[DrRobinson]

I think this is a valid point, though I don't expect the people in the datacenter to know which customer stores data on which disks. There could of course still be someone working there that steals data from all customers and you end up being part of that, but that's probably quite hard and risky for the employee since the datacenters are heavily monitored and access is restricted. As a targeted attack, I'd expect them to need to team up with a different department, which makes the attack even more expensive.

[knorker]

Yup. Security is layers. Checking this box helps against some threats. Definitely not "close to useless".

Public Cloud cloud have their shit together, but they also deal with millions of hard drives. I could definitely see a story coming out where someone finds a hard drive, some sensitive stuff on it, and just nobody has any idea how it got out. Stranger things than that happen every day.

If it's encrypted then that's another layer of swiss cheese.

[DrRobinson]

> Definitely not "close to useless".

It lowers the risk a minimum amount (which makes it not useless, but close to it.) Your resources are limited, so you want to prioritize actions that have good cost:benefit ratio.

Re-encrypting disks is a significant effort (cost), effort that could be spent on something with better benefit. Should you spend a day encrypting a database or should you spend it on looking over publicly exposed S3 buckets? Ideally both, but resources are limited. Doing one action always means you're putting off something else.

[knorker]

This is a different argument.

Did you see other comments in this thread, for example someone bought a drive online and turned out it still had some backblaze data?

Compliance often has a bunch of useless checkboxing, but in that case it really mattered.

I heard a rumor that some companies had their backups "in the other tower". People won't be making that mistake again.

In some places they have a policy against two key people being on the same plane. It's ridiculous, until it isn't.

Obviously there are priorities. But you can't say "I need to add features, not unit tests, because the company will go under without these features implemented very soon, and therefore unit tests are close to useless".

[DrRobinson]

> This is a different argument.

Part of it, maybe. But the point about it reducing risk by very little is true.

> Did you see other comments in this thread, for example someone bought a drive online and turned out it still had some backblaze data?

Backblaze data is encrypted, or so they claim. Backblaze is also not hosted on AWS. I've also yet to see any evidence of that claim, though I don't dismiss it.

Data is sharded/spread out over multiple disks, you don't have one disk per customer and have all their data there. You'd get fragments of data. If Backblaze was running their servers on specific disks that were not encrypted, not zeroed, and not destroyed, that'll have to stand for them. Backblaze is hosted in a shared data center/colocation, while AWS has their own data centers with their own personnel. Backblaze is a separate company from AWS.