Comment on Notes on full disk encryption on a Hetzner cloud VPS
aksdb@lemmy.world 19 hours agoWhy full disk encryption is important: what happens when you switch servers or providers: can you be sure the disk gets wiped properly?
Or when your disk dies and gets replaced, what happens to the old disk? Will they physically destroy it or just throw it in the bin?
When encrypted, it doesn’t matter; no one will get data off of them. That’s why you encrypt servers.
exu@feditown.com 14 hours ago
It’s worth going through the provider’s policies.
For example, here’s how Hetzner handles deletion of your data
Encryption will prevent mistakes, but if you can’t trust the provider’s policies you shouldn’t trust them to run your infrastructure at all.
aksdb@lemmy.world 13 hours ago
Security is always applied in layers. The more the better. There’s a reason “encryption at rest” is a requirement in many audits.
exu@feditown.com 12 hours ago
Agreed. I was going to argue more against encryption, but you can see me somewhat changing my mind in the second half of my comment.
For me personally, I don’t want the hassle of encryption on my VPS and have decided I’m fine with the remaining risk.