The Daily Backup: Is a 24-Hour RPO for Your Salesforce Org Good Enough?

By Chris Grove, Senior Solutions Engineer at Odaseva

In today's rapidly changing digital landscape, Salesforce data plays a pivotal role in business operations for many large enterprises. Organizations that offer commercial data storage solutions understand this and take backups of their production systems hourly, every few minutes, or even in near-real time depending on the criticality of the data.

In the United States, Verizon found that data loss from center outages costs businesses an average of $7,900 per minute of downtime, and 100 lost or compromised records can set businesses back between $18,120 and $35,730, while large-scale data loss (involving 100+ million records) averages between $5 million and $15.6 million in costs.

The stakes are even higher in sectors such as healthcare, public sector, and financial services. IBM's Cost of a Data Breach Report 2023 found that the global average cost of a data breach was USD 4.45 million — a 15% increase over 3 years. This post explores whether the "traditional" daily backup of a Salesforce org is enough to protect production data today.

Why Do Salesforce Customers Need a Backup Strategy? Doesn't Salesforce Back Up My Data?

There is a prevailing misconception that Salesforce assumes full responsibility for the data stored on its platform. However, Salesforce, like most other cloud providers, adheres to a shared responsibility model. This model dictates that while Salesforce takes charge of maintaining the platform's integrity, the responsibility for protecting the data stored within Salesforce lies with its customers. That's why Salesforce customers — especially enterprises — must find the right Salesforce backup and restore solution that aligns with their specific needs.

What is RPO (Recovery Point Objective)?

RPO, or Recovery Point Objective, is the maximum amount of data loss that a business can tolerate after a disaster. RPO determines the frequency of backups that need to be taken to ensure minimal data loss. For example, if a business has an RPO of two hours, backups need to run every two hours to ensure data is up-to-date in case of a disaster. Any data changes in the last two hours would not be included in a backup, at least not until the next backup runs.

A 24-hour RPO means a business is willing to accept losing up to a full day's worth of data. Given that enterprise Salesforce environments often contain billions of records across thousands of custom objects, a 24-hour gap in data protection represents significant exposure.

The Evolution of Salesforce and Its Usage

Consider how organizations' usage of Salesforce has evolved — from a basic sales tool in the early 2000s to today's deeply embedded enterprise platform spanning marketing, analytics, eCommerce, CPQ, and order management. With a large number of acquisitions along the way, Salesforce is now widely adopted across many of the world's largest organizations, with user counts in the tens or hundreds of thousands.

These companies' production environments often contain billions of data records spread across thousands of custom objects, storing data at ever-increasing rates. The criticality of Salesforce to many organizations today is such that significant data loss or corruption can be catastrophic. Bearing in mind that a 24-hour backup strategy means you could still lose up to 24 hours' worth of data, a more frequent backup is the only realistic option for many businesses.

The usage of Salesforce within an enterprise is arguably the most important factor when considering whether a 24-hour RPO is good enough.

Additional Factors That Could Influence Your RPO

Data Regulations

Regulatory bodies are known for handing out stiff fines to organizations that fall short of their exacting standards — and their attention has increasingly turned to data backups and recovery capabilities. Banking, insurance, healthcare, and public sector organizations are typically heavily regulated because they often store Personally Identifiable Information (PII) that must be protected by a comprehensive recovery strategy.

Consumer Attitudes

What if a provider had a daily backup strategy, suffered a data incident, and lost 23 hours' worth of data? That hotel reservation you made is lost forever. A more frequent Salesforce backup strategy can't guarantee zero data loss, but it can mean the difference between losing 23 hours of customer data versus 2-3 hours — and that directly impacts customer loyalty and brand reputation.

Cyberattacks

The growth of ransomware and other cyber threats has a direct correlation to the frequency with which backups should be taken. Adopting a Salesforce backup strategy that runs several times a day won't prevent malware from entering your system, but it will enable you to recover far more data than a less frequent schedule would allow.

Note: while SaaS platforms are highly unlikely victims of a ransomware attack, SaaS data can be targeted through phishing, malware, API key leaks, or other malicious methods.

Here's What You Can Do with Odaseva

Protect Your Data with a 4-Hour RPO as Standard

Backup over 300 million records within an hour, schedule backups as often as every five minutes for critical objects, and cover data, metadata, and files — all while minimizing API and governor limit usage.

Effortlessly Restore Even the Most Complex Salesforce Data

Proactively remove roadblocks, bypass automations, and restore parent-child relationships up to 30 levels deep. Restore even highly complex objects to any point in time.

A Perfect Restore Approach for Every Situation

From a single record restore to rolling back an entire Salesforce object to a specific point in time, Odaseva offers a range of options for every data loss scenario.

Protect Your Salesforce Backups from Data Breaches

Odaseva Backup and Restore offers five levels of data encryption. As a no-view provider, Odaseva can never see your data.

Leverage Rich Data Analytics to Restore with Speed and Precision

Odaseva's analytics provides a detailed view of exactly what is happening with your data. Keep track of every change, set up custom alerts, and deep dive into any event to launch a restore operation.

Frequently Asked Questions

What is RPO in Salesforce backup?

RPO (Recovery Point Objective) is the maximum amount of data loss your organization can tolerate after a disaster or system failure. For Salesforce, a 24-hour RPO means backups run once daily, and you could lose up to 24 hours of data in the event of an incident.

Is a daily Salesforce backup sufficient for enterprises?

For many enterprises — especially those in regulated industries or with high-volume data environments — a daily backup is no longer sufficient. A 24-hour RPO exposes organizations to significant data loss, regulatory risk, and reputational harm from cyberattacks or human error.

Does Salesforce back up my data automatically?

Salesforce backs up its infrastructure under the shared responsibility model, but this protects against hardware failure — not data loss caused by user error, integration failures, or cyberattacks. Customers are responsible for their own backup and recovery strategy.

How often should I back up Salesforce data?

The right backup frequency depends on your RPO requirements. For most enterprises, best practice is at minimum every 4 hours, with the ability to schedule critical objects every 5 minutes. Regulatory requirements in banking, healthcare, and public sector often mandate sub-daily backups.

What is Odaseva's minimum RPO for Salesforce backup?

Odaseva provides a 4-hour RPO as standard, with the ability to schedule backups as often as every 5 minutes for critical objects. This covers data, metadata, and files — all while respecting Salesforce API governor limits.