The Digital Operational Resilience Act (DORA) enforcement begins Friday, January 17, 2025, introducing rigorous requirements for operational resilience, cybersecurity, and ICT risk management. 

While many organizations, especially large enterprises, have already begun preparing for compliance, critical gaps often remain in addressing SaaS applications like Salesforce. 

This oversight stems from a common misconception about the shared responsibility model of such platforms. While Salesforce ensures platform uptime and security, the responsibility for data protection (specifically backups and recovery) rests squarely with the customer. 

If your organization uses Salesforce, that means you are responsible for ensuring that your data protection and resilience strategy complies with DORA. Organizations running on Salesforce must recognize that safeguarding their data—including backups—is their obligation if they intend to comply with DORA.

In previous posts, we outlined key strategies for safeguarding your SaaS data and securing your change management: Strengthening SaaS Data Protection Under DORA: Best Practices & Strategies and Securing your Salesforce Change Management for DORA Compliance. 

In this final post, we’re taking a deeper look at Salesforce data and exploring DORA requirements in detail, with a particular focus on Salesforce backup and restore. We’ll highlight the key attributes these solutions must have to ensure compliance:

• Independence from Salesforce
• Comprehensive data restoration capabilities, going beyond just backing up data
• Monitoring and adaptability to Salesforce’s ongoing changes
• Security by design including compliance with top security standards

Let’s dive in.

DORA Compliance: Why is Salesforce data important?

To understand why it’s important—and challenging—for Salesforce data to comply with DORA, let’s take a step back and review a few basics:

• What Salesforce is responsible for when it comes to your data (called the shared responsibility model)
• Risks that you must subsequently protect your data against
• How to protect against these risks

What the shared responsibility model means for organizations using Salesforce

Salesforce’s shared responsibility model ensures platform security and uptime, but protecting data integrity and availability is the customer’s responsibility. This is often misunderstood, especially when focusing solely on external cyberattacks. 

Organizations must ensure they can maintain operational resilience if their Salesforce Org gets targeted by an external threat actor, like a ransomware attack. But DORA amps up these resilience requirements much further by requiring that organizations must protect SaaS data against all risks—not just cybersecurity threats. This includes internal risks such as misconfigurations, human error, and poor data management, as well as semi-external risks like compromised credentials or exposed API keys, which remain the customer’s responsibility to safeguard. And this is a significant mandate as studies show that internal sources cause more than 73% of SaaS data loss:

Risks you must protect against under the Salesforce shared responsibility model

The shared responsibility model introduces two primary risk categories that you must protect against: errors, and failed backups. And both of them are specifically called out in DORA. 

Let’s explore each.

Risk 1: Errors

Real-world Salesforce data errors that customers are responsible for protecting against include:

1. Human errors: Everyday administrative tasks—such as deleting outdated records, changing picklist values, or removing custom fields—can unintentionally lead to significant data loss. For example, deleting a field in Salesforce can automatically erase all related data, causing widespread data gaps that are difficult to recover without a solid backup strategy.
   
2. Automation gone wrong: Automated processes like bulk data imports, segmentation recalculations, record merges, or the accidental deployment of test campaigns in production environments can quickly spiral out of control. Integrating new third-party applications that perform large-scale updates to your Salesforce data model adds another layer of risk, making it crucial to have safeguards in place.
   
3. Risky Production Changes: Deploying changes in the production environment—such as modifying triggers, workflows, or the data schema—can result in system disruptions and data inconsistencies. This risk is amplified by the difficulty of fully testing these changes in complex Salesforce environments. Bugs in custom Apex code, misconfigured automations, or overlooked dependencies can trigger unexpected errors that compromise business operations and data integrity.

What DORA says:

DORA Article 9(3d) mandates:

Those ICT solutions and processes shall: […] ensure that data is protected from risks arising from data management, including poor administration, processing related risks and human error.

Risk 2: Failed Salesforce backups

Organizations choose Salesforce for its agility so they can rapidly implement business needs through a no-code and low-code approach, which avoids the burden of traditional and rigid IT change management processes. As a result, Salesforce Orgs evolve frequently with new objects, fields, and features. This agility is the backbone of Salesforce’s value to its customers, however it can introduce risks to backup and restore functions because these frequent changes can cause incomplete or failed backups and restoration problems.

What DORA says

DORA Article 12 mandates:

Testing of the backup procedures and restoration and recovery procedures and methods shall be undertaken periodically.

