Yes - you're absolutely right to have off-site backups. In the past I've had reciprocal backups with others for years, where I host a small box of theirs and they host a small box of mine for exactly this.
Also, having had a colocated box be literally under water during Hurricane Sandy while at a real, proper datacenter in Manhattan, I can say that a thousand year flood can be just as much a concern for datacenters as for homes ;)
There are plenty of cheap colocation providers, too, you know, but that might be more for people like me who don't trust corporations at all.
However, I disagree with the idea that a NAS can't do encryption, but then again I would never consider running an environment that is based solely on what is "shipped by the NAS hardware vendors".
That you're more worried about the government raiding your house than you are worried about them slurping all your data from the hosting provider without you even knowing could be an entirely different discussion thread. Me, I want to know, and I want there to be a proper subpoena, whereas the NSA employees who work for Google or Amazon aren't refusing to work without a subpoena. I don't assume that data encrypted in shared hosting is safe, because hypervisors can be used to pull keys from memory. But that would definitely lead to a different discussion :)
This thread is still interesting to me because I'm often asked to help small businesses figure out online backup with reasonable security, not necessarily complete security. Good luck!
> I don't assume that data encrypted in shared hosting is safe, because hypervisors can be used to pull keys from memory.
Well, surely not, but that’s not what I was talking about; I said E2E-encrypted. The remote (the cloud, or your NAS) shouldn’t be doing any encryption or decryption. It should be a dumb store for your client-side-encrypted data.
Also, having had a colocated box be literally under water during Hurricane Sandy while at a real, proper datacenter in Manhattan, I can say that a thousand year flood can be just as much a concern for datacenters as for homes ;)
There are plenty of cheap colocation providers, too, you know, but that might be more for people like me who don't trust corporations at all.
However, I disagree with the idea that a NAS can't do encryption, but then again I would never consider running an environment that is based solely on what is "shipped by the NAS hardware vendors".
That you're more worried about the government raiding your house than you are worried about them slurping all your data from the hosting provider without you even knowing could be an entirely different discussion thread. Me, I want to know, and I want there to be a proper subpoena, whereas the NSA employees who work for Google or Amazon aren't refusing to work without a subpoena. I don't assume that data encrypted in shared hosting is safe, because hypervisors can be used to pull keys from memory. But that would definitely lead to a different discussion :)
This thread is still interesting to me because I'm often asked to help small businesses figure out online backup with reasonable security, not necessarily complete security. Good luck!