Somewhere in your last audit cycle, someone ticked a box that said the database backups are encrypted. That was the right call, and it probably closed a finding. Here is the uncomfortable part. Encryption is the easy half. The half that decides whether you ever see your data again is the key, and the key is almost never owned by a person whose name your business actually knows.
An encrypted backup nobody can decrypt is not a backup. It is a locked box with the contents you needed inside.
When a backup is encrypted, restoring it needs the same key or certificate that protected it. That key lives somewhere. On the old server. In a former DBA’s profile. In a vault one contractor set up and then moved on. If the server you are restoring onto is not the server that made the backup, and in a real recovery it never is, the key has to travel with the file. If it did not, the file opens onto nothing. The data is intact and completely out of reach.
Would it be unreasonable to say nobody in your organisation has restored an encrypted backup onto fresh hardware and watched it actually open? Most boards cannot answer that, and the silence is the answer. The certificate sits in plain sight in the backup chain, doing its job perfectly, and that is exactly why no one questions it. It protects the data from attackers, and on the worst day, from you.
Frame it as a custody question, not a technical one. Who holds the decryption key. Where is the copy kept that does not sit on the same server it protects. Who is authorised to produce it during an incident at 3am. If the honest answer to any of those is a shrug or a single person’s laptop, you do not have a recoverable backup. You have an encrypted file and a hope.
What would it cost the business to discover this during a real outage instead of now? The regulator that asked you to encrypt did not ask you to lock yourself out, and an insurer reviewing a claim will want evidence the recovery path was tested end to end, key included. A backup you cannot decrypt fails the one test that matters, and it fails it quietly, long after everyone moved on.
We offer a free, read-only SQL Server health check. Fifteen minutes, no changes to anything you run, no obligation, no sales call you did not ask for. It returns a graded plain-English report, and one of the plain answers it gives you is whether the thing protecting your backups would also let you back in.
Want to know if this is sitting in your estate? We run a read-only check and hand you a graded report in plain English.
Get your free health check