Are Commvault on the SHIFT or merely shuffling along.

Last week a spent some of my time getting out and pressing the flesh (not literally) with the folks from Commvault.

These guys have been visible to me since my days looking after the Veritas portfolio at Symantec. 

So, let’s not look back, but forwards at a few of the topics that were discussed.

At 8:30am the networking area set up at BAFTA headquarters had a good turnout and provided me with confidence that the Commvault customers were expecting something different. Right from the outset of the session Richard Gadd, SVP EMEA, set the stage by announcing that Commvault see their announcements as their largest SHIFT in strategy for 27 years. 

The original purpose of backup & recovery software was aligned to BC/DR events. Rightly so, the general product purpose seems to be relegated to a secondary role due to the immediate nature of recovering from cyber-attacks.

The ransomware effect was everywhere and, in your face, like it or not.  A message that is replicated at other events I have attended recently. 

Rather than hyping on about the $30Bn of business losses and commonly known dark cloud effects of ransomware, Richard focused on the operational effects with a cyber resilience approach. 

Commvault’s position is the belief that their tools can rapidly and effectively recover their customers business continuance. Delivering effective business continuance via Commvault Cloud aims to provide their customers the ability to get closer to the data, rather than leaving a chasm between security and recovery. 

The starring role for this SHIFT in strategy is the Commvault Metallic AI platform that has over the past 4 years, built Commvault a pipeline of $130m ARR and 4,000 customers. Commvault believes that it is the time to fold Metallic AI into Commvault’s platform strategy. 

Richard stated that “this shift delivers their customers cyber resilience at the lowest TCO”.

The other major noise appeared to be coming from pushing ‘Clean Rooms’. 

It’s a well-known fact that IT teams find it difficult to find the time and resource to manage their recovery testing. Commvault stressed that their close partnership with Microsoft enables them to deliver a ‘clean room’ on demand. Near-instantly spinning up a replica environment to undertake business continuity testing and then spinning down again. 

An excellent way to encourage better actual testing rather than tabletop exercises, while keeping costs under control.

“Need to think and deal with recovery in a different way”, was Darren Thomson’s opening remark. 

Having recently joined Commvault as their EMEA Field CTO, anyone that knows what it is like to join an established vendor and the battles you will lose trying to convince them that their positioning needs to change. Darren’s opening confirmed that this was not his wish but confirmed that Commvault is trying to move in a different direction.

Bringing in a perspective from the cyber insurance industry, Darren took the audience through the four concerns that could expose an organisation to a cyber catastrophe:

• Securing Active Directory - from malware compromise and inappropriate access
• Identity and Access Management – the urgency of implementing a form of MFA
• Patching – maintaining a proactive level of system and software updates
• Cyber Recovery – develop, maintain and test your plans regularly

Many CIOs and their legal peers will recognise three of these areas when they are submitting their cyber insurance and warranty forms. The outlier that is not always raised to prominence was Commvault focusing on – Cyber Recovery. 

This is a task that has always been elusive, not because CIOs/CISOs rank it any lower in their priorities, it’s the time and costs on top of normal operations that delay or cause the cessation with performing this tasks. Helping to minimise exposure to a cyber catastrophe can only help an organisations resilience maturity.

Summary

This report was never intended to be a pros and cons of Commvault Cloud and their SHIFT strategy. I believe they are undertaking a portfolio shift rather than a SHIFT in their overall business strategy. They are still focused on data backup & recovery, increasing their relevance with additional detection and recovery techniques .

I much prefer this approach than some of their peers that trying to extend their portfolio into the endpoint malware detection space. The latter is already well covered with experience in advanced AI/ML Malware engines.

Industry Challenges

The areas of concern that I have exist in the data protection & recovery category whoever the vendor.

Recovery of data

Commvault and their peers acknowledge that cyber actors will target the recovery data (backups, VSCs, snapshots, etc.) prior to performing any ransomware compromise. This means that any recovery will happen from a clean room or offsite data location. This is always a challenge when the first thing organisations will perform when aware of an attack is to remove all external network and internet access.

SSD Request - I’d like to see more activity bringing the recovery closer to the playing field and not relying on network connectivity to move clean data.

Data Identification

Knowing your data is critical when ensuring that you are backing up or creating VSCs/snapshots of the right data. Wasting storage, time, costs and resources when finding the right data to recover and immediately identifying any exfiltrated data is a sign of an effective data management strategy.

SSD Request – Don’t just focus data classification and management in the backup space, but bring it to the front, before you compute with the data and work with real-time data analytics.

Clean Rooms

A clean room strategy is a positive move to increase regular and scenario testing to increase an organisations cyber resilience.

SSD Request – Scenario testing should never be clean. Any clean room or internal infrastructure testing should mimic the reality of the things you don’t think will be missing or are compromised. Ensure you test the unthought of, as well as the known. Something your red teams could help you develop.

Thanks to the Commvault for hosting a well organised, attended and informative event.