By Chris Grove, Senior Solutions Engineer at Odaseva
In today’s rapidly changing digital landscape, where data-driven decisions are paramount, Salesforce data plays a pivotal role in business operations for many large enterprises. Organizations that offer commercial data storage solutions understand the importance of Salesforce data and so take backups of their production systems hourly, every few minutes, or even in near-real time depending on the criticality of the data.
In the United States, Verizon found that data loss from center outages costs businesses an average of $7,900 per minute of downtime, and this staggering statistic is reflected in other industries too. For example, 100 lost or compromised records can set businesses back between $18,120, and $35,730, while large scale data loss (involving 100+ million records) averages between $5 million and $15.6 million in costs.
The stakes are even higher in sectors such as healthcare, public sector and financial services, where regulatory violations associated with data breaches are often followed by significant fines; in fact IBM found in their ‘Cost of a Data Breach Report 2023’ that the global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over 3 years.
Salesforce has been widely adopted throughout these and other industries globally and this post explores whether or not the “traditional” daily backup of an Org is enough to protect production Salesforce data in today’s fast-paced environment.
This question is quite common and there is a prevailing misconception that Salesforce assumes full responsibility for the data stored on its platform. However, Salesforce, like most other cloud providers, adheres to a ‘shared responsibility model.’ This model dictates that while Salesforce takes charge of maintaining the platform’s integrity, the responsibility for protecting the data stored within Salesforce lies with its customers. And that’s why Salesforce customers and especially enterprises must find the right Salesforce backup and restore solution that aligns with their specific needs.
A critical component when it comes to deciding on an appropriate backup solution is the RPO (Recovery Point Objective).
RPO is the maximum amount of data loss that a business can tolerate after a disaster. RPO determines the frequency of backups that need to be taken to ensure minimal data loss.
For example if a business has an RPO of two hours, it means that backups need to be taken every two hours to ensure that the data is up-to-date in case of a disaster. Any data changes in the last two hours would not be included in a backup, at least not until the next backup runs. If backups are run every four hours, then the backup plan does not meet the RPO because too much data would be at risk.
Many factors influence RPO, let’s look at how the evolution of Salesforce has changed RPO standards.
Consider how organizations’ usage of Salesforce has evolved over time. Think back to the early 2000’s when it was essentially a tool for sales executives and their managers. You could manage your accounts and opportunities, record interactions with customers and run reports on your data. Many forward-thinking companies saw the benefits of this new SaaS model and rolled out Salesforce to individual departments or units within their businesses.
2005 heralded the launch of the AppExchange and the ability for partners to develop and sell their own applications, swiftly followed by the force.com platform that let customers build their own business apps too. With these new capabilities and additional functionality in Customer Service and other areas, the use of Salesforce expanded into business units and use cases that meant more and more people were using the platform and subsequently inputting more data – and more types of data – than ever before.
With a large number of acquisitions along the way including marketing, analytics, eCommerce, CPQ and order management solutions, Salesforce is now widely adopted across many of the world’s largest organizations and user counts in the tens or hundreds of thousands are not uncommon. These companies’ production environments often contain billions of data records spread across thousands of custom objects, storing data at ever-increasing rates.
The criticality of Salesforce to many organizations today is such that significant data loss or corruption can be catastrophic and frequent backups are the only viable solution to mitigate that risk. Bearing in mind that adopting a 24-hour backup strategy – the traditional “daily backup” – means that you could still lose up to 24 hours’ worth of data from your environment, the sheer quantity of data that could be lost makes a more frequent backup the only realistic option for many businesses. Organizations with complex data structures might have additional considerations. Daily backups might not account for all data relationships, configurations and metadata changes.
The usage of Salesforce within an enterprise is arguably the most important factor when considering whether a 24 hour RPO is good enough.
Data regulations are put in place by governments and regulatory bodies to protect individuals and organizations and the level of such protection can vary according to the criticality of the data. Regulatory bodies are known for handing out stiff fines to organizations that fall short of their exacting standards and over recent years their attention has been drawn to data backups. Banking, insurance, healthcare and public sector organizations are typically heavily regulated because they often store Personal Identifiable Information (PII) – sensitive data that needs to be secured in terms of who can access it but also protected by a comprehensive recovery strategy in case of loss or corruption.
Data loss and corruption does happen. We know this and many consumers might also (begrudgingly!) acknowledge it and accept a small element of disruption to the service they receive from a provider. But what if that provider had a daily backup strategy, suffered a data incident and lost 23 hours’ worth of data? That hotel reservation you made has been lost forever. A more frequent backup strategy can’t guarantee that you won’t potentially lose two or maybe three hours’ worth of data, but it could make the difference between being greeted warmly at check-in or met with confused looks by the receptionist. And from the provider’s perspective, this translates directly to the likelihood that customers will remain loyal to the company and recommend their brands.
The unwelcome growth of activity by cybercriminals also has a direct correlation to the frequency with which backups should be taken. Ransomware is designed to infect an organization, commonly through a user endpoint such as an unsecured personal device, and spread across the system. Adopting a backup strategy that protects your data several times a day won’t stop the malware entering your system in the first place but it will enable you to recover more data than a less frequent schedule would allow.
(Note: while SaaS platforms are highly unlikely potential victims of a ransomware attack, SaaS data can be targeted. The SaaS platform’s strict technical controls are simply too difficult to penetrate, however SaaS data can be attacked through phishing, malware, API key leaks, or other malicious methods.)
Backup over 300 million records within an hour, schedule backups as often as every five minutes, backup data, metadata, and files—all while minimizing API and governor limit usage.
Proactively remove roadblocks, bypass automations, and restore parent-child relationships up to 30 levels deep. Restore even highly complex objects to any point in time.
From a single record restore to rolling back an entire Salesforce object to a specific point in time, Odaseva offers a range of options.
Odaseva Backup and Restore offers five levels of data encryption. Odaseva being a no-view provider, can never see your data.
Odaseva’s analytics provides a detailed view of what exactly is happening with the data. Keep track of every change, set up custom alerts, and deep dive into any event to launch a restore operation.
To learn more about how to protect your Salesforce data with Odaseva, schedule a demo with us today.