What Salesforce’s Data Recovery Retirement Means For You

Last Updated on February 8, 2021 by Rakesh Gupta

Like many Salesforce stakeholders, you might assume that your SaaS data is protected because it’s in the cloud. The truth is, though, most SaaS apps like Salesforce require shared responsibility for keeping data safe. These platforms provide reliability and security controls, but customers are ultimately responsible for the errors and corruption they create. 

Here’s what makes this even more critical:

Salesforce’s ‘Last Resort’ Data Recovery Service Is No Longer An Option

As of July 31, 2020 Salesforce is no longer offering its Data Recovery service, which means Salesforce customers no longer have a ‘last resort’ if a data loss or corruption occurs.

According to Salesforce, the data recovery process “does not meet our high standards for customer experience due to the length of time and reliability of the process. This process takes a minimum of 6 – 8 weeks to complete and we cannot guarantee 100% data recovery. Due to these issues, we are no longer offering this service.”

While Salesforce has retired this service, they will continue to offer several native options like the Weekly Export, Data Loader, and the API as methods for customers to restore their data manually.

It’s important to note that these native methods include data, but no metadata. To proactively protect your Salesforce platform, you should back up metadata and attachments as well. Without this vital piece, putting the relationships between your Salesforce data objects back in place can become a painstaking process. And without the ability to maintain relationships, you’ll only have partial restore capabilities. 

What Should You Do Next? Consider These Six Best Practices

For many, the data recovery service retirement is an opportunity to reassess their current cloud data protection strategy. According to OwnBakup’s recent survey, 88% of companies lack a comprehensive backup and recovery solution, which may be especially risky, with many companies increasing their remote workforce. 

When evaluating a backup and recovery solution, make sure that:

1. You’ve defined your recovery point objective (RPO) to determine how much data you are willing to lose. If you’re not backing up your data at least daily, or better yet, leveraging high-frequency backups, you have no way to recover any data that has changed since your last backup. In many cases, this could be weeks or months of data that is gone forever.
2. You’ve defined your recovery time objective (RTO) to determine how long you can afford to be without your data. With a cloud data protection platform, time to recovery can be minutes vs. days or weeks with out-of-the-box solutions. Many organizations have shared stories about it taking over a month to recover their data with out-of-the-box solutions.
3. You can recover your data from every point in time, whether that’s yesterday or six months ago, in a way that allows you to put it back together exactly like it was before the problem occurred. It would be best to take full backups every single day. To recover the exact data needed, you should have the ability to quickly compare data to historical data.
4. Your backups meet (or exceed) Salesforce security standards. It would help if you relied on a reputable solution that has passed Salesforce security reviews and has built-in platform security features that meet enterprise needs. Controls you should include are: 
   1. Role-based Access Controls (RBAC) for control over who has access to backups
   2. IP whitelisting for controlling domain access
   3. Two-factor authentication for ensuring only authorized users have access
   4. Single-sign-on for a reduced number of threat surfaces
5. You can count on your data backup and recovery solution when you need it most. You deserve automated and dynamic backups, proactive monitoring, and world-class support to ensure backup and recovery are as stress-free as possible. You don’t want to have to configure your backup to specific fields and objects.
6. You can access your data if Salesforce is temporarily unavailable. Companies must have access to information through a user-friendly, controlled user interface outside of Salesforce. Backing the data up to an S3 server is not the answer. Yes, it’s accessible outside of Salesforce. The number of people who will have access will be minimal, and providing access to those who might need it poses a significant security risk. 

Don’t assume that because your Salesforce data is in the cloud, it’s protected.

If your solution isn’t fulfilling the requirements listed above, you may consider using OwnBackup. This cloud data protection platform proactively prevents you from losing access to mission-critical SaaS data. You never have to worry about data loss disrupting your business—or your life.