Loading
Ongoing maintenance for Salesforce HelpRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Protect Data with Salesforce Backup and Restore Control (Add-On)

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Protect Data with Salesforce Backup and Restore Control (Add-On)

            The Salesforce Backup & Restore feature primarily addresses the security risk of data and metadata loss resulting from the "Shared Responsibility Model," where Salesforce secures the infrastructure but the customer remains responsible for the integrity of their own records.

            Control Name

            Salesforce Backup and Restore (Add-On) - Service

            Recommended Configuration

            Configure, and enable Backup for Production and Sandbox Data and Metadata, with scheduled periodic backup and alerting setup.

            Control Overview

            Configure Salesforce Backup and Restore for the following areas:

            • Production Data and Metadata
            • Sandbox Data and Metadata
            • Backup schedule is defined at least annually
            • Backup failure alert is enabled

            Own Backup Account>New Service>Salesforce>Choose Service Types>Turn On Continuous Data Protection.

            Smart Alert: Select the backup service>smart alert tab>Add Alert.

            Security Risk If Not Configured

            The primary risk of not enabling Salesforce Backup and Restore is the permanent loss of business-critical data and metadata due to the Shared Responsibility Model, where Salesforce maintains the platform's infrastructure but the customer is responsible for the data within it. Without a dedicated automated solution, companies are vulnerable to data corruption from faulty integrations, accidental bulk deletions by admins, or malicious automations that can wipe out customer history.

            Threat Scenarios

            Without a periodic backup in place, a catastrophic threat scenario involves a "cascading data corruption" triggered by a buggy third-party integration or an accidental "Hard Delete" via a Bulk API job resulting in data loss.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Risk increases for orgs with sensitive data with frequent changes to data through integration, and batch jobs.

            Higher Risk When

            Sensitive Data is stored in Salesforce with no backup.

            Low or No Risk When

            This control can be considered low risk when one or more of the following are implemented:

            • No sensitive data is stored in Salesforce that requires backup per company policy
            • Use of external backup service

            Business and Integration Considerations

            Customers should evaluate what data to backup to align with their internal compliance and policies, and make sure that sensitive data in the backup system is protected.

            Recommended Remediation

            Perform periodic backup of production and sandbox data in an external backup service.

            Security Health Review Guidance

            N/A - Currently not inspected by the Security Health Review tool.

            See Also

             
            Loading
            Salesforce Help | Article