Field note · · 1 min
The backup you have never restored is not a backup
A backup nobody has restored is a hypothesis. Until the restore runs against a clock, you do not have a recovery plan. You have a setting.
Every team I audit has backups. Almost none have a restore they have actually run.
The backup job is green. It has been green for two years. Nobody has opened it, because nothing has gone wrong yet. That is the whole problem: the first time you find out whether the restore works should not be the night you need it.
A backup you have never restored is a hypothesis, not a safety net.
The restore drill answers three questions, and you cannot answer any of them from the backup dashboard:
- Does the restore complete at all, or does it fail halfway on a permission or a missing dependency nobody documented?
- How long does it take, end to end, into a clean environment?
- Is the restored data the data you expected, or a snapshot from before the migration that matters?
I have watched a restore run for the first time during an audit and surface a schema that had drifted so far from production that the backup would have been useless in a real outage. The job was green the entire time.
Recovery is not a file sitting in a bucket. It is a path you have walked at least once, on purpose, against a clock. If no one has walked it, you do not have a recovery plan. You have a setting that says you do.