Tips for Managed Service Providers: Salesforce Backup and Restore Solutions
In this blog, you’ll learn everything you need to know about protecting Salesforce data for your clients. We’ll cover the essential aspects of Salesforce backup and restore, including:
- The risks associated with Salesforce data loss, from human error to malicious attacks
- The critical role of metadata and the consequences of its loss
- Tips on how to set effective backup goals and choose the right backup frequency
- Different backup methods, including Salesforce’s native options and third-party solutions
- The features and benefits of SaaSAssure for MSPs, including its modern interface and enhanced security measures
Being a Managed Service Provider (MSP) seemingly gets tougher every year. New technology, evolving risks, and shrinking margins are just the start. Now, there's also the responsibility for new types of data. With more and more businesses relying heavily on SaaS services for critical info, MSPs should ensure a solid recovery plan for that high-value data. Salesforce, a key service with vital customer data and time-sensitive processes utilized more and more by the SMB, offers plenty of backup options, but most aren't MSP-friendly. Here is what you need to know about Salesforce backup and restore.
Risks To Salesforce Data
When evaluating backup and recovery options for Salesforce, it's important for MSPs to consider the various types of Salesforce recovery requests. These can range from single record recovery requests resulting from accidental user deletions to more serious human error incidents. For example, a marketing admin might upload contacts from an event and inadvertently overwrite existing, crucial contact data. They might also change a field type from radial to checkbox, resulting in the loss of all data for that field.
In addition to human error, there are also threats from malicious actors both internal and external. People with unauthorized access to Salesforce, especially admin access, can do a significant amount of damage by deleting records, deleting entire tables, deleting user sets, changing workflows, or even overwriting good data with bad data (data poisoning). And sometimes systems errors and integration issues can create lost or overwritten data. An MSP needs to plan for recovery requests that are found immediately, and those that might have happened weeks prior.
Protecting Salesforce Metadata
While protecting the core Salesforce data is a given, it's equally important to pay attention to the often overlooked metadata. Metadata refers to data that describes other data, providing context and information about the data structure, usage, and management. The metadata in Salesforce’s usage includes custom objects and fields, workflows, assignment rules, validation rules, page layouts, user profiles, permissions, reports, analytics and more. An example might be a custom field created to capture “mother’s maiden name” as a security question.
Consequences of Metadata Loss
A recovery plan and a backup strategy for Salesforce also needs to include metadata. Losing metadata can seriously disrupt operations, leading to system misconfigurations and significantly increasing the complexity of recovery. Restoring a Salesforce instance requires knowing exactly how it was created, customized, configured, and integrated. This can be incredibly difficult and costly. Consider the initial investment in consulting services to set up Salesforce for an organization. Now, imagine redoing that work under the pressure of mounting downtime costs.
Tips For MSPs: Establishing Backup Goals
Creating backup goals goes back to basics - establishing acceptable Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) just as one would for any other enterprise application critical to business operations. Here are some considerations for Salesforce.
Frequency of Data Changes in Salesforce
Salesforce data can change quickly, so frequent backups are critical to minimize data loss.
Calculating how much data is created or modified daily is a great way to decide how often your client needs those backups. For example, if the business mostly looks up information, weekly backups might do the trick. But if your client is an organization with frequent new orders and updates, like an insurance company, they'll likely need to back up daily or multiple times a day.
Data Loss Tolerance
MSPs must determine how much data loss is acceptable for their clients, balancing backup frequency with storage costs. Large enterprises with significant changes to data will need larger amounts of storage for backups. (This also depends on how the backups are being done. Incremental backups can reduce the overall amount of data that needs to be stored, and its cost.)
Methods of Backing Up Salesforce Data
MSPs have several options to help clients back up and recover their data, ranging from Salesforce’s own tools to third-party utilities.
Salesforce Data Recovery Service
Salesforce does offer a Data Recovery Service, but it's important to treat this as a last resort.
Generally, Salesforce doesn’t take responsibility for lost data due to their shared responsibility model, but they will attempt a recovery for a fee. This service is costly (upwards of $10K+) and can take several weeks and does not recover any metadata. Essentially, Salesforce uses their enterprise backup software to recover specific client data, which requires significant effort. Given the lengthy recovery time, this option is only recommended if the lost data is extremely valuable.
Weekly Export
Another option available is the Salesforce weekly update. This is an option that Salesforce makes available through its admin console. This is a manual process and involves exporting .csv files for every table in the database. It’s a potentially laborious process (even more laborious to recover data with this if needed) and will likely include data loss (up to a week). If the client data changes frequently, then this may not meet their RPO. This export also doesn’t capture metadata. There is a workaround to capturing metadata, but it involves creating change sets, and setting up sandboxes to capture user configurations. A recovery process might involve first restoring a client's configuration from a sandbox, followed by re-importing the weekly export data.
