[zhouzhao]

You can encrypt them at rest, but data that lies encrypted and is never touched, is useless data. You need to decrypt them as well. Also, plenty of incompetent devops around, and writing a decryption toolchain can be difficult.

[kspacewalk2]

Am I missing something? If you ever need to use this data, obviously you transfer it back to your premises and then decrypt it. Whether it's stored at Amazon or North Korean Government Cloud makes no difference whatsoever if you encrypt before and decrypt after transfer.

[oceansky]

They can take the data hostage, the foreign nation would have no recourse.

[Imustaskforhelp]

Have it in multiple countries with multiple providers if money isn't a concern.

And are we forgetting that they can literally have a multi cloud backup setup in their own country as well or incentivize companies to build their datacenters there in partnership with them of sorts with a multi cloud setup as I said earlier?

[DarkmSparks]

Encryption only protects data for an unknown period of time, not indefinately.

[mikehotel]

If your threat model includes the TLA types, then backup to a physical server you control in a location geographically isolated from your main location. Or to a local set of drives that you physically rotate to remote locations.

[mikehotel]

Decryption is not usually an issue if you encrypt locally.

Tools like Kopia, Borg and Restic handle this and also include deduplication and other advanced features.

Really no excuse for large orgs or even small businesses and somewhat tech literate public.

[icedchai]

Why write one when there are tools like “restic”?