Backups are the classic infrastructure afterthought: invisible until the moment a database wipes itself and a founder discovers the last good copy was from three weeks ago. A developer with a decade inside early-stage companies makes the case that disaster recovery deserves attention before disaster, not after.
There is a predictable moment in the life of many startups when the engineering team learns what its backup strategy actually is. It usually arrives at an inconvenient hour, triggered by a bad migration, a fat-fingered DROP TABLE, a corrupted volume, or a cloud region having a bad day. The team opens the runbook, finds it empty, and then opens the backup console to discover that the answer to "when did we last verify a restore?" is "never."
Orchid, a developer, team lead, and founder writing under the handle @orchidfiles, has spent ten years inside startups and has watched this scene play out more than once. The argument in their HackerNoon piece is uncomfortable precisely because it is familiar: backups are treated as a cost center and a someday-problem until the day they become the only thing standing between a company and oblivion.
The problem nobody owns
Early-stage companies optimize for shipping. That is the correct default. A product that nobody uses does not need a recovery plan, and a startup that spends its first six months building redundant infrastructure for a product that never finds users has optimized the wrong thing. The trouble is that the calculus quietly inverts. The same scrappiness that makes sense at five customers becomes negligence at five thousand, and the transition happens without anyone noticing, because no single day feels different from the one before it.
Backups fail in a specific and cruel way. They are not like a feature that is visibly broken. A misconfigured backup job runs every night, reports success, and produces nothing useful. The green checkmark is the dangerous part. It tells the team a safety net exists when what actually exists is a cron job writing to a bucket that was deleted in a cleanup last quarter, or a snapshot of a replica that drifted out of sync, or an encrypted archive whose key left with a former employee.
Why "we have backups" is not an answer
The distinction Orchid draws, and it is the right one, is between having backups and having recovery. These are not the same thing. A backup is a copy of data. Recovery is the demonstrated ability to turn that copy back into a running system within a time window the business can survive. Most startups can honestly claim the first. Very few have ever tested the second.
The gap between them is where companies die. Consider the variables that only reveal themselves during an actual restore:
- Restore time. A 2TB database might take eight hours to restore and replay. If your customers expect the product back in one, the backup existing does not help you.
- Backup scope. Teams back up the primary database and forget the object storage holding user uploads, the configuration in environment variables, the secrets in a manager nobody documented, and the DNS records that took a year to propagate correctly.
- Point-in-time accuracy. A nightly snapshot means up to 24 hours of lost transactions. For a payments or messaging product, that window is not an inconvenience, it is a regulatory and trust catastrophe.
- Integrity. Corruption that began before the backup ran gets faithfully preserved. You can restore a perfect copy of broken data.
None of these surface in normal operation. All of them surface at once, under maximum stress, with customers watching.
The economics that drive the neglect
It is easy to frame this as carelessness, but the incentives explain it better. Backup infrastructure produces no demos. It wins no customers. It appears in no investor update. A founder choosing between building a feature that closes a deal and hardening a recovery process that may never be needed is making a rational bet most of the time. The problem is that the downside is not symmetric. A skipped feature costs you a deal. A failed restore can cost you the company.
This is the asymmetry that makes disaster recovery worth treating differently from other deferred work. Most technical debt accrues interest gradually and can be paid down when convenient. Backup debt does not announce itself, charges no interest you can see, and then demands the entire principal in a single afternoon. The cost of being wrong is not proportional to how long you ignored it.
What actually changes the odds
The encouraging part of Orchid's framing is that meaningful protection does not require an enterprise budget or a dedicated reliability team. It requires turning an assumption into a test. A startup that does nothing else but schedule a quarterly restore drill, actually provisioning a fresh environment from backups and confirming the product runs, will catch the overwhelming majority of failure modes before a customer does.
Managed services have lowered the floor considerably. Point-in-time recovery on managed Postgres through Amazon RDS or Google Cloud SQL is a configuration toggle, not a project. Object versioning on storage buckets is similarly cheap. Tools like pgBackRest and restic handle deduplicated, encrypted, verifiable backups for teams that run their own infrastructure. The technology is not the bottleneck. The discipline of testing it is.
A workable baseline for a small team looks less like a fortress and more like a checklist that someone owns: automated backups with point-in-time recovery enabled, an inventory of every data store that matters and not just the obvious one, backups stored in a separate account or region so a single compromised credential cannot delete both the data and its copies, and a calendar entry that forces a real restore on a schedule. The last item is the one teams skip, and it is the one that matters most, because an untested backup is a hypothesis, not a safeguard.
The broader pattern
What makes this story more than a reliability lecture is the pattern it sits inside. Startups systematically underinvest in the failure modes they have not personally experienced. Security gets serious after the first breach. Monitoring gets built after the first outage that nobody noticed for six hours. Backups get verified after the first restore that did not work. The education is real but expensive, and the tuition is paid in customer trust that does not always come back.
The companies that break this cycle are not the ones with the most resources. They are the ones that treat a small number of catastrophic, low-probability events as worth a fixed, modest, recurring investment, the way a sensible person buys insurance without expecting to file a claim. Backups are insurance that you can actually test before you need it, which makes ignoring that test harder to justify than most gambles a founder takes.
Orchid's conclusion is not that startups should over-engineer. It is that recovery belongs in the small category of things you verify before you need them rather than after, because the after, in this case, may not have a recovery of its own. The full piece is on HackerNoon, and it is worth reading before your next migration rather than after it.
Comments
Please log in or register to join the discussion