Why you need a backup solution for Salesforce

Why you need a backup solution for Salesforce

David Runciman on

Share with


Salesforce orgs need backup. And yet, for various reasons, many people assume their Salesforce data is safe. Unfortunately, none of those reasons bear any scrutiny. Here’s why you need to think about backup.

Salesforce outages cause data loss

The idea that Salesforce data is stored ‘in the cloud’ can lead some to a false sense of security. But outages are a risk to any system - even a world-class CRM like Salesforce.

In May 2019, Salesforce users suffered an incident that came to be known as ‘Permageddon’. Any teams that had ever integrated Pardot (a marketing automation tool) into their orgs found that their permissions model was corrupted, with all user profiles granted permission to view and modify all data. Salesforce rightly decided that the first priority should be to protect their users’ data, so it deleted all affected permissions. Unfortunately, this meant that admins had to rebuild their org’s profiles and permissions manually.

The Salesforce outage in May 2019 was worldwide

Heatmap of Salesforce outages reported across the US during Permageddon

Salesforce later developed a script to restore permissions from backups - but the results were mixed. Ultimately, while the steps Salesforce took were understandable, the result was a large number of users struggling to recreate their permissions models. In contrast, Salesforce teams with a robust backup solution in place were able to restore their permissions painlessly.

A smaller outage in 2016 caused hours of data loss for companies with orgs on one Salesforce instance, NA14 (North America instance 14). With no access to their CRM, companies were unable to operate for the duration of the outage. And data added to their orgs in the hours leading up to the outage were also lost.

Human error causes data loss

Everyone makes mistakes - Salesforce developers and admins included. Most often, it’s an honest mistake, with the extent of the damage ranging from a minor inconvenience to a major disaster. Occasionally, data is deliberately deleted. You need to be prepared for either case, because these things do happen. One contributor to a forum discussion tells the story of a mistake causing significant data loss.


As for deletions with malicious intent, another contributor to the discussion leaves this caution: ‘Always remember, disable a user before you fire them. I’ve seen a few cases of random destruction by admins on the way out. No sandboxes and no recent data export.’

Salesforce integrations can corrupt data

There are various Salesforce integrations designed to alter or move data. These are powerful tools that can have devastating consequences when mistakes are made. One Salesforce developer admits to having a bad rm -r command in the ETL program they wrote. Remove commands are an obvious danger to data, and can cause considerable unintended damage. One well reported case relates to the Git-hosting provider, GitLab. Early in 2017, a GitLab admin ran rm -rf on a directory in the wrong server. Almost 300GB of data was lost - some of it irretrievably as a result of multiple backup failures.

Salesforce data recovery is being retired

Okay - so data loss and data corruption can happen. But we often hear questions like ‘Won’t Salesforce restore my data for me?’ The current answer to that question (‘erm… sort of’) is about to get simpler. That’s because Salesforce is retiring its data recovery service at the end of July 2020.

Salesforce doesn’t want its customers to rely on the data recovery service, which is meant to be a last resort. The recovery process sounds simple: you pay a flat rate of $10,000 (Salesforce says it costs them more than that) and Salesforce gives you a CSV file of your data. But it can be several weeks before you receive the CSV file from Salesforce - and that’s before you’ve even begun to restore the data to your org. What’s more, Salesforce doesn’t guarantee that your data can be restored, and it can only provide your data as it was at a point in time within the last 3 months.

Salesforce wasn’t happy to be offering such a poor service, so it decided data recovery would be retired without replacement.

What about manual backup?

It’s possible to export backup data from Salesforce yourself. You can schedule backups that run at regular intervals - every week in the best case. If disaster strikes, the good news is that you won’t need to wait or pay for backup data to come from Salesforce. But at least a week’s data could be lost if you needed to restore from these backups. And as with the data recovery service, these manual backups generate CSV files of data only. So actually restoring the data will be a long and arduous process.

Salesforce recommends a partner backup solution

Salesforce themselves recommend a partner backup solution. The Salesforce ecosystem thrives because of the third-party tools developed for the platform. Indeed, the platform has very deliberately been built to facilitate integration with other tools. Data backup is no exception.

So what should you be looking out for in a Salesforce backup solution?

1. Regular, reliable backups

To minimize data loss, you need regular automated backups, and the ability to back up on demand before you make any risky changes. Look for a tool that’s easy to use. And it should help you to analyze the way your data is changing between each backup. It isn’t always immediately obvious when your org’s data is missing or changed. The first step in data recovery is noticing that data needs recovering!

2. Smart restore functionality

Backing up your data is difficult; reliably restoring it to Salesforce is even more difficult. That’s because Salesforce data often can’t be restored without first restoring the metadata that describes the shape of your org. Records can’t be restored to fields that no longer exist or to objects that have changed. So you need to back up and restore your org’s metadata along with your data. Choose the tool that is best at restoring your whole org - metadata and data - just as it was.

3. Enterprise-grade security and compliance

You need to trust that your backup data is in safe hands. Where is it being stored? How is it encrypted? Does the company in question have security accreditation? It’s likely you’ll also need to think about compliance with GDPR and CCPA regulations. Is the backup solution equipped to process requests that customers might make under data protection regulations? Does your backup strategy need to demonstrate SOX compliance? These are just some of the questions you’ll need to ask - there will be more specific queries depending on your sector and location.

Watch our webinar the ultimate guide to Salesforce backups to find out what considerations you should be taking into account when picking a backup solution.

Get peace of mind with Gearset

Protecting your critical org data can be a huge stress. Whether you’re a CRM manager or an admin, you can learn more about why your Salesforce data needs protecting and how you can safeguard your team with our free ebook, Backups for Salesforce.

Here at Gearset, we think it helps if your backup solution is combined with your deployment tool, because restoring your data is just a deployment of metadata and data from a backup to a Salesforce org. Our backup and restore solution was built specifically and exclusively for Salesforce, based on our deep understanding of Salesforce’s metadata, and with the utmost respect for data security and compliance. And Gearset is more robust than backup solutions hosted on Salesforce, because Gearset is a hosted web app outside of Salesforce; if Salesforce goes down, you’ll still be able to get your data with Gearset.

Backup is critical, but it doesn’t need to be a headache. See how easy protecting your org-critical data can be with a 30-day free trial of Gearset’s Backup and Restore solution.

Gearset’s data backup is user friendly

Book your Gearset demo to learn more

Contact sales