Separate hosting for CiviCRM security
Yesterday I said that there's not much security value in merely hosting your CiviCRM on a separate website.
Such a move might make sense in the context of a larger security effort, but that assumes you're talking with a qualified security specialist who knows your unique threat profile.
But for now let's talk CiviCRM security in general terms.
The trade-off
Like everything else, security is a trade-off. Usually the biggest trade-off is with convenience.
You could, for example, take your CRM offline, store it on an encrypted drive, and keep it in a safe deposit box at your bank.
In the real world, your CRM needs to be accessible by the people who use it — and they're probably going to be accessing it through a browser on a website.
Unlikely scenario
I can only imagine one scenario in which you'd get a security benefit hosting CiviCRM separately from your main website:
If the people who access your CRM are more willing to jump through hoops to use it than the people who use your main site.
That's because additional security will surely work out to a trade-off in convenience. To actually reduce the chance of inappropriate data disclosure, you'll have to limit access to the system in some way: additional passwords, two-factor authentication, or even taking it offline for local in-office use only.
Of course the problem with this is that you probably want as many people as possible to use your CRM: to make contributions, to register for events, to sign up for memberships, et cetera.
Here's the thing:
If you have a unique situation, with security concerns that you can reasonably articulate, it's important to address those concerns.
Feel free to write with any questions you have.
But in general terms, there's no almost never a situation where simply hosting CiviCRM on a separate site will get you any realistic security benefit without crippling the use of your CRM.
Instead, it's probably better to apply your resources to increasing security on your main site.
All the best,
A.