> There is nothing magical about data centers making them safe while your local copy isn't.

Is this a serious comment? My house is not certified as being compliant with any security standards. Here's the list that the 3rd party datacenter we use is certified as complaint with:

https://aws.amazon.com/compliance/programs/

The data centers we operate ourselves are audited against several of those standards too. I guess you're right that there's nothing magic about security controls, but it has nothing to do with trust. Sensitive data should generally never leave a secure facility, outside of particularly controlled circumstances.

Of course it's serious.

You are entierly missing the point by quoting the compliance programs followed by AWS whose sole business is being a third party hoster.

For most business, what you call sensitive data is customers and orders listing, payment history, inventory if you are dealing in physical goods and HR related files. These are not state secrets. Encryption and a modicum of physical security go a long way.

I personally find the idea that you shouldn't store a local backup of this kind of data out of security concern entirely laughable. But that's me.

> This is quite a significant revision to your previous statement that there’s nothing about a data center that makes it more secure than your house.

I said there was nothing magical about data centers security, a point I stand with.

It's all about proper storage (encryption) and physical security. Obviously, the physical security of an AWS data center will be tighter that your typical SME but in a way which is of no significance to storing backups.

> This attitude that your data isn’t very important

You are once again missing the point.

It's not that your data isn't important. It's that storing it encrypted in a sensible place (and to be clear by that I just mean not lying around - a drawer in an office or your server room seems perfectly adequate to me) is secure enough.

The benefits of having easily available backups by far trump the utterly far fetched idea that someone might break into your office to steal your encrypted backups.

> It's that storing it encrypted in a sensible place (and to be clear by that I just mean not lying around - a drawer in an office or your server room seems perfectly adequate to me) is secure enough.

In the SME space some things are "different", and if you've not worked there it can be hard to get one's head around it:

A client of mine was burgled some years ago.

Typical small business, offices on an industrial estate with no residential housing anywhere nearby. Busy in the daytime, quiet as the grave during the night. The attackers came in the wee small hours, broke through the front door (the locks held, the door frame didn't), which must have made quite a bit of noise. The alarm system was faulty and didn't go off (later determined to be a 3rd party alarm installer error...)

All internal doors were unlocked, PCs and laptops were all in plain sight, servers in the "comms room" - that wasn't locked either.

The attacker(s) made a cursory search at every desk, and the only thing that was taken at all was a light commercial vehicle which was parked at the side of the property, its keys had been kept in the top drawer of one of the desks.

The guy who looked after the vehicle - and who'd lost "his" ride - was extremely cross, everyone else (from the MD on downwards) felt like they'd dodged a bullet.

Physical security duly got budget thrown at it - stable doors and horses, the way the world usually turns.

But how many of those splashy breaches ended up being because of the off-site backup copy of the database at the CEO's house?