At Commvault SHIFT, Commvault gave a big bear hug to cybersecurity and resiliency. Now this doesn’t mean that the company is foregoing its long history of data protection. Instead, it’s broadening its viewpoint to cover business resiliency, which means ensuring the business continues to operate in the face of both traditional IT issues and the new threat of cyber-attacks.

Reimagining Resilience for the Cloud-First Era

According to Commvault, 73% of all new data generated will be stored in the cloud; data in the cloud is expected to grow 24% annually. Further, by 2025, 85% of all apps used by the enterprise will be SaaS apps. While enterprise investments for on-premises IT is predicted to remain constant over the next three years, investments in public cloud services will double from 2025 to 2028, reaching $80B.

After almost 20 years, it’s now clear that we’re in a new era of cloud-first.

While the challenges of the cloud – a fragmented environment, full stack app protection, TCO, compliance, and infrastructure recovery – are significant, what’s really driving the pivot towards resilience is the ever-present issue of cyber-attacks. Security leaders are grappling with multiple issues:

• Supporting a diverse hybrid multi-cloud environment.
• New and more complex compliance regulations.
• Time to recover from a cyber-attack is inordinately long.

That third point is the key: every day, multiple companies suffer a successful cyber-attack; on average, it takes 24 days to recover. Worse, some companies can’t ever recover.

According to IBM, the average cost of a data breach is approaching $5M. But data breaches aren’t the only type of attacks. The cost for the attacks against the identity infrastructure at the Las Vegas casinos was hundreds of millions of dollars. And that doesn’t include the damage to brand equity and subsequent loss of customers.

Traditionally, Commvault focused on protecting corporate data in the face of an IT outage: failure of the IT equipment (disk drives, network cables, etc.) or inadvertent deletion.

In the new cloud first era, IT is increasingly complex leading to a greater probability of failure or inadvertent data destruction. Likewise, with increasing sophistication of malicious actors, organizations face a greater probability of a successful cyber attack. In response Commvault is expanding its purview from data protection to business resilience, providing protection from failures, errors, and cyber-attacks.

Innovating the Commvault Platform

One of the many innovations from Commvault as part of this shift is Cloud Rewind. This solution, derived from the Appranix acquisition, enables organizations to quickly “rewind” their infrastructure, restoring the infrastructure and the data to any point in time — typically the last known good state. Using Cloud Rewind, organizations can swiftly and effectively recover and rebuild post-cyber-attack.

Supporting Azure, AWS, and GCP, Cloud Rewind includes resource discovery, dependency mapping, drift analysis, metadata recovery, and cloud reconstruction. Organizations can reconstruct any part or their entire infrastructure with the push of a button.

Another innovation is the Cyber Resilience Dashboard, a unified dashboard and management console that configures and controls the environment, enabling organizations to specify snapshot intervals, retention lengths, and perform partial rollbacks to account for configuration drift. The dashboard includes a threat scanner to help identify where the threat is, helping you to identify the last known good state.

Commvault’s recent acquisition of Clumio expands protection – and thus resiliency – from Azure to AWS (and hopefully, soon, Google cloud). With deeper integration in AWS, Commvault + Clumio makes data almost instantly recoverable on key AWS workloads like S3. With Clumio, organizations can manage the S3 object versioning stack, rolling an object back to any point in time – essentially Cloud Rewind for S3 objects. And this can operate at the scale of many billions of objects. And Clumio is designed to operate with CI/CD methodologies.

More innovation comes in the form of protecting more of an organization’s cloud estate. While Commvault already has protection for Microsoft 365, it’s now enabling backup storage on the Microsoft cloud for faster restores and large-scale data recovery. And now Commvault is providing cloud backup and recovery for Google Workspace.

The cloud era includes the edge and Commvault’s new HyperScale X Edge solution ensures that organizations can maintain resiliency of their edge environment. HyperScale X Edge is a hyperconverged infrastructure solution that provides seamless edge data protection integrated into and managed by the Cyber Resilience Dashboard.

An extremely important – and underhyped – innovation is the expansion of Commvault protection to Active Directory with complete forest level resilience. Despite almost every enterprise having a large cloud estate, almost every enterprise also has an active on-premises AD forest.

Active Directory literally holds the keys to the kingdom: the identities with privileges to access any part of the environment, making AD a prime target for malicious actors. Recovering from an attack targeting AD is an incredibly complex, time consuming, and manual process, and few organizations have invested in the appropriate protection. Now Commvault customers can ensure that more of their cloud and on-premises environment is protected by Commvault.

Clean Rooms for Cyber-attack Recovery

Ransomware actors are devious and sophisticated and have found innumerable places to hide their malware making it difficult to identify a last-known-good state for recovery operations. To ensure businesses can quickly resume operations when recovering from a cyber-attack Commvault supports rebuilding the environment in an air-gapped cleanroom. This eanbles organizations to ensure that they can cleanse the infrastructure and data from lingering malware without risking the rest of their environment.

The Era of Modern Compliance

Regulatory mandates should be static and stable. However, politicians and regulators are rushing to keep pace with the rapid evolution in the digital world, be it for banking or AI. The most pressing concern today is The Digital Operational Resilience Act (DORA), an EU regulation that does into effect in 2025. And there are many other compliance requirements in the pipeline, most having to do with data protection, data security, and user privacy, and thus impact almost every enterprise organization.

Commvault is partnering with Pure Storage to help enterprises address DORA and other compliance requirements. The joint cyber readiness solution provides advanced authentication, storage encryption, compliance locks, and multiple layers of software and hardware data immutability, preventing malicious actors (both inside and outside the organization) from altering data in any way.

Why This Matters

Commvault’s strategic shift towards cybersecurity and resiliency marks a significant evolution in the company’s approach to data protection. By broadening its focus to encompass business resiliency in the face of both traditional IT issues and cyber threats, Commvault is positioning itself as a key player in the cloud-first era. The company’s innovations, including Cloud Rewind, the Cyber Resilience Dashboard, and expanded protection for cloud services like Microsoft 365 and Google Workspace, demonstrate a comprehensive approach to addressing the complex challenges of modern IT environments.

Commvault is focusing on enabling continuous business by providing continuous security, continuous rebalancing, continuous readiness, and continuous recovery. This holistic approach ensures that organizations can protect their data and maintain operational continuity in the face of diverse threats. From supporting hybrid multi-cloud environments to addressing compliance regulations and dramatically reducing recovery time from cyber-attacks, Commvault’s expanded portfolio of solutions aims to fortify businesses against the multifaceted risks of the digital landscape.

As the digital world continues to evolve rapidly, Commvault’s emphasis on innovation and adaptability positions it well to help organizations navigate the complexities of data protection and business resilience. By addressing critical areas such as Active Directory protection, edge computing, and emerging compliance requirements, Commvault is demonstrating its commitment to providing comprehensive, forward-looking solutions that can help businesses stay resilient and operational in an increasingly challenging IT environment.