Salesforce policy change poses grave security implications

COVID-19 has completely changed our world from six months ago, as we continue to battle the grave health implications, face extended stay at home orders, and grapple with the insurmountable ramifications on our economy. The pandemic has also forever changed the cyber threat landscape, with our workforce becoming more dispersed, and potentially more vulnerable, than ever as organizations switch out of the confines of their offices and move entire data streams to their laptops and home offices. On top of this, Salesforce has announced it is ending its Data Recovery service on July 31st, which is putting all of the data protection responsibilities, and the dire consequences that comes along with it, on the backs of the customer.

As we approach the end of the month, many Salesforce users are either unaware about this service coming to an end, uninformed about the critical implications that come along with it, or are under the false belief their SaaS data will still remain protected in some way. This paints a very dark (and potentially painful) future ahead and will put many businesses one natural disaster, ransomware attack or employee mistake away from costly disruption that could shut their doors for good.

A faulty solution for protecting and backing up data

Salesforce’s Data Recovery service was never the end all solution for data recovery and protection. It never was intended to be the first line of defense against accidental or maliciously modified records, but many came to see it that way for better or for worse. With the latest news about the service from Salesforce, they are the latest SaaS company to clearly state that backup and recovery is the customer’s responsibility.

That doesn’t make them the first, nor the last, however. If customers of Microsoft365 (formerly known as Office365) and G-Suite take a deeper look at their service level agreements (SLAs), they will find no mention of backup and recovery. SLAs only discuss making the service and infrastructure available; it offers no assurances to customers that data will survive any kind of outage, accident, or attack. Imagine if code similar to Salesforce’s script started corrupting or deleting accounts in one of these services. SaaS vendors will be under no obligation to fix it, and customers will be left picking up the pieces.

Salesforce won’t be completely deserting its users once the service comes to an end, but its proposed offerings still pose a dire security risk and lack functionality. The built-in free tools require customers to complete three manual steps that most are not going to remember to do very often. These steps include having to initiate a backup manually, wait for it to complete, and then download it. Unfortunately, backups are not at the forefront of most people’s minds, so any backup method that requires multiple, manual steps on a regular basis is not going to be an optimal method. The native tool also only provides CSV files that must be manually uploaded in case of a disaster. Customers will need to upload them in a particular order in order to maintain referential integrity. This is an error-prone process that should also be avoided.

A complex threat landscape in a remote work era

Many are confronted with these challenges during a time where protecting data is mission critical for the resiliency and longevity of businesses and organizations. Millions are learning to work remotely and using collaborative platforms for the first time to maintain productivity – and bad actors are continuing to exploit exposed data. This has led to a record breaking amount of cybersecurity attacks targeted to businesses of every industry. In fact, according to the Federal Bureau of Investigation's Internet Crime Complaint Center, cyberattacks have increased by 400% during the pandemic.

While the threats can come from anywhere, many have been found in SaaS applications, demonstrating that managing data is incredibly complex and needs to be trusted to a professional that focuses solely on data protection. At a time where threats are increasing, especially for remote worker data, now isn’t the time for organizations to turn a blind eye. The solution? Take action and start preparing now or else you may be one of the many on their own agonizing over the challenges of effective backup and recovery. The choice is rather clear: you can trust manual, error-prone processes that make no promises of recovery, or choose a highly tuned, automated backup and recovery system provided by a third party. Third party cloud-based backup and recovery solutions have proven to recover data in a fraction of the time that application vendors typically can, offer a reliable way to ensure all data gets restored immediately – no matter the circumstance, and can centralize all data management through integrations with other workloads.

Data has become the beating heart to any organization in today’s digital world, and its criticalness has only increased during the COVID-19 pandemic. But if businesses are not careful, their lifeline can quickly get destroyed. Salesforce’s decision to retire its service will leave thousands of organizations across the world responsible for protecting their own beating heart and navigating the uncharted waters of data security. With threats increasingly rising by the day, organizations must ensure their own backup plan is in place; one that regularly backs up data and stores it locally to meet specific data protection and retention needs. Backup and recovery systems often do not get the respect or budget that they deserve, but come July 31st you will be responsible for protecting your data. Are you ready to take the plunge?

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.