New Commvault Cloud Targets Cyber Resilience With AI, Metallic SaaS Tech
Joseph F. Kovar
‘But no one covers as many workloads as we do, across more landscape. We have some unique capabilities that not only allow us to cover more than anyone else with one unified platform, but that actually allows, wherever the data lives, recover to anywhere. And so it can be from on-prem to the cloud, from one cloud to another cloud, one cloud to on-prem. No one else can do that. We believe for true cyber resiliency, you not only need to be able to cover everything, but be able to recover anywhere,’ says Tim Zonca, Commvault’s vice president of portfolio marketing.
Data protection and management technology developer Commvault Tuesday took a big step in the cyber resiliency area with new cloud-based technology aimed at protecting data against ransomware and other security attacks regardless of where it is located.
The new offering, Commvault Cloud, Powered By Metallic AI, is the only cyber resilience platform built for the hybrid world, said Tim Zonca, vice president of portfolio marketing for the Tinton Falls, N.J.-based company.
“And when I say hybrid world, I mean we don’t care if that’s running in the cloud,” he said. “We don’t care if it’s running on prem. We assume it’s all over the place. And this is important because customers, as they have data distributed across more and more places—clouds, regions, applications, on-prem data centers—it’s just daunting and hard to manage it and protect it all. And in the gaps across all of that distributed data is where ransomware thrives.”
What Commvault is doing with Commvault Cloud is very much aligned to what the security industry is doing, said Hector Martinez, president of GM Sectec, a San Juan, Puerto Rico-based solution provider, long-time Commvault channel partner, and earlier adopter of that vendor’s Metallic SaaS-based data protection technology.
“Commvault is shifting to address ransomware preparedness in addition to traditional disaster recovery,” Martinez told CRN. “It is laser-focused on cybersecurity and cyber defense. For us, that’s a big part of our business. But its nice to see Commvault focus on it.”
Martinez said Commvault’s shift towards cyber resilience matches what is happening in the industry.
“Backup and recovery strategies are becoming more and more aligned with what CISOs (chief information security officers) need, whereas before they were aligned with CIOs (chief information officers),” he said. “We’re seeing this across financial services and other verticals. Backup, recovery, and availability are the last line of defense. So it makes sense it’s handled by the CISO. Commvault can address the concerns of both its traditional customers and new security customers.”
Commvault’s moves make sense, Martinez said.
“The NIST CSF (Cybersecurity Framework) has five components,” he said. The fifth one is recovery. The Department of Commerce has been pushing recovery. So this is an infosec conversation.”
Ransomware has really changed the data recovery game, and cyber resilience is more than just recovery, Martinez said.
“And so this platform covers everything from making sure you understand your risk, making sure you’re ready to recover when time matters, and then when you do need to recover that you can recover anything no matter where it lives to any safe location,” he said.
When Zonca said Commvault Cloud is the “only” cyber resilient cloud, he said that in the hybrid enterprise, other applications tools may provide some of the capabilities.
“But no one covers as many workloads as we do, across more landscape,” he said. “We have some unique capabilities that not only allow us to cover more than anyone else with one unified platform, but that actually allows, wherever the data lives, recover to anywhere. And so it can be from on-prem to the cloud, from one cloud to another cloud, one cloud to on-prem. No one else can do that. We believe for true cyber resiliency, you not only need to be able to cover everything, but be able to recover anywhere.”
Alan Atkinson, Commvault’s chief partner officer, said the anytime and anywhere nature of data resiliency with Commvault Cloud stems from having a control plane or console on SaaS or on premises to back up any workload with a single pane of glass.
“So that console can handle anything in SaaS, and any workload on premises,” Atkinson told CRN. “So whether it’s a traditional Oracle database, or something running VMware on a bunch of servers, whether it’s Office 365 living in Azure, you can do all of that with a single pane of glass, and put the data anywhere.”
That includes on-premises or cloud storage including storage that uses Commvault’s air gapped technology, Atkinson said.
“We support all that,” he said. “And then that’s wrapped into the DNA of a deep cyber resiliency strategy that handles malware recovery and remediation. They’re married with a really rich ecosystem of security and AI partners. We’re leveraging AI, powered by Metallic AI, to do a lot of pretty unique intelligent things.”
