| Primary storage | Every file on every storage volume is complete and readable at rest. | A ransomware process, insider, or misconfiguration can access, encrypt, or exfiltrate it. | Files are fragmented at write time. Primary storage holds shards — never a complete file. |
| Distributed & object storage | RAID, erasure coding, S3 — data is split for performance, but reconstruction is transparent to any compromised accessor. | A compromised credential hands an attacker full reconstruction capability. The splitting is not a security control. | Each shard independently encrypted with isolated key material. Reconstruction from the storage layer alone is impossible. |
| Backup repositories | Every backup copy is a complete, readable replica of your production data. | 96% of attacks target backups first — because backups are the recovery mechanism. | The backup target is immune. Shards are individually inert. The recovery mechanism cannot be ransomed. |
| Cloud storage | S3 buckets, blob storage, and object stores hold complete files by default. | A misconfigured bucket or stolen credential exposes complete data immediately. | Cloud storage receives shards, not files. An exposed bucket reveals fragments with no standalone value. |
| DR and replication sites | DR sites and replication targets hold complete copies — that is their purpose. | Every additional copy is an additional target. More resilience copies = more attack surface. | Reconstruction replaces replication. No complete copy at any DR location. Every write point is a restore point. |
| AI and data lakes | Training datasets, feature stores, and data lakes store complete records and files. | Data poisoning, theft, and AI-driven errors at machine speed require data to be whole or reconstructable. | Training data is fragmented at write time. Any AI-driven error rewinds to any precise second. |
| Edge and remote sites | Remote and edge locations store complete local copies for performance and availability. | Physical theft, local ransomware, and insider threat all require complete data to be useful. | Edge locations hold shards. Stolen hardware yields only inert fragments. Site failure triggers automatic reconstruction. |
| Regulated data (HIPAA, PCI, GDPR) | Regulated records — patient data, payment data, PII — exist as complete files in compliant systems. | A breach of complete records triggers mandatory disclosure, fines, and liability regardless of encryption. | Regulated data is never whole at any location. Compliance is architectural. Right to erasure = shard destruction. |
| Misconfigured environments | Misconfigurations — the #1 cause of cloud breaches — expose whatever data is stored at that location. | Complete or reconstructable data at a misconfigured location is immediately accessible to anyone who finds it. | A misconfigured Myota location exposes shards. Individually they reveal nothing. Security does not depend on configuration hygiene. |