something. All notebooks, sections, subsections and pages are stored automatically in the user’s OneDrive.

This automatic connection between OneNote and OneDrive works seamlessly and it almost perfectly creates the major advantage of OneNote: Your notes are automatically saved and synchronized, no matter which device you use to work on your notebook. Only OneNote 2016 is an exception with regard to the storage location. In that version you can store your notebook locally as well, for example on your PC or on an external hard drive.

What is OneNote Used for? The Most Common Use Cases

OneNote is used as a repository for information and notes that are supposed to be kept available at all times, on all devices. The information and notes taken during a meeting or a call, for example, are synchronized to OneDrive and thus become accessible from everywhere on all devices that are connected to the account. For that reason, OneNote is a great tool for project planning and collaboration within a project. Therefore, OneNote is a great tool for organized collaboration and a great way to organize your work and Microsoft Office documents in notebooks.

File Management with OneNote – Relieve Your Email Inbox

When it comes to internal communication and file transfer, email is the most commonly used program. Think about your workplace: How often do you receive a file from a colleague, sent to you via email? Probably on a regular basis. However, there are significant security risks associated with this form of file transfer, and large files might cram your inbox and take a considerable amount of time to arrive. The security risks will be dealt with later on, but the performance of your email inbox can be improved greatly by using OneNote for file management.

Instead of attaching a file to an email, this file can be included in a notebook, stored at the shared cloud storage of the company and a link to the notebook can be easily distributed via email. This way to use OneNote is particularly helpful when Microsoft Outlook is used for organizing and scheduling a meeting. The notes can be created directly within the calendar event and be made available for every participant automatically.

Task Management with OneNote – Create Leaner Workflows

OneNote can also be used for managing tasks on an individual level, by attaching a copy of a received email to a notebook (Drag & Drop) and adding a flag to the element in the notebook. This will add the task to the follow-up tasks in Outlook, reminding you to not forget about the email.

The original email can be archived, once the email has been copied to the notebook. This does not only allow you to keep your Outlook inbox lean, but also gives you a great way to overview your tasks and the correspondences associated with it.

Team Management with OneNote – Collaboration on Shared Documents

Managing tasks and documents on an individual level is very easy with OneNote. Naturally, managing a team can be done without too much effort, as well. This is because notebooks can be shared with a whole team, too. You can share pages and complete notebooks via email, by permissions, and by sending out a link. Sharing individual pages via email can be done directly within an Outlook event by clicking on the Meeting Notes symbol.

For sharing by permission, the person that needs access to a notebook or page, needs the permission to access your company’s OneDrive storage, where the notebook is saved. You can simply grant permissions to all colleagues who need access, within the notebook. Additionally, it is possible to share a notebook by creating and sending out a link. All these sharing features make OneNote an ideal tool to organize a team, distribute information, and assign responsibilities.

The Security Issue with Online Note-taking

It seems like OneNote is the perfect tool for your workplace to take notes, share files, assign tasks and for keeping track of them, right? But as we all know, there is no upside without a downside. And in case of OneNote, one of its biggest upsides is also its biggest downside: The fact that OneNote is an online note-taking tool. This means while all your notebooks are conveniently saved in the cloud, where they are available from everywhere, these notebooks are also subject to an increased risk when unauthorized access to a cloud storage occurs. The security issue, putting your notebooks at risk arises due to OneNote not being a local application, but working as an online only service.

An encryption software like Boxcryptor cannot encrypt notebooks, that physically never exist on a local device. As end-to-end encryption by definition requires some sort of local endpoint, end-to-end encryption cannot be applied to a file that is never saved at any endpoint, but exists only in the cloud.
This is an issue for all online-only web services. Therefore, the main competitors of OneNote; Evernote, Google Keep and Dropbox Paper are subject to the same security risk as Microsoft’s solution.

Why Can’t Boxcryptor Encrypt OneNote?

To understand why Boxcryptor can’t encrypt online-only files, we first have to recall how Boxcryptor normally works. When a file is opened through the Boxcryptor drive, the file itself is already available on the local device (by means of a cloud provider’s client). By opening it through Boxcryptor, we simply state that this file is encrypted and we want Boxcryptor to decrypt it. Once opened, Boxcryptor has a reference for this file and can detect when you save it. It automatically encrypts the changes and updates the file.

With online-only files, there simply is no file on the local device. The content of the file is retrieved by asking a server to provide it instead. Therefore, with local files we can bring Boxcryptor into play by requesting a file through the Boxcryptor drive. OneNote, however, works completely outside of Boxcryptor’s scope by requesting the file directly from the server. Requests from online-only services to their servers are generally encrypted, too (e.g. by TLS). So, even if Boxcryptor wanted to monitor all connections, it still would have trouble getting the file content. And even Boxcryptor cannot encrypt data that never actually reached it.

Convenience of Online Note-taking vs. Confidentiality of Business Information

In the world of online privacy and data security, there is a recurring dilemma every user is facing at one point in time – convenience against confidentiality of data. This dilemma is especially valid with regard to note-taking apps, due to those apps usually being online only web services.

All businesses (and private persons too) should avoid exposing sensitive information to unauthorized access, by all means necessary. And data stored in the cloud can be exposed to some serious threats that are answered best by means of zero knowledge encryption. Your notes should not be excluded from your data protection process, but the use of web services for note-taking makes it much more difficult to protect all data that is floating around in an organization.

Therefore, we strongly recommend to take a more deliberate approach to note-taking, especially in companies. Note-taking apps are perfectly fine when you use them for your shopping list or your private to-do list. But personal data and company secrets have no place in there. Whenever any critical data is discussed, shared and stored, using a web service that cannot be encrypted, should by all means be avoided. As of May 2018, this is of particular interest for companies, when the shared data is personal data (yes, we are talking GDPR).

The risk of a fine or other harm to your business, caused by not avoiding that critical data is stored online without proper encryption in place, should by no means be neglected. We recommend raising the awareness for data protection in everyone in the company and offering a secure alternative that is also very convenient for the employees to use instead of insecure web services. With the virtual Boxcryptor drive and the cloud storage provider of your choice, a secure solution can be set-up.

Condividi questo articolo

Articoli Correlati


Our New Chapter with Dropbox: What Boxcryptor Users Need to Know

Last week we already announced that we sold important technology assets to Dropbox. What our customers need to know now, we explain in detail here.


A letter from our Founders: We’re joining Dropbox!

Almost 12 years ago, we set out to make complex security solutions easy to use. Now we are excited to share that we are set to begin a new chapter with Dropbox, Inc.

Dummies Book Cover and Back

CLOSED We Celebrate Our Book Release: Your Chance to Win

We have published our first book to get even more people excited about the cloud and data security. Celebrating the official launch, you can win printes copies and Boxcryptor licenses in our raffle. Read about the details in our blog post.