Odaseva protects critical Salesforce data for many of the world’s largest companies.
In fact, more than 10% of the world’s economy relies on Odaseva’s technology.
This unique position in the Salesforce data protection industry gives us valuable insights into market conditions and trends.
As 2025 kicks off, we’d like to share with you our predictions for trends we’ll see in the upcoming year based on our observations, interactions with customers and prospects, and of course our 13+ years expertise in protecting Salesforce data for Fortune Global 500 companies like Michelin, Schneider Electric, Roche, and DoorDash.
Read our seven predictions below, and register for our upcoming webinar to hear Odaseva CEO Sovan Bin and Odaseva CISO Arnaud Treps deep dive into each of them.
Get ready to see NIS2 everywhere in 2025.
New data security regulations have been brewing around the world, including the Network and Information Security Directive (NIS2). As countries adopt NIS2 in 2025, it’ll have a strong impact on cybersecurity – and not just in the EU, but globally.
The goal of this regulation is to strengthen cybersecurity in the EU by mitigating threats and ensuring business continuity, to ultimately benefit EU citizens and the organizations that operate within the Union. This is especially important given unstable geopolitical conditions, underscoring the need for global enterprises to secure their data in the face of uncertainty.
“[NIS2 is] aimed to build cybersecurity capabilities across the Union, mitigate threats to network and information systems… and ensure the continuity of such services when facing incidents, thus contributing to the Union’s security and to the effective functioning of its economy and society.” – Source: NIS2
We predict that NIS2 enforcement will be directed in particular towards non-EU companies that operate in the Union, to serve as a powerful message that the EU will not tolerate foreign companies causing cybersecurity risks. A key driver of NIS2 enforcement is fines. In 2025, the Directive will begin to impose enormous financial penalties for non-compliance to demonstrate the seriousness of the new regulation:
“A maximum of at least EUR 10,000,000 or of a maximum of at least 2 % of the total worldwide annual turnover in the preceding financial year… whichever is higher.” – Source: NIS2
As a result, organizations operating in the EU including those running on Salesforce have a powerful incentive to comply with NIS2. They will budget accordingly for risk management measures like encryption and other data security mandates outlined in NIS2. By doing so, organizations achieve compliance while simultaneously protecting data critical to both their operations and to their customers.
Digital Operational Resilience Act (DORA) goes live in the EU on January 17, 2025 and will have a major impact on the global financial services sector.
The regulation details specific directives which include:
Simply backing up data isn’t enough, according to DORA. Organizations must prove they can recover data from backups. This new regulation doesn’t focus only on the technical capabilities necessary to comply – it mandates that organizations must test their technology and be equipped with the right processes to effectively use it.
“Testing of the backup procedures and restoration and recovery procedures and methods shall be undertaken periodically.” – Source: DORA, Article 12
Backups must be independent from the source system (including Salesforce) to avoid concentration of risk, according to DORA. This is because attacks on data (like ransomware which is a major threat for financial services institutions) are much less damaging if organizations segregate their backup files from the system the data came from. It’s far more difficult for an attacker to access both primary and secondary data sources simultaneously, and so decentralizing the backups greatly reduces the risk of a successful attack on an organization’s data.
“When restoring backup data… financial entities shall use ICT systems that are physically and logically segregated from the source ICT system.” – Source: DORA, Article 12
Because of these two directives, we predict that financial services organizations that operate in the EU will select backup and restore vendors with expert services teams that help them prove they can recover data from a loss, and store their backup files separately from the source platform.
Note – looking for more information on DORA? You can read more about the specific requirements detailed in DORA here:
Enterprises are setting up new Salesforce Orgs in China on Alibaba Cloud because of regulations including the Data Security Law (DSL) and Cybersecurity Law (CSL).
As a result, in 2025 such enterprises will implement data management solutions that can:
In the golden age of AI, securing data is more important than ever before. Companies will explore methods to secure their Salesforce data that’s used in AI models against accidental exposure to third parties.
The Salesforce core platform security is top-tier, especially with the added protection of Salesforce Shield. However, the need to better secure data leaving Salesforce is growing because of new products like Data Cloud and Agentforce, implementing ISV partner solutions through the API, and regulations like NIS2 and DORA.
Zero Trust solutions have been the answer, and in 2025 enterprises running on Salesforce will uplevel their Zero Trust approach by implementing end-to-end encryption more widely. Organizations requiring the highest possible level of security will select end-to-end encryption to secure any and all critical data.
“In order to safeguard the security of public electronic communications networks… the use of encryption technologies, in particular end-to-end encryption as well as data-centric security concepts… should be promoted. Where necessary, the use of encryption, in particular end-to-end encryption should be mandatory for providers of public electronic communications networks or of publicly available electronic communications services in accordance with the principles of security and privacy by default and by design for the purposes of this Directive.” – Source: NIS2
In 2025 companies will take measures to balance their AI-driven initiatives against security risks like accidentally exposing their customers’ data. Companies will adopt solutions that allow them to have the best of both worlds – innovation and security.
To do so, companies will rely on solutions that provide end-to-end encryption, tokenization, and data masking between their Salesforce instance and Salesforce Data Cloud. Such a component can guarantee that sensitive data will never be exposed to a third-party even if it was mistakenly included in a prompt, because Salesforce Data Cloud and the underlying LLMs never have access to the clear text data at any point.
“No-view provider” solutions with Zero Trust capabilities such as end-to-end encryption ensure no one can ever see clear text data, including the Salesforce data security vendor or the database administrator. Applying these techniques during pre-processing (before the data enters Salesforce Data Cloud), means the clear text data is never exposed to the AI model while still enabling the AI model to be run on this data.
Note – You can read more about securing Salesforce data used in AI models here.
In 2025 companies will seek solutions that enable them to implement AI-driven tools, such as Agentforce Agents, in a safe manner.
Agentforce depends on large amounts of data for Agents to generate responses, and so companies will seek solutions that specialize in managing Large Data Volumes (LDV) to ensure they are feeding Agentforce the right, high-quality data. Too much unnecessary data creates noise, and reduces Agents’ effectiveness. But LDV performance management gets extremely complex and challenging at enterprise scale given API constraints, data dependencies like parent-child relationships, data drift and much more. In 2025 enterprises will seek solutions designed to accommodate LDVs to centralize and share the right data across the Org to support AI initiatives like Agentforce.
Another important factor when it comes to Agentforce is sharing data across Salesforce Orgs, which will help enhance the Agent experience by leveraging data from other Orgs. Multi-Org insights can facilitate this, and in 2025 enterprises will integrate such processes to uplevel Agentforce’s capabilities.
Companies will continue to invest more in environmental, social, and governance (ESG) measures to underscore their commitment to these issues. In 2025 companies will direct even more resources toward reducing their carbon footprint, and will look to their Salesforce data to better understand, calculate, measure, and control it.
Governance leaders within Salesforce Centers of Excellence (CoE) will want a birds-eye view of all Orgs to calculate and monitor carbon footprint activity. Such multi-Org insights will have other benefits like helping compliance and security teams ensure adherence to data privacy and security regulations across all of an organization’s Salesforce Orgs.
—
Want more insights on these trends? Register now for our upcoming webinar featuring Odaseva CEO Sovan Bin and Odaseva CISO Arnaud Treps.
Get in touch with Odaseva today to learn how we can help protect and secure Salesforce data for your enterprise.
Data Protection
Data Security
Data Archiving
Data Compliance
Data Platform
