<b>Unencrypted offsite backups are a data breach you're storing on purpose.</b>

<b>Unencrypted offsite backups are a data breach you're storing on purpose.</b>
That tidy bucket of nightly dumps contains every user email, every password hash, every API token, your whole config with live keys.
Leave it unencrypted and one leaked storage key hands an attacker your entire business — no need to ever touch your live server.
Encrypt at rest with a key you control, not one your storage provider holds for you. Provider-held keys are theater.
An offsite backup without client-side encryption is just a breach with extra steps. Fight me in the comments.