Essential Salesforce disaster recovery planning considerations

Essential Salesforce disaster recovery planning considerations

David Runciman on

Share with



The loss or corruption of your Salesforce data can happen for a number of reasons, including a data breach, malicious deletions or simply human error — causing major disruption to your business. Having a third-party backup solution in place that lets you restore both data and metadata quickly and reliably will secure your orgs if disaster was to strike. But once your Salesforce data backup solution is in place, it’s best practice to start thinking about implementing an incident response plan, a disaster recovery plan, or both.

In other articles, we look at the best way to approach restoring your org after data loss, and we’ve explored what Salesforce teams need from an incident response plan. In this post, we’ll see how teams can get started with Salesforce disaster recovery planning.

What’s the difference between an incident response plan and a disaster recovery plan?

Whereas incident response plans mostly guide you through an incident while it’s ongoing, disaster recovery plans help you in the aftermath to restore normal operations. Although different in focus and emphasis, the two kinds of plan are complementary and often implemented together.

Who’s responsible for Salesforce backups and disaster recovery?

Who’s responsible for data backups at your company? It’s a common misconception that either Salesforce will look after your data for you, or that someone else in the company has it covered. The likelihood is that if you can’t think of the person responsible, then it’s probably you. If you’re developing on Salesforce then you should have an active interest in how your orgs are being secured.

Understanding who is responsible for backups is the first step to implementing a continuity plan to protect your data. Once you know how you play a role in the backing up of data, then you can start thinking about how you’ll recover the data when you come up against a data loss situation.

Targets for backup and restore performance

A disaster recovery plan needs to set out both how data and metadata should be restored and how well. Your company won’t be satisfied if business operations continue to take a hit because you only managed to restore some of your lost data months after an incident. Successful disaster recovery means restoring all of the data accurately and quickly.

In disaster recovery planning, there are two important targets when it comes to restoring from data backups: recovery point objective (RPO) and recovery time objective (RTO). It’s easiest to think of what these targets mean by imagining a data loss incident. If you discover data loss or corruption, you’ll have two questions:

  1. How long since our latest backup? — the RPO
  2. How long will it take to restore our backup data? — the RTO

Meeting or beating both your RPO and RTO targets is the measure of success in disaster recovery.

Recovery point objective (RPO)

RPO relates to the time that has passed since your latest backup when an incident occurs. This length of time needs to be kept as short as possible, as data added to your org during this time hasn’t been backed up and will probably be lost entirely (although it can be worth checking your org’s recycle bin).

Increasing the frequency of your Salesforce backups will allow you to reduce your RPO. Most companies will want an RPO of 24 hours or less, which calls for daily backups. If your team is backing up your org’s data and metadata manually, daily backups are a significant drain of time and effort. You can schedule automatic exports of data from Salesforce, but these can be run no more than once per week — and an RPO of one week is unacceptable to most companies.

With Gearset, you can set up a backup job and get daily automated backups. And if you’re about to release something risky, you can back up your org on demand at any time. There’s no harm in beating RPO targets and reducing the time since your last backup to minutes rather than hours!

Recovery time objective (RTO)

RTO relates to the length of time it takes to restore all lost or corrupted data after an incident. Especially where the lost data is critical to your company’s operations, it’s imperative for business continuity that data is restored quickly. RTO targets set the maximum amount of time restoring data should take.

RTO targets are more difficult to set than RPO targets because there are several time-consuming stages to restoring data. Depending on how you back up your Salesforce data, the restore time may include all of the following:

  • The time that passes before someone notices that data is missing — this can be months!
  • The time taken to assess the damage and plan the restore process
  • The time taken to restore metadata — or to rebuild objects and fields, if metadata hasn’t been backed up
  • The time taken to restore data
  • The time taken to restore record relationships, if you’re restoring data manually

A backup solution either massively reduces or eliminates the time these stages take. Gearset’s configurable smart alerts will notify you immediately if a backup run reveals that unusual amounts of data have been deleted or altered. Gearset shows you exactly what’s changed, and then lets you quickly restore metadata and data with the record relationships intact.

All of this means that you can expect to restore lost or corrupted data the same day you’re alerted to the data loss. Adopting more mature DevOps processes will also improve your performance. High-performing DevOps teams typically restore in under an hour.

Each Salesforce org is unique, so the best approach to setting a realistic RTO is to test restoring backup data to a sandbox org and see how long it takes. Testing your restore process is best practice anyway, as it helps you to optimize your restore performance.

Practice your recovery process

Practicing your process might feel like a step worth skipping over, but when time is of the essence in a disaster situation, you don’t want your team to have to grapple with a tool that they’re not familiar with or don’t have access to. The ideal testing cadence would be once a year or when something significant changes in the team, like a new team member joins.

Think of testing your backup strategy like a fire drill. If you only test it when you first install it, a lot could go wrong: doors and access could be changed and employees with important roles in the drill may have left. By practicing regularly, everyone has realistic and recent experience of the process, and you’ll be able to iron out any kinks. This will increase your chances of success and reduce the stress involved.

When disaster strikes, teams who work with a mature DevOps setup — like having a backup solution integrated with their release process, and strategizing or planning for potential incidents and disaster scenarios — are even faster when it comes to getting things back in order quickly.

Protect your sensitive data with Gearset

The most sensitive data is also the most critical to protect with backups. But that can pose a challenge for compliance. That’s why it really helps to have a Salesforce data backup solution that includes tools for compliance with data protection legislation such as the GDPR and CCPA. With Gearset, you can remove specific records from all your backups on request. You can also disguise personal data and sensitive information with configurable data masking, so you can use real data to seed sandboxes while respecting your customers’ data.

Disaster recovery planning for Salesforce

The key thing is to make sure your disaster recovery planning isn’t just wishful thinking. Backing up and restoring Salesforce data and metadata involves a whole set of risks and challenges, and testing your current process should reveal the particular issues that need to be addressed. If you want a disaster recovery plan with impressive and realistic RPO and RTO targets, you’ll need a complete backup and restore solution for Salesforce.

Gearset offers frequent and automated backups, plus a powerful and predictable restore process, allowing you to set and meet ambitious disaster recovery targets. Don’t forget that Salesforce outages really do happen, so using Gearset instead of a native backup solution can further secure your data in case something happens that’s out of Salesforce’s control. Because Gearset is hosted externally, your data is always accessible and is stored securely and encrypted in transit and at rest.

Gearset is here to help

If you’re developing on Salesforce then you need to have a backup process you can trust. If you’re ready to get started with backups for Salesforce, sign up any time for your 30-day free trial of Gearset. And to find out more about how you and your team can back up and restore your Salesforce orgs, download our free ebook, Backups for Salesforce.

Book your Gearset demo to learn more
Contact sales