The state of Salesforce backup in 2022

Holly White on

Share with

LinkedIn
Twitter

As your business depends on Salesforce to hold business data and streamline operations, protecting your data and metadata is more important than ever. How would your business cope if you suffered significant metadata corruption or an integration scrambled a load of production data? How long would it take you and your team to get up and running again? Gearset’s State of Salesforce DevOps 2022 report found that too few companies are fully protected with a backup solution—although teams are waking up to the vulnerability of their data and metadata.

Our full report details the latest figures for DevOps adoption and performance—including backup and restore—within Salesforce teams of all shapes and sizes. In this post, we’ll delve into backup and restore in a little more detail.

Illustration of monitoring data loss and restoring from backups

How common is Salesforce metadata and data loss?

Salesforce data and metadata can be lost or corrupted at any time, due to human error, malicious attacks or integration bugs. Using tools like Salesforce’s Data Loader, it’s really easy to mass delete or update records that you didn’t mean to. And a simple mistake in your source file or field mapping could spell disaster for your data.

It’s not just low-performing Salesforce teams that experience this either—teams that are advanced in terms of DevOps maturity also experience data and metadata loss. It’s not really a question of if, but when it will happen.

According to the 1,062 respondents who took the survey, more than 50% of companies suffered data and metadata loss incidents last year. But many teams continue to have no meaningful way of protecting their business data or their investment in Salesforce configurations.

A third of Salesforce teams aren’t in a position to restore data quickly

There are a number of reasons your business can be floored when data and metadata corruption or loss strikes, so it’s worth thinking about it sooner rather than later. Being prepared and forming a plan now can save a huge amount of time and money in the long run. For example, have you fully thought through:

1. The cost of downtime

Downtime is exactly as it sounds—the time you’re unable to carry on working while your org is restored back to full health. The length of this downtime after an unpredictable error—let alone the cost—can be hard to determine, since data is often restored over a period of time. Being able to restore your data and metadata isn’t enough—you need to be able to do it quickly.

2. The security of your data

Whether we’re talking about business-critical data or a customer’s personally identifiable information (PII), any information you hold must be protected. Not having this information backed up leaves you in an extremely vulnerable position. The loss of this data can halt your entire org and leave you scrambling around in a panic.

3. The inability to restore

A backup of your orgs isn’t helpful if you don’t have a tried and tested restore plan in place. It’s one thing being able to track down and contain the metadata or data loss, but being able to then restore from your backup needs patience and great care to avoid digging a deeper hole.

Slipping into a panic and frantically restoring data is easy to do when you’re under pressure. It may also be tempting to ignore best practices—deploying metadata straight into production and bypassing your usual release process, for example. Restoring the wrong data will leave you worse off than when you started: rather than having to unpick one data corruption incident, you have to unpick two.

How well do Salesforce teams handle disaster recovery?

One way to help set your team on the road to recovery is working out your recovery point objective (RPO). Your ​​RPO is the time between your latest backup and the incident that caused data loss. So if you back up daily, your RPO would be 24 hours. This would be the ideal target because no business should risk losing more than a day’s worth of data, and enterprises often want to back up certain objects even more frequently. But in practice, backup frequencies vary across the ecosystem.

According to our survey respondents, 41% are backing up their orgs daily or more frequently. Another 18% are backing up weekly. Worryingly, the remaining 29% are backing up once a month or less, and 12% admit they have never backed up their Salesforce org.

Pie chart showing results of backup frequency

Having a regular backup process is only half the battle. You and your team need to be completely confident in the recovery process for different scenarios, and in your ability to restore the data that you have backed up.

As well as the RPO, your team should have a recovery time objective (RTO). RTO is how quickly an incident is discovered and then how quickly the orgs can be restored. Gearset’s survey found out how long companies need to recover their orgs after an incident. Around a third (31%) said that they would be able to recover everything in less than a day, while 9% said it could take weeks or even months.

Pie chart showing results of restore times

Having a tried and tested restore plan in place is key to being prepared and being able to calmly retrieve your orgs when disaster strikes. But 30% of teams said they don’t have a disaster recovery response plan in place and 30% said they weren’t sure.

Graph: does your company have a disaster recovery plan?

What backup tools are Salesforce teams using?

Third-party solutions remain the most popular tool for backups, but less than half of teams have one. Salesforce released its own Backup & Restore product in 2021. While a number of respondents selected Salesforce Backup & Restore as the tool they use for backups, it appears most of them were thinking of the Data Recovery Service based on their answers about backup frequency and restore times.

Graph asking: how do you back up your Salesforce metadata?
Graph asking: how do you back up your Salesforce data?

It’s troubling that 17% of teams don’t back up their data at all, and 20% don’t back up metadata. The 29% of teams simply exporting data every so often, whether manually or using Data Export, aren’t using a backup tool that can help them with the restore process.

Some businesses have learned the hard way that restoring data can take weeks or months. But many aren’t aware how precarious a situation they’re in, since 42% report that they’ve not yet experienced data loss. Backups are just one part of the recovery story. Everyone’s responsible for making sure their business is compliant and ready for disaster recovery.

Compliance concerns

As the world continues to become more aware of personal data protection and the right to be forgotten, the sizable percentage of teams exporting their own backup data raises questions about compliance. Where and how is that data being stored? The survey reveals that security and compliance is a relatively low priority, with just one fifth of respondents saying it is being prioritized for investment. And 21% report using unmasked data from their production orgs in testing environments, potentially duplicating personally identifiable information (PII) unnecessarily.

Who’s responsible for backups?

It appears from the report that many teams still don’t take backups seriously enough. And a significant reason for this is confusion about who has responsibility for Salesforce backups and disaster recovery. Most Salesforce teams (69%) think they’re responsible for backups, but a significant minority (the remaining 31%) think not.

Hopefully there are in fact other teams thinking about backup where the Salesforce team believes that to be the case. But Salesforce teams are uniquely qualified to back up and restore data and metadata, because they understand the platform better than anyone else in the company and handle that data and metadata every day. As the people who look after the company’s Salesforce data and metadata, you are the experts in this area, and your business could look to you to sort out an incident when you least expect it.

IT leaders must recognize the need for a robust backup solution that protects their investment in Salesforce customization and the business-critical data stored in their org.

Secure your future

Having the security of backups and the ability to restore your orgs is just one pillar of DevOps. Once you’ve built up your reliable and automated release processes, the next step is to secure the data and metadata.

To find out about the different approaches teams are taking to backups and other aspects of DevOps, download your copy of The State of Salesforce DevOps 2022.

Ready to get started with Gearset?