It's hard to 100 percent know your keys haven't been stolen. They are very small things, easily smuggled out in an ICMP packet, and must be in RAM of whatever machine the disk is in.
For many businesses, crushing the disk makes better business sense than take the risk that they have historically lost encryption keys and are now about to hand their data away to an attacker.
When I'm just buying drives for my home machines, I'd pay much more for a lower failure rate because a dead drive means a lot of time and massive inconvenience plus some research and a trip to the computer store to buy a replacement.
I'd honestly pay double if I could be guaranteed to avoid all that.
There's some other downsides of course, but RAID1 basically gets you exactly that. Double price for much lower failure rate of the storage volume. Go with different manufacturers for the two drives to further reduce the failure rate at the probable cost of a little performance and space.
4 comments
[ 3.4 ms ] story [ 14.2 ms ] threadFor many businesses, crushing the disk makes better business sense than take the risk that they have historically lost encryption keys and are now about to hand their data away to an attacker.
I'd honestly pay double if I could be guaranteed to avoid all that.