Key management - that's the hard part. Part of the extra security of encrypting cloud data is not putting the keys on the cloud.
The Cloud is another word for someone else's computer. Unless you encrypt data before uploading it to cloud storage, you run an unacceptable risk of having it stolen.
Local encryption, done before uploading to the cloud is available through a wide variety of apps, as mentioned in the article. VeraCrypt http://veracrypt.org works with Microsoft's OneDrive, while SyncDocs https://syncdocs.com encrypts Google Drive.
Keeping keys local enhances security, but makes it more difficult to use. Solving the KMS problem will lead to a pot of gold.