9 Ways to Minimize Your Salesforce User-Inflicted Data Loss and Corruption Risk
Salesforce protects your data with over ten global data centers, real-time and near real-time replication of data, and global 24/7 monitoring. Like most SaaS platforms, Salesforce is not responsible for protecting you from user-inflicted data loss and corruption. YOU are responsible for building a solid data protection foundation that not only requires strict user permission controls, but also includes comprehensive backup and recovery.
Let’s dive into nine ways you could minimize your user-inflicted data loss and corruption risk.
1. Optimize Salesforce Security Settings
As a Salesforce admin, you can use Salesforce Security Health Check to see how safe your Salesforce security settings are. Login to your Salesforce Production Org and conduct a Health Check to measure how well your security settings meet either the Salesforce Baseline Standard or your Selected Custom Baseline. Settings that meet or exceed compliance raise your score, while settings at risk lower your score. I would recommend that you aim for a score of 90% or higher for the most optimized Salesforce security settings.
2. Reduce Salesforce System Admins
If you have more than one “System Admin” profile, you might be at risk of a user-inflicted data loss or corruption. Having multiple “System Admin” profiles could invoke ungoverned changes that will make your Salesforce data difficult to manage. If you have more than five “System Admin” profiles, you urgently need to review the roles and responsibilities for each and assess what they absolutely need access to. If you determine that some of these users need admin permissions, you may want to leverage the delegate admin profile option or make custom profiles for these users to make sure they can only access the data that is absolutely essential.
3. Reduce the “Modify All Data” Permission
Custom profiles with “Modify All Data” permissions can be extremely risky and can open the door to user-inflicted data loss and corruption. This permission is the most powerful in all of your Salesforce platform. It allows a single user to access all the data in your environment and change or delete it. Best practice is to have no custom profiles that can modify all of your Salesforce data. Even just five custom profiles containing “Modify All Data” permissions can put your business data at extremely high risk. At most it should be reserved for admins or very powerful users. No standard end users should have this permission.
Not sure which profiles have modify all permissions? Create a custom list view for all profiles to review your standard and custom profiles. Make sure standard users have no access to:
- Modify All Data
- Modify Metadata
- Customize Application
- View Setup and Configuration
4. Ensure Salesforce Admins are certified
All Salesforce admins should get certified. This will increase their skill level and help them become more knowledgeable about Salesforce best practices. If you choose to allow any admins to have “Modify All Data” permissions after reading recommendation three, you should require them to get the Salesforce Admin and Salesforce Admin Advanced certifications, if they have not already gotten them. Admin users who do not have the proper Salesforce knowledge put your organization at a high risk of user-inflicted data loss and corruption.
5. Have unique credentials for EACH integration
Integrations errors are more prevalent than you’d think because they often go undetected. To further improve and modernize operations, you may decide to enrich your Salesforce platform by integrating internal systems and applications through the Salesforce API. The default configurations, or changes made to configurations can result in unexpected behavior that could cause a data loss or corruption to occur.
To more easily monitor integration activities, set up one unique set of user credentials for EACH integration. That way, if something does go wrong, you can easily identify which integration caused the problem. In addition to unique credentials for each integration, you should enable “API Only User” for each integration profile. This will make sure no one in your company can maliciously take advantage of these powerful integration user profiles.
6. Identify Salesforce backup needs.
If you have no backup strategy in place, you’re putting your business at serious risk of user-inflicted data loss and corruption. For their own uptime and availability, as well as Disaster Recovery purposes, Salesforce replicates clients’ production environment and stores it on backup tapes for 90 days. If you discover the data loss within three months, Salesforce Data Recovery services can look for your data in the tape backups based on parameters that you give them and send you your data in .CSV file format for a cost of $10,000 and a six to eight week waiting period. After receiving your .CSV backup files, you would have to manually complete the recovery process.
The Weekly Export, an out-of-the-box data extraction functionality provided by Salesforce, will produce a weekly or monthly set of .CSV files for the standard and custom objects that you specify. These files must be manually downloaded each week within 48 hours of receiving the download link. It is then your responsibility to store the files in a secure location, and in an organized manner. If you should suffer a data loss or corruption, there are a number of required steps to restore data with the Weekly Export, and importantly, the relationships using the many .CSV files contained within your Weekly Export .zip files. You will need to be familiar with Microsoft Excel functions to perform critical steps within this process.
Data loss and corruption happens, but it is avoidable with the right backup and recovery tools. Salesforce recommends working with a “partner backup solution that can be found on the AppExchange.”
7. Verify backup strategy compliance
Many regulations require immutable, or unchangeable, backups. For example, the General Data Protection Regulation (GDPR) requires companies to back up EU subject personal data. GDPR therefore applies to any company storing such data. Even when this data is stored in Salesforce, it must be backed up. According to GDPR Article 32 (1) (c), companies must also have the ability to restore data “in a timely manner in the event of a physical or technical incident.” While SaaS vendors are taking necessary measures to help their customers comply with GPDR, as it relates to the data in the production system, typically these measures do not extend to the backups that customers maintain outside of their production systems. Companies subject to GDPR must pay attention to the regulation across both their live data and their data backups.
8. Identify your RTO and RPO
For many companies, having unresolved data loss or corruption for over one week could equate to millions of dollars in lost revenue. As you construct your disaster recovery strategy, you will need to define your recovery point objective (RPO) and recovery time objective (RTO). The RPO is the amount of data a company can afford to lose before it begins to impact business operations. Therefore, the RPO is an indicator of how often a company should back up their data. The RTO is the timeframe by which both applications and systems must be restored after data loss or corruption has occurred. The goal here is for companies to be able to calculate how fast they need to recover, by preparing in advance.
What the recovery time and recovery point end up being are deeply influenced by backup frequency, backup retention, your ability to compare current and past data, and to restore just the data that has been impacted. RTO and RPO are two parameters that help minimize the risks associated with user-inflicted data loss.
9. Test Disaster Recovery Strategy
After you define your disaster recovery strategy, you must test it regularly. If you aren’t testing on a regular basis, you’ll have no idea if it’s going to work if you actually experience a user-inflicted data loss.
When important Salesforce records are lost, your business will spend time and resources recreating or recovering the lost data. Depending on your recovery plan, you may not be able to locate and restore all of the lost data. The RTO metric is determined by calculating how quickly a given business needs to recover data before the company begins to suffer. This is an essential step in establishing an appropriate disaster recovery plan.
Maintaining and testing your disaster recovery plan is critical. When accidental data loss occurs, day-to-day operations can grind to a halt. Your organization needs to be able to recover as quickly as possible to continue providing services to its clients and users.
What is Your Salesforce User-Inflicted Data Loss Risk Score?
All nine of these recommendations are critical to protecting your Salesforce data from user-inflicted data loss and corruption. Run OwnBackup’s User-Inflicted Data Loss Risk Assessment to learn your company’s overall data loss risk score and receive actionable recommendations for how to further minimize your company’s risk.