Do you need a Salesforce backup and restore partner?

The short answer is yes, you do. Salesforce has long recommended that each customer engage a 3rd party for Salesforce data backup and has recently launched their own offering to support basic data protection.  We will get into some additional details around what to look for in a backup partner later, but why exactly do you need a Salesforce backup and restore partner?

Please note, that we are using the word ‘partner’ not ‘vendor.’ A partner includes a level of trust and dependability that you would not expect from a vendor. If your Salesforce contains data critical to the growth and day-to-day operations of your business, you need a partner. So, what could go wrong without a Salesforce backup partner? Here are some of the issues you may face:

Data Corruption

Data can be corrupted at any point in time for a variety of reasons including a disenfranchised employee, a new admin learning how to load data, or a developer code deployment that mistakenly impacts millions of records. Regardless of why the data is corrupted, it is important to have a way to rollback data changes to a given point-in-time before the corruption occurred.

Data Loss / Deletion

When data is corrupted, you still maintain a copy of at least part of the original record. This is not the case with data loss or deletion where you encounter records that are simply gone. This can happen by a data archive exercise that accidentally purges too large of a data set, or any number of intentional or unintentional activities. This can also happen as a part of normal Salesforce operations when, for example, you are depending upon field history tracking to analyze opportunity trends without realizing that this history is only maintained for 18 months natively in Salesforce.

Data Theft and Ransomware 

The final, and worst-case scenario that requires a Salesforce backup partner is the potential of Salesforce data theft or ransomware. This is when an internal or external resource replicates data from your Salesforce environment to use maliciously. Or, this can happen if there is a security breach and your Salesforce users are potentially locked out of the Force.com platform entirely. Though many think that this will not happen to their business, no organization is exempt from the risk of attack. In fact, 66% of over 5,000 surveyed organizations had encountered ransomware in 2021, with 46% of impacted organizations paying the ransom. The top method to restore data was simple: backups. 

Do you agree that you need a Salesforce backup and restore partner? If yes, keep reading. If not, you might want to start budgeting to pay a ransom in the near future, just in case. 

How do you pick a Salesforce backup and restore partner? 

Now that you know that you need a Salesforce backup and restore partner, how do you decide which company is the best fit? Like any other need, you will want to start by analyzing your requirements and the capabilities that each partner can provide. 

There are two basic approaches to backups, self-hosted and SaaS. You can read more about these two approaches in this article. In addition to the overall approach, it is important to consider the individual features provided by each solution to make sure that they meet your business needs. At the end of this article, you can pick up a copy of CapStorm’s one-page checklist of key features, but we will highlight the top 3 below.

Backup Frequency 

The first consideration is how frequently the backup will run. Many SaaS solutions offer once a day backups, but self hosted options, like CapStorm provide a higher frequency of data replication. For example, CapStorm supports backing up Salesforce as frequently as every 3 minutes. The frequency of the backup will determine the precision of the restore, as you can only restore data from the latest backup – even if the data in Salesforce has changed multiple times since the initial data corruption incident.  

Here is a common scenario: The phone number field on every contact record is corrupted at 1pm. This is an accidental oops by the development team, but it does cause an issue for sales and support that needs to be fixed quickly. Between 1pm and 3pm, Support notices that the phone numbers on some contacts are wrong and starts changing the data back to the correct numbers on a case by case basis. At 4pm, a few people from Support take a break and realize while chatting that this is a wider spread issue. At 5pm, they alert the Salesforce team. 

The ability to restore this data properly depends greatly on the frequency of the backup. 

If the backup occurs nightly at 9 pm, the best data set available for your restore is nearly 24 hours old! A total revert of the phone number field will overwrite all updates made by the support team and any new phone numbers that may have been entered during the past business day.

If the backup occurs more frequently, for example, every 30 minutes, the restore should be able to roll back applicable records in a surgical manner. For example, the data restore should include records from the 8:30 pm backup, fixing only the phone number field if this field has not been updated after the 9 pm data corruption. 

(As is no surprise, this is a common scenario and is fully supported by CapStorm) 

Backup Contents & Validation 

The second major item to consider is what is actually included in the backup. It’s easy to claim to have a ‘full backup”, but it is something entirely different to actually validate that the backup is complete. Two things to consider:

1. This is a little nerdy, but bear with me! API’s matter – API’s are the way that you communicate with Salesforce from any external system. There are three core API’s used to extract Salesforce data: Soap, Rest, and Bulk. Beware of solutions that exclusively leverage the Salesforce Bulk API, for example, because there are key objects that you simply can not access via Bulk. 
2. Pay attention to metadata. Metadata, the ‘data about data,’ is the unsung hero of the Salesforce world – controlling data relationships, data structure, access to key data, and much more. A true Salesforce backup partner will provide extract and restore for metadata along with data. 

It should be possible to validate that the backup is complete, and there are several ways to do this. You can compare record counts between Salesforce and the backup; for example, if there are 1.5 million accounts in Salesforce, there should also be 1.5 million accounts in the backup. You can also spot-check the backup by looking at a record in the backup database while also looking at the same record in Salesforce to make sure that all of the field data is there. With some solutions like CapStorm, the backup data can be leveraged for operational reporting – resulting in a backup that is validated by multiple teams every day. For example, the VP of Sales will notice if their reporting data does not reflect a large new opportunity! Finally, the best way to validate a backup is by testing the restore process. We will talk about this more below. 

Backup Restorability 

The final key consideration for a Salesforce backup and restore partner is the partner’s process of data and metadata restore. While we could go into great technical details on this topic, let’s keep it short by providing a few recommended testing scenarios to validate that you can indeed leverage the backup to restore. In fact, a backup is only as good as the ability to use the backup to restore.

Four testing scenarios that everyone should try with their Salesforce backup and restore partner:

1. Restore of deleted data – delete a record in Salesforce, preferably a record with a lot of child records, like an Account, then test the restore. An Account is a good testing object because the deletion of an Account will cause a cascading delete of the associated Contacts, Cases, etc. This type of restore is much more difficult than a simple restore of a record that does not connect to any other data – like a Lead, for example, that typically has limited data relationships.
2. Restore to a point in time – make sure that your provider supports this first! Change data in Salesforce, then run a backup. The restore needs to revert the data back to a prior state. This simulates a common disaster recovery scenario where data corruption is not caught until several hours, or days, after the corruption event. 
3. Restore a large data volume – select a set of key objects, then restore a wide swath of data. This is designed to test both the restore partner’s performance and the expected return time if you encounter a bad data loss.
4. Restore metadata – Intentionally corrupt metadata, like a profile, apex class, or object, then fix the issue using your restore solution. 

Testing the restore should give you a good idea of the process to recovery along with the time it takes and any limits of your provider. 

If you have taken the time to read all the way to this point, thank you! Now, here’s the promised checklist with 25 key features and considerations as you identify and select a Salesforce backup and restore partner.