Zonca admitted that saying any application and any workload is probably a slight exaggeration, but said the reality is there are hundreds of permutations for that cyber resilience.
“Another vendor will say, ‘Hey, we can help you recover this VMware stack to this VMware stack,’ so maybe there’s three permutations, but we don’t care what the applications are,” he said. “We can go down to the file level from Azure to GCP, GCP to AWS, AWS to on-prem. No one else can do that because we do a full translation or transformation like no one else can.”
Commvault early on designed its data protection technology to separate where the data is managed and where the backups are stored, Zonca said.
“With this simple separation, we don’t care where the data lives,” he said. “We don’t care on what platforms. Because we index it in a way that sees across all of that. This allows us to take something that could be on-prem and move it to a cloud or from one cloud to another and do a full transformation. It’s a novel thing baked into the foundation of how we work, and no one’s done it this way.”
Commvault Cloud comes with three key categories of capabilities, Zonca said.
The first is a unified way to not only see, but to manage and control, data regardless of where it is stored, he said.
“There are other vendors out there that can see stuff, even if it’s cobbled together across their various parts of the stack, but to actually be able to control this breadth of workloads is new,” he said.
The second category is risk governance management, where Commvault is making its on-premises capabilities available on the cloud using its legacy and new AI capabilities including emergent AI, machine learning, and heuristics and natural language processing, Zonca said.
This includes working with third-party providers such as Avira for its threat scanning capabilities, he said. “They have some really cool AI technology that uses AI to fight AI,” he said. “It will detect AI-created malware, and in particular malware that’s shape shifting so it’s really hard to detect because it changes the way it looks over time.”
Commvault is also adding for the first time the ability to interact with AI and ask questions to its system, such as, “Hey, show me all the last failures in the last 24 hours of my backups to Salesforce,” he said.
Commvault Cloud can even take action with a chatbot based on the AI interaction, Zonca said.
“So you can say, ‘I want you to start a recovery validation process for all my critical Kubernetes clusters. Go kick that off for me,’” he said. “You just type it into the Ask Commvault window, or our chatbot Arlie (Autonomous Resilience), and it’ll kick that process off for you. Maybe you haven’t done something in a while. You can say, ‘I haven’t set up an immutable air gap in a while. How do I do that,’ and it knows where you’re at within the system.”
Commvault’s AI integration also allows a channel partner to ask things like how to customize a ServiceNow integration, and it will actually spit out the code and highlight where to do that, he said.
The third major category of capabilities is around recoverability, particularly via a partnership with Microsoft that lets data be recovered to a clean location in the cloud that guarantees firmware or BIOS is not infected, something that traditionally required expensive manual processes, Zonca said.
To make sure workloads can get that cleanroom recovery, Commvault is partnering with Microsoft to make recovery to a guaranteed clean place on the cloud done with a few simple clicks, Zonca said.
“You say, ‘Hey, I need to burst in the cloud to a clean location. I need to ensure that it’s clean,’” he said. “We will walk through an automated clean point recovery validation process so your data is clean. And we’ll put that into Azure. And since Commvault Cloude has that any-to-any capability, the workload could be from AWS or GCP or on-prem. We don’t care. We’ll recover it.”
Commvault Cloud is available with different tiers of capabilities, including a foundational protection tier with enterprise-grade backup and recovery, an autonomous recovery level with workload portability and automated clean point recovery validation, and a third level with complete cyber deception, governance, threat detection, Zonca said.
For AWS workloads, however, the company is adding a fourth tier, a ransomware response team that leads the response to a ransomware attack, he said.
“Even if they have a mix of stuff into the cloud and on-prem, will give them a dedicated, cloud-isolated control plane in AWS that will even talk to their on-premise stuff so they can have super sophisticated control over how they want everything set up,” he said. “And this ransomware readiness team is doing all their checks and validations on customer reporting and telemetry, and then in an incident ensuring that they are up and running and recovered quickly. The custom cloud environment for this group of customers using this level of resilience is under the covers run by AWS.”
The ransomware readiness team currently consists of Commvault people, although over time the company will work with partners, Zonca said.
But to be clear, partners can sell that service, Atkinson said. “It’s an offering like any other one,” he said. “We have not done the knowledge transfer. And frankly, we want to get some experience with the service and the bulletproofing before we let others deliver.”