Cloud storage is a model of data storage where the digital data is stored in logical pools to share "data as a service (DaaS)" for cloud users. However, users have no absolute control of cloud data, and as a result, they are more and more concerned about cloud data security especially for confidential data. This paper focuses on how to protect confidential data on cloud, and presents a (k,n) threshold secret sharing scheme based on m-sphere principle. Distribution algorithms are designed based on features of dealer's information and cloud storage containers' identifications. Secret is transformed into an m-sphere central coordinates, and then into n shadow coordinates which are placed on the m-sphere surface and distributed into n cloud storage containers. Secret reconstruction algorithms are also designed along with a proof that any k (k=m+1) linear irreverent m-coordinates can reconstruct a unique m-sphere center. Simulations and analysis validate the proposed scheme can tolerate fake shadow attacks and collusion attacks, and cloud users have absolute control on secret key which needs no more management cost from cloud services. Performance analysis proves that the scheme can improves cloud users' control on cloud data, and it is correct and efficient on computation performance and storageproperty.