By Matthew Hutchison, VP Product Marketing at OwnBackup
June 26, 2020

Cloud Backup Expert Tips: 20 Critical Data Security Questions Salesforce Customers Should Ask their Cloud Solution Providers

Across the globe, organizations of all shapes and sizes are faced with unprecedented challenges. The current situation has caused us all to react quickly and decisively. Even during challenging times, one area that shouldn’t be overlooked is data security.

I have to confess that for much of my career, I considered data security to be someone else’s responsibility. Sure I took the annual training, used password precautions, reported suspicious emails, and the like. But my mindset was that as a marketer, my job was to gather as much data as possible and use it to convert prospects into leads. Keeping data safe was someone else’s problem.

Today, we live in a different world (and I’m happy to report my stance on data security has evolved). Cyber criminals are far more sophisticated, insider threats are pervasive, and consumers are, rightly so, much more concerned about how companies secure their privacy. Meanwhile, government and industry regulations like GDPRCCPAHIPAASEC 17a-4 and hundreds others were enacted to ensure companies adhere to strict security and privacy procedures.

A common theme in these regulations is that no matter where data resides, the liability for protecting it from unauthorized access or disclosure does not transfer from the owner of the data to its vendors. Whether the data is on a laptop, a local server, on its journey to the cloud, or in the cloud, the company that owns the data is responsible for ensuring its security.

Of course, that doesn’t mean your cloud partners are off the hook. Quite the opposite: it magnifies the importance of only entrusting your data to vendors with industry leading security and privacy controls in place.

And that’s where OwnBackup comes in. From inception, OwnBackup was designed to help Salesforce customers mitigate the risk of backing up, recovering, and archiving large amounts of highly sensitive data. Our comprehensive security controls are our commitment to protecting OwnBackup clients and their data.

New call-to-action

If you’re currently one of our customers, thank you (and rest easy). Your data is in good hands. If you’re evaluating your options, we invite you to ask us–and strongly encourage you to ask others vying for your business–some tough questions:

data security topics to discuss with your cloud solution provider

Cloud Storage and Data Access

  1. What cloud storage service providers do you use?
  2. Will my data ever leave your production environment?
  3. Who has access to my data?
  4. How do you monitor who has access to my data?


  1. Are you SSAE-18 SOC2 compliant?
  2. Do you undergo annual SOC2 Type II audits to verify that information security practices, policies, procedures, and operations meet or surpasses the rigorous SOC2 standards for the following Trust Services Criteria: Security, Availability, Confidentiality, and Processing Integrity?

Web-Application Security Controls

  1. How do you ensure the confidentiality, integrity, and authenticity of transmitted data between the end-user and the application and between your service and Salesforce?
  2. Do you offer Role-Based Access Controls (RBAC)?
  3. What audit controls are available and do you offer full audit trails in the application?
  4. Can I restrict access by Source IP?
  5. Do you support Single-Sign-On (SSO)?
  6. Can I customize my password policy?


  1. How do you encrypt data?
  2. Is data encrypted in transit and at rest?
  3. Do you offer additional layers of security for key management?
  4. Can I use my own key management system?
  5. Do you support FIPS 140-2 approved encryption?

Monitoring and Incident Response

  1. How do you monitor for security incidents, system health, network abnormalities, and availability?
  2. Describe your incident response team and defined incident policy?
  3. What credentials does your security team have?

Protect the security and privacy of your Salesforce data backups and meet government and industry regulations with state-of-the-art data encryption and key management services.

OwnBackup has committed to helping our communities through difficult times. We understand that this is a challenging situation and there are lots of things you may be concerned about. At OwnBackup, we are doing everything possible to make sure your Salesforce data isn’t one of them.

In support of local restaurants, we’re giving away $20 eGiftCards for every demo request that comes in through our website. To learn more about OwnBackup security and key management services, request a demo below and still enjoy lunch on us.

Request a Demo

About OwnBackup
OwnBackup, a leading cloud-to-cloud backup and restore vendor, provides secure, automated, daily backups of SaaS and PaaS data, as well as sophisticated data compare and restore tools for disaster recovery. Helping more than 1,700 businesses worldwide protect critical cloud data, OwnBackup covers data loss and corruption caused by human errors, malicious intent, integration errors and rogue applications. Built for security and privacy, OwnBackup exceeds the General Data Protection Regulation (GDPR) requirements for backed-up data. Co-founded by seasoned data-recovery, data-protection and information-security experts, OwnBackup is a top-ranked backup and restore ISV on Salesforce AppExchange and was awarded the Salesforce Appy Award in 2018. Headquartered in Englewood Cliffs, New Jersey, with R&D, support and other functions in Tel Aviv and London, OwnBackup is the vendor of choice for some of the world’s largest users of SaaS applications. For more information, visit

Matthew Hutchison

About the Author: Matthew Hutchison is the VP Product Marketing at OwnBackup, a leading cloud to cloud backup company that offers bespoke services to global businesses and consumers.




Tags: , ,