Third-Party Backup Solutions
Generally, the best approach is to use a third-party backup solution to backup and recover Salesforce data. As of June 2024, there are over 60 options available to do so. Salesforce recommends solutions that support automatic backups, including metadata.
For MSPs, finding solutions that fit specific service desk needs is key. Look for features like easy management of multiple clients' backups and recoveries from a multi-tenant console, integrated billing support, and client-level reporting. If the solution can handle multiple Salesforce accounts, extra emphasis on security and controls to prevent misuse or errors is crucial.
Finally, keeping an eye on the future is essential. Salesforce isn't the only SaaS service businesses rely on; many use multiple SaaS services for critical operations, often integrated with Salesforce. An excellent third-party tool would offer a unified interface to manage a broader SaaS footprint across multiple clients.
Operational Enhancements for MSPs With SaaSAssure
SaaSAssure is one of the few data recovery products designed specifically for MSPs from the ground up. Unlike other products that have tacked on MSP features post-release, SaaSAssure was built with MSPs in mind right from the start.
Modern User Experience
Extensive effort has gone into crafting a modern design, prioritizing a streamlined process to minimize the steps needed for common actions. Right away, when an admin logs into the platform, they will see an overview dashboard of their most recent backup jobs. It’s simple to navigate through actions, such as setting up backup jobs, or recovering data and doing that by client account. It takes as little as 3-4 clicks to take most actions on the platform, and the design is intuitive, requiring minimal training.
Integrated Billing and Reporting
Within the SaaSAssure platform, an MSP can choose a SaaS platform to protect (including Salesforce) and see their cost per user. By clicking on a connector, they can add the SaaS platform to backup, and work with the customer to get the necessary credentials to start the process. Once backups are running, billing tracking happens automatically with easy to view usage reports by clients that your financial team can use to generate invoices. A separate user account for a billing contact can be created that has no ability to manage backups, but can pull reports, ensuring greater role-based security.
Modern, Unified Interface
The SaaSAssure interface is modern, fresh, and easy to use, offering a unified experience across a wide range of SaaS services, not just Salesforce. This allows MSPs to extend their data protection coverage to other applications, increasing their value to their clients.
Flexible Storage Options
SaaSAssure includes unlimited storage to the SaaSAssure Cloud, but MSPs with specific compliance needs can opt to use their own storage repositories. Any S3-compatible storage can be utilized as a backup target, ensuring flexibility, seamless integration and compliance.
Security Enhancements
SaaSAssure was also designed to be highly secure, with 256-AES encryption and multifactor authentication (MFA), as well as role-based access controls. Additionally, SaaSAssure includes MultiPerson Approval (MPA) - which sets a new standard in security, and is a feature that other applications are likely to adopt in the future.
Multiperson Approval
Multiperson Approval (MPA) is a powerful way to protect sensitive information. Backup data is critical, as it serves as the last line of defense when something goes wrong with your Salesforce instance. If a malicious actor gains access to a backup admin console, they can cause significant damage. Despite the protection that MFA offers, it can be bypassed, and admin workstations can be compromised. Human error is also a concern; an admin might accidentally delete a backup job or recover the wrong data set, overwriting good data with old data. A malicious actor could exploit these vulnerabilities intentionally. MPA helps mitigate these risks by requiring multiple approvals for sensitive actions.
MPA requires up to 3 admins to mutually agree on data-destructive tasks. When one admin requests an action, the other (up to 2) admins will receive a notification of what the action is, and a choice to approve or deny. This step alone can alert admins to an attack in progress if that's what’s occurring. It can also be a secondary step to prevent common data recovery errors from happening.
Conclusion
With Salesforce increasingly becoming the more prevalent as the cornerstone of business operations, the role of Managed Service Providers has never been more critical. As the central hub of CRM, protecting Salesforce data is paramount. Effective backup and recovery strategies are essential to mitigate the risks of data loss, whether from human error, system failures, integration issues, or malicious intent.
With so much SMB data increasingly moving into SaaS applications, it may be time for MSPs to evaluate current backup and recovery options to ensure comprehensive protection for Salesforce, including both core data sets and metadata. Understanding how automated these processes are and how well they align with internal workflows for managing client backup and recovery, as well as billing, can make a significant difference. Additionally, considering if the chosen solution is scalable and can extend to other SaaS services in the future is essential.