How to protect against these Salesforce data risks and comply with DORA

These risks highlight the need for frequent and complete Salesforce data backups. But backing up and restoring data in Salesforce is not straightforward, especially at enterprise scale. Salesforce operates on a rich and intricate data model that has likely been tailored to an organization’s specific needs. That introduces complexity to backup and restore processes.

To meet DORA resilience requirements without compromising Salesforce’s agility, it’s essential to have an enterprise-grade backup and restore solution that is actively monitored and that helps you adapt to Salesforce’s ongoing changes.

The ideal Salesforce backup and restore solution must address the following challenges to ensure compliance with DORA:

• Complexity of the data model: Many objects, such as historical data or system-controlled fields (e.g., Record IDs), cannot be recreated manually.
• Ongoing changes: The backup plan must be continuously monitored to ensure that it still covers all data, custom configurations, and integrations even after changes on the protected Salesforce org. It is essential to distinguish between a backup solution that appears to work and one that is truly effective.
• Scalability: For organizations managing Large Data Volumes (LDV), such as those operating in the financial sector, the backup and restore process must be able to handle both LDV and complex hierarchy.
• Restore-readiness:  Regular auditing is required to identify potential bottlenecks that could disrupt the restoration process and correct them, both during routine restore tests and disaster recovery incidents.

The next section goes into further detail about what to look for in a backup and restore solution provider that can help your organization comply with DORA.

7 key rules for DORA-compliant Salesforce backups

When reading the regulation, the intent of DORA is clearly stated: in today’s technological landscape, system stability is no longer the daunting challenge it once was. With the advent and widespread adoption of cloud-based architectures, achieving a stable infrastructure has become far more attainable than in the past. Cloud platforms provide built-in scalability, redundancy, and high availability, reducing the complexity of maintaining stable systems.

However, this shift has amped up resilience challenges. The focus is no longer just on ensuring stability, but on building systems that can withstand failures, adapt to unexpected conditions, and recover quickly while ensuring continuous service delivery. 

Each word in the DORA regulation is important, and you should consider every aspect as even the fine print may have considerable impact on your implementation choices. Let’s break it down into seven key rules to pay attention to, and explore how Odaseva can help you meet them.

Rule 1: Strengthen resilience with an independent backup provider

Isolating system components limits the spread of failures. 

By compartmentalizing services and defining clear boundaries, issues in one part of the system can be prevented from impacting the entire infrastructure.

That’s why DORA recommends mitigating the ICT concentration risk with a single provider:

DORA Article 12 (3) : 

When restoring backup data using own systems, financial entities shall use ICT systems that are physically and logically segregated from the source ICT system

DORA, Article 29 :

When performing the identification and assessment of risks…financial entities shall also take into account whether the envisaged conclusion of a contractual arrangement in relation to ICT services supporting critical or important functions would lead to any of the following:
(a) contracting an ICT third-party service provider that is not easily substitutable; or
(b) having in place multiple contractual arrangements in relation to the provision of ICT services supporting critical or important functions with the same ICT third-party service provider or with closely connected ICT third-party service providers.

Financial entities shall weigh the benefits and costs of alternative solutions, such as the use of different ICT third-party service providers, taking into account if and how envisaged solutions match the business needs and objectives set out in their digital resilience strategy.

In the context of backing up Salesforce data, DORA not only mandates that the backup function must be logically and physically segregated from Salesforce but also recommends selecting an independent vendor.

Specifically, relying on Salesforce or a Salesforce-owned entity for backup creates a significant vulnerability: if the source system is compromised, the backups are often vulnerable to the same risks. In the case of cyberattacks like ransomware, attackers frequently target both the source system and the backup, exacerbating the damage.

By selecting a vendor that operates independently from Salesforce, you significantly reduce the risk of a complete outage and non-compliance with DORA. 

Odaseva is therefore the leading backup and restore provider for organizations that must comply with DORA because we maintain complete independence from Salesforce. By choosing Odaseva, you enhance the resilience of your backup strategy in compliance with DORA requirements. Our approach ensures that your backups are properly segregated and prevents the risk of ICT concentration, aligning with DORA’s stringent requirements and protecting your critical data from systemic failure. 

Rule 2: Make sure you can restore data, and prove it, and document it

Throughout the DORA regulation, one important topic is often repeated: Your backups must be usable. And you will need to prove it. And document it.

DORA Article 11:

Financial entities shall put in place, maintain and periodically test appropriate ICT business continuity plans, notably with regard to critical or important functions outsourced or contracted through arrangements with ICT third-party service providers

As part of their comprehensive ICT risk management, financial entities shall […] test the ICT business continuity plans and the ICT response and recovery plans in relation to ICT systems supporting all functions at least yearly, as well as in the event of any substantive changes to ICT systems supporting critical or important functions”

Central securities depositories shall provide the competent authorities with copies of the results of the ICT business continuity tests, or of similar exercises.

DORA Article 12:

When recovering from an ICT-related incident, financial entities shall perform multiple checks, including reconciliations, in order to ensure that the level of data integrity is of the highest level.

This highlights a crucial point: having a backup strategy is meaningless if the backups can’t be used to restore data. Organizations must conduct regular tests, and document these tests via reports available for authorities. No more ticking-the-box solutions—proficiency is now required.

And even going beyond that, DORA mandates that after each major release, a new business continuity test must occur. With Salesforce releasing three major updates to its platform each year, and where your Salesforce configuration is updated  at a high frequency to fit with your business needs, this can be challenging to do without the support of Salesforce backup and restore experts. 

A successful restoration test in the Salesforce context requires the following:

1. Complete backups: In Salesforce, several challenges can result in incomplete backups. Common issues include missing permissions, lack of licenses for managed package objects, which can prevent certain data from being accessed and backed up, and API calls shortage.
2. Restore readiness: The Salesforce Org must be assessed to proactively identify issues (missing fields, incompatible pick list values, disabled users, automation bypass strategy, etc) to ensure a smooth restoration process.
3. Smart restore algorithms: Complex object hierarchies or circular references makes the restoration process a challenge that requires the smartest algorithms. Moreover, achieving an optimal Restore Time Objective (RTO) requires properly selecting the right Salesforce API depending on the context.

Odaseva offers advanced audit capabilities to check for backup coverage and restore readiness, and has proven restore capabilities in the most complex scenarios for Global Fortune 500 companies.

Odaseva Sandbox Seeding allows you to automate the creation of an environment to test large and complex data models, including unlimited parent-child relationships and custom objects. 

Finally, we offer a “Restore Test App” which can automate incident and restoration scenarios, measure restore rates and durations, and generate accurate reports.

Rule 3: Embrace change

Careful change management is critical for maintaining system stability, a topic that we have explored in the previous post. 

DORA Article 9 (4e):

As part of the ICT risk management framework referred to in Article 6(1), financial entities shall […] implement documented policies, procedures and controls for ICT change management, including changes to software, hardware, firmware components, systems or security parameters, that are based on a risk assessment approach and are an integral part of the financial entity’s overall change management process, in order to ensure that all changes to ICT systems are recorded, tested, assessed, approved, implemented and verified in a controlled manner

The challenge lies in meeting this requirement without sacrificing the agility and speed that Salesforce brings.

Odaseva was designed with this key objective in mind. The audit capabilities embedded in our platform allow you to assess whether changes in your Salesforce environment impact your ability to restore data, providing actionable recommendations to resolve any issues.

As the leader in managing the largest and most complex Salesforce environments, we’ve solved the toughest data restoration challenges. By working with Odaseva and our expert team, you can apply these proven best practices for “restore readiness.” This ensures you stay compliant with DORA without sacrificing the flexibility your business needs to grow.

Rule 4: Monitor, monitor, monitor

Implementing robust monitoring and alerting systems is vital for quickly detecting anomalies. This includes tracking metrics such as latency, traffic, errors, and resource saturation. Structured logging tools also support incident analysis by providing detailed operational data.

DORA Article 10: 

Financial entities shall have in place mechanisms to promptly detect anomalous activities […] including ICT network performance issues and ICT-related incidents, and to identify all potential material single points of failure. […]

The detection mechanisms referred […] shall enable multiple layers of control, define alert thresholds and criteria to trigger ICT-related incident detection and ICT-related incident response processes, and shall put in place automatic alert mechanisms for relevant staff in charge of ICT-related incident response.

When it comes to Salesforce, this drives two complementary needs:

• Detect abnormal activities on the protected Salesforce Org that might trigger incident response and restore activities AND
• Detect any failure in your backup plan that would prevent a successful restore

Odaseva has embedded capabilities to detect abnormal data changes or deletion. By setting alerts thresholds, our customers can quickly detect incidents and respond to them in a timely fashion.

But more importantly, Odaseva is the only Salesforce backup provider offering comprehensive Managed Backup Services that provides continuous monitoring and optimization of the backup plan. Without this managed service, customers would need dedicated internal resources to regularly monitor, maintain, and optimize their backup strategy—significantly increasing the total cost of ownership (TCO). Odaseva’s experts handle this critical work for you, ensuring your backup plan stays effective and optimized over time, allowing your team to focus on core business priorities while keeping data fully protected.

Rule 5: Use a risk-based approach

DORA emphasizes the importance of risk assessments.

DORA Article 12 (1):

In Salesforce, some objects might change very frequently and the impact of losing a single change can be significant for the business process they support. However, applying a high frequency backup for the full Org will likely impact performance, costs,  and/or governor limit capacity due to a high consumption of API calls. 

Odaseva’s backup solution, with its advanced scheduling and scope coverage, provides your organization with granular control over backup schedules and scopes, enabling seamless alignment with business priorities and overall risk analysis.  Our solution allows fine-tuning of backup plans and supports high-frequency backups for the most critical objects, achieving a Recovery Point Objective (RPO) as low as five minutes. When building your backup plan, Odaseva helps you understand the actual time required to restore data, whether partially or fully, as this is critical for aligning with RTO objectives and ensuring operational continuity during incidents.

Rule 6: Ensure the backup solution is actually compliant

When drafting DORA, regulators recognized that third-parties were not sufficiently scrutinized by financial entities, and so placed significant emphasis on managing them. As a result, DORA mandates that financial entities adopt more thorough and robust third-party management practices.

DORA, Article 28:

This requires financial entities to contract with trustworthy and compliant third-parties to secure critical functions, such as Salesforce backup and restore solutions. Consequently, it is essential not only to ensure the compliance of the third-party, but also to verify that the specific services provided are included within the scope of that compliance.

It’s a major reason why leading enterprises trust Odaseva. Odaseva is ISO 27001 and HITRUST certified, receives an annual SOC 2 Type II attestation report,  and fully complies with applicable regulations such as GDPR. Our customers entrust Odaseva with critically important data. It’s a responsibility we take seriously. Our commitment to data security exceeds the requirements of even the most complex, highly regulated businesses in the world.

Rule 7: Your data must remain confidential

DORA emphasizes the critical importance of protecting the confidentiality of data. Financial entities are required to design and implement tools that ensure data confidentiality at all stages (whether at-rest, in-use, or in-transit) particularly for systems supporting critical functions.

DORA, Article 9:

Financial entities shall design, procure and implement ICT security policies, procedures, protocols and tools that aim to ensure the resilience, continuity and availability of ICT systems, in particular for those supporting critical or important functions, and to maintain high standards of availability, authenticity, integrity and confidentiality of data, whether at rest, in use or in transit.

DORA, Article 8 (4d):

Financial entities shall implement policies and protocols for strong authentication mechanisms, and protection of cryptographic keys, based on relevant standards and dedicated controls system

While Salesforce backup and restore solutions are designed for data integrity and availability, it cannot come at the cost of confidentiality risks. Once data is extracted from Salesforce (or before being reloaded), its confidentiality must be preserved. 

Odaseva is the only ‘no-view’ provider for Salesforce backup and restore, ensuring your data remains inaccessible, even to our employees. This unique approach eliminates the risk of unauthorized access throughout the backup and restore process.

Moreover, if you have invested in Salesforce Shield Encryption to safeguard your most sensitive data, you also want to make sure that the backup process is not breaking the continuum of encryption. However, by default, this protection is broken because data is decrypted when it leaves the Salesforce Org through the API used by all backup solutions—whether Salesforce-owned or third-party.

Odaseva solves this issue with our patent-pending Zero Trust Connect technology. This unique solution encrypts data before it ever reaches the backup provider, ensuring that sensitive information remains fully protected  and confidential, and is never exposed or processed in clear text. This approach guarantees true end-to-end data security and reinforces compliance with the highest security standards.

Take the Next Step in Securing Your Salesforce Data

Is your Salesforce data protection strategy truly resilient and compliant? Discover how Odaseva’s tailored solutions can enhance your data management, ensure compliance, and protect against unforeseen disruptions. Schedule a personalized consultation with our experts today to explore how we can help you achieve your operational resilience goals.