Cloud storage systems often use a client module at a computing device to upload and download data items, such as files, to and from a storage server. This client module can provide certain data security mechanisms, such as data encryption and data decryption, so that protected data items received from the storage server cannot be accessed by non-authorized parties. For example, the computing device can determine whether a data item received from a storage server should be protected from non-authorized parties, and if so, the computing device can encrypt the data item before storing it at local memory. Also, the client module can decrypt encrypted data to access contents of the encrypted data to provide to authorized parties.
Although the decryption of a protected data item can be performed under the control of the client module so that only authorized parties can access the protected data item, the client module cannot control transfer of the decrypted data item. For example, a user of the computing device can store a decrypted data item using a different file name or send the decrypted data item to another computing device, without providing any mechanism to protect the decrypted data item. Therefore, the client module cannot provide sufficient data security protection to decrypted data items.
Therefore, there is a need in the art to provide systems and methods for improving the data security management.