How Commvault is transforming cloud-first cyber resilience

This syndicated post originally appeared at Zeus Kerravala – SiliconANGLE.

It continues to be a busy year for Commvault Systems Inc., a provider of cloud data protection.

The New Jersey-based company is in London this week for its annual SHIFT event. Then, Commvault will take its data resiliency story and solutions on the road to provide customers, partners and prospects with a close-up look at its latest capabilities. And the company does have a lot to talk about.

At the event, Commvault issued four news announcements about a range of new and expanded cyber resiliency capabilities for hybrid cloud organizations:

  • The launch of Cloud Rewind — based on the April acquisition of Appranix — which integrates cloud-native distributed application recovery and rebuild capabilities.
  • Availability of the Commvault Cloud cyber resilience platform on Amazon Web Services.
  • Expanded support for Google Cloud, including advanced cloud backup and cyber recovery for Google Workspace.
  • A joint cyber readiness solution with Pure Storage Inc. to help European Union organizations comply with evolving and increasingly stringent data security regulations.

I’ll review each announcement and share insights from my recent conversation with Thomas Bryant, director of product marketing at Commvault.

Competition and consolidation continue to change the cybersecurity market

Commvault is an emerging and aggressive player in the crowded security space. It’s always good to see a company continue to innovate and forge new relationships to distinguish itself from the competition. Historically, backup and recovery providers were bucketed in data resiliency, but more and more organizations are viewing them through the lens of cyber.

Just months after acquiring Appranix, Commvault is putting the technology to work in Cloud Rewind. At the time of the acquisition, Commvault said its goal was “to help enterprises get up and running even faster after an outage or cyberattack.” Ongoing world events make this an increasingly compelling objective.

With hundreds of cloud apps used throughout the typical enterprise, a cyberattack could mean days or weeks of work to get those critical apps running again. According to Commvault, Cloud Rewind combines data recovery with cloud-native application and infrastructure rebuild automation to help get applications up and running in minutes.

Bryant said Cloud Rewind automates restoring an organization’s entire cloud application and data environment. “It rewinds my cloud to before the problem, whether it’s a cyber incident or somebody did a misconfiguration and they completely screwed up our load balancer so nobody can access our services,” he said. Instead of teams having to painstakingly figure out what happened, assess the damage, and then prepare and execute a recovery plan, Bryant said, with Cloud Rewind enterprises can “just take their entire cloud and say, ‘Hey, I want to recover back to last Tuesday before the bad actors got in and screwed everything up.’”

No company wants to be breached, but it happens. The key is quickly recovering and returning to normal business operations. This is why so many organizations are bringing security and data management together.

Expanding into the AWS universe

Commvault’s second news release announced that its Commvault Cloud cyber resilience platform will be available on Amazon Web Services in the coming months. This is the next step in a relationship where many customers use Commvault to protect their stored data on AWS.

In addition to Cloud Rewind, Commvault will provide cyber resilience for Amazon Simple Storage Service, or S3, using technology from its brand-new acquisition of Clumio Inc. Commvault will bring time machine capabilities to S3, enabling customers to quickly revert to a clean copy of data that malware has not hit.

In addition, S3 customers will get Air Gap Protect, which provides immutable, isolated copies of data in a Commvault tenant, as a service. They also will get Cleanroom Recovery, which allows attacked organizations to provision recovery infrastructure automatically. This enables recovery to occur in an isolated AWS location so production workloads can be restored rapidly.

“We’ve been doing data protection and storage of data there since 2009,” Bryant told me. “Now, our platform will come to AWS. Customers can either buy directly from us or through the marketplace. Until now, the SaaS version of Commvault has only been in Azure. Now they’ll be able to do it all in native AWS.”

Commvault doubles down on Google Cloud

With the new offering for AWS, Commvault isn’t forgetting about its longtime partner, Google Cloud. Commvault Cloud Backup & Recovery for Google Workspace will deliver “comprehensive, end-to-end enterprise-grade protection for Gmail, Google Drive, and Shared Drives, helping to keep valuable data safe, compliant, and recoverable — all with the simplicity of SaaS,” according to the company’s news release.

“We don’t want customers to buy bespoke tools,” Bryant explained. “I hate having a toolbox with 800 hammers and 3,000 screwdrivers in it, one for every individual thing that I need to be able to screw in or hammer nails of different sizes and shapes. I want one platform. No more trying to train, maintain and integrate different platforms. That’s why companies acquire lots of technical debt.”

Helping financial institutions meet stringent EU regulations

And finally, the fourth announcement describes Commvault’s joint cyber readiness solution with Pure Storage to help financial organizations comply with strict new EU security requirements.

The EU’s Digital Operational Resilience Act or DORA, which takes effect in January 2025, is a comprehensive framework designed to ensure global banks and other financial entities are prepared for unplanned events and “capable of recovering swiftly and effectively.” In a nutshell, DORA requires organizations to report on their cyber resilience practices in several areas, including risk management and operational resilience testing.

The collaboration combines Commvault’s data protection and cyber resilience offerings with the Pure Storage Platform to “help organizations address aspects of these regulations with an integrated solution that assists with compliance and keeps customers’ data secure” from cyberattacks, threat actors, or ransomware.

“A lot of companies don’t think DORA applies to them, but they are sadly mistaken,” said Bryant. “It affects so many companies because they partner or are involved with financial services in the EU. Those companies must show Barclays, HSBC or any financial companies they work with that they have a cyber resilience policy and can bounce back from attacks. We’re bringing services, out-of-the-box integration and capabilities with Pure on the DORA issue. It’s about being a trusted advisor to these companies.”

As an analyst, my coverage area has historically been emerging technologies. Backup and recovery is an area that had long left my rearview mirror. However, the pivot of the technology to work with the cloud and as part of cyber recovery has given the entire space a new lease on life with plenty of upside. Most organizations have historically failed to back up the cloud because the thought is the cloud provider would take care of it. The reality is, cloud backup and recovery is a shared responsibility and though the cloud companies might help, the responsibility falls on the information technology organization.

This was a strong set of announcements for Commvault, as it shows just how different backup and recovery is today from a half-decade ago.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.