IĀ“m planing to backup a lot of private data (scanned documents, tax-informations, maybe encryptet passwords etc.) with nextcloud. But IĀ“m a bit concerned about security and dataloss. Maybe someone can give me some advice. Four options I have in mind.
Local server/nas/pc with nextcloud installed. Concerns: physical theft, ādesastersā (lightning strike, pipe burst (water), fireā¦) and a secure way to sync data when not beeing at home. Running some kind of webserver with manageable know how might be a problem too.
Rent a managed!! virtual host. Concers: Am I right to say local encryption doesnt improve security, when an attacker has access to the server (Server-side encryption & file sharing). If IĀ“m right, that method seems to be a bad idea?
Run nextcloud at one hoster (A), store the data at another hoster (B). Is there a improve of security compared to option 2?
Run nextcloud on a local server, store data externaly. Concers: If loosing the local sever(data) (and the encryption keys), the data is lost. Secure sharing between local and external host.
There I would separate data that are time critical and all others. Time critical data could be on some other online device, preferably encrypted. All other data can be put on a large hard-disk (encrypted?) and stored at physically different location (a friend or family member).
In any case when an attacker has access to your (running) server, he can see all your data. There is no difference between a home-hosted or public hosted solution. Dedicated servers might be a bit better as you donāt share memory and other devices with other users. You can use hard-disk encryption to avoid that data can be recovered from a broken device.
If the attacker has admin-rights on your setup at hoster (A), he can change the code and get his hands on your password. It would be a good solution if you have more confidence in hoster (A) but hoster (B) provides a lot of storage for little money. However, take into account, that this will create some network traffic between the hosters. Also the encryption app is a bit tricky. You should figure out how to do backups and also test recovery scenarios.
You will need a full backup of all the files and the database in order to restore Nextcloud fully. If you are only concerned about the data, you will need the database only in case of encryption.
