By Darren Lynch, Customer Success Technologist at Odaseva

Recent Developments: The Australian Prudential Regulation Authority (APRA) issued a letter on June 3rd, 2024, highlighting the critical importance of data backup security for all APRA-regulated entities. This comes in the wake of recent data incidents impacting financial services customers in Australia.

APRA Emphasises Data Recovery Readiness

APRA’s message is clear: it’s no longer enough to simply have backups. Entities must demonstrate the effectiveness of their data recovery plans, which includes those for Salesforce data. This shift aligns with Odaseva’s core mission – empowering organisations to achieve true Salesforce data security and operational resilience.

Why Proving Recovery is Paramount

• Compliance with APRA’s CPS 234: This standard mandates robust information security practices, including data recovery capabilities. Recent audits revealed shortcomings in backup practices, prompting APRA to emphasise isolation, testing, and timely recovery.
• Shared Responsibility with Salesforce: While Salesforce secures the platform, customers are responsible for data protection within their Salesforce environment. This includes having a tested recovery plan that aligns with business process needs.

APRA’s Recent Observations and Guidance

APRA’s recent guidance highlights several critical areas where entities often fall short:

• Insufficient Segregation: Backups must be isolated from the production environment to prevent a compromise in one from affecting the other. This requires stringent access controls.
• Inadequate Control Testing: Regular testing to ensure backups are protected from unauthorised access or alteration is essential.
• Recovery Capability: Testing must validate that backups can restore critical business operations within defined tolerance levels.

Addressing APRA’s Concerns: Odaseva’s Expertise

Odaseva’s data security solutions are designed to help Australian financial services on Salesforce meet and exceed APRA’s requirements. Here’s how:

• Zero Trust Architecture: Our platform utilises a Zero Trust approach, ensuring data is encrypted and immutable. Only authorised users can access data with encryption keys.
• Comprehensive Backups: Granular encryption ensures data confidentiality. Odaseva manages your backup for you and ensures you’re delivering on your target Recovery Point Objective (RPO) down to 5 minutes of data loss.
• Proving Data Recovery: Our Restore Readiness service goes beyond backups. We help assess recovery objectives, identify potential roadblocks, and provide expert guidance to optimise your recovery plan.

Taking Action in the Face of Rising Threats

Recent data breaches serve as a stark reminder. With APRA’s heightened focus on cyber resilience, complacency is not an option. Proving your data recovery plan is essential for:

• Compliance: Meeting APRA regulations and avoiding potential repercussions.
• Business Continuity: Minimizing downtime and financial losses during data incidents.
• Stakeholder Trust: Ensuring data security and maintaining trust with your customers.

Move Beyond Compliance: Achieve Peace of Mind

Odaseva empowers you to go beyond ticking compliance boxes. We provide tools and expertise including:

• Managed Backup Services: Ensuring you have a reliable and safe copy of your data that aligns to your recovery objective.
• Rapid Recovery: Swift data restoration minimises downtime and financial losses.
• Enhanced Security: Robust architecture that safeguards your data from evolving cyber threats.
• Proactive Approach: Continuous monitoring and improvements strengthen your data security posture.

Don’t Wait Until It’s Too Late

APRA’s new focus on backup security underscores the critical role of data protection. Partner with Odaseva to ensure your backups meet the latest regulations and provide a vital safety net for your business.

Contact Odaseva today to discuss your specific needs and discover how we can help you achieve optimal data security and compliance with APRA regulations.