Data Unpacked 005 – Securing SaaS Data Protection Solutions with Commvault Metallic (Sponsored)

In this recording, Chris talks with David Ngo (CTO for Metallic) and Indu Peddibhotla (VP Products at Commvault) on how Commvault and the Metallic platform implement secure SaaS data protection. Customers depend on Metallic to recover from ransomware and other data loss scenarios. This puts more pressure on SaaS backup to be secure, protected and impregnable from assault. Commvault uses a set of design principles in its approach with Metallic that include; Security built-in, Certification, Air-gapped security, audit trails, multi-factor authentication, zero-trust methodology and early threