Who Is Responsible for Salesforce Data Loss?
Gone are the days when Salesforce was simply a CRM platform. Top enterprises are launching amazing, data-driven programs on top of Salesforce related to digital transformation, artificial intelligence, and the Internet of Things. In order to help companies drive these initiatives and house their valuable data, Salesforce provides an incredibly high-functioning, secure platform that includes:
- Over ten global data centers
- Real-time and near real-time replication of data
- Secure, encrypted connections
- Four copies of data, distributed across data centers
- Global, 24/7 monitoring
Furthermore, Salesforce provides customers the option to purchase Salesforce Shield for an additional layer of security that includes event monitoring, field audit trail, data & platform encryption, and usage audit-ability.
While all of this should be reassuring, security of the cloud is different from security in the cloud. Which is to say that you — as a customer — are not off the hook completely.
Your Salesforce data protection responsibilities
When it comes to the security of your data, nearly all SaaS providers today subscribe to the shared responsibility model. This means that they are responsible for providing always-available application services that are hosted on a resilient infrastructure and maintaining data copies to withstand infrastructure failures or site wide outages. On the other hand, the customer feeds the SaaS application with its own data, meaning they are responsible for all data stored in the cloud, endpoints (devices), and account and access management.
Governments and regulators also place the onus of protecting data on the data owner. The customer must conform to data policies, standards, or laws relevant to its business processes. Abroad, legislation like the European Union’s GDPR, and in the United States California’s CCPA, as well as industry-focused governance like HIPAA in healthcare, FINRA in financial services, and FERPA in education, place liability for data safety and integrity on the company that collects the data, not the SaaS provider that stores it on their servers.
It is the organization’s responsibility to safeguard data from any threat--internal or external--and ensure that their cloud providers deliver bulletproof security and compliance guardrails.
How to minimize your risk of Salesforce data loss
While it is clear that organizations are responsible for safeguarding their data stored in the cloud, the majority have not taken significant protective measures. Within the Salesforce ecosystem, 88% of organizations do not have a comprehensive backup and recovery strategy, and 69% acknowledge they are unprepared for data loss or corruption. Perhaps most alarming: 50% of respondents did not believe a backup was their responsibility.
When you combine those statistics with how prevalent SaaS data loss actually is, it’s clear that having a backup and recovery solution is a must. Without a comprehensive backup and recovery strategy, Salesforce data loss or corruption could have a devastating impact across your organization with increased labor costs, data recovery fees, regulatory compliance fines, and a potential loss in productivity. That’s one reason why Salesforce themselves recommend looking into an AppExchange partner backup solution.
In our next blog, we’ll break down the key requirements of a backup and recovery solution and highlight what questions to ask of potential vendors. In the meantime, learn more about why backup and recovery is so important, especially for SaaS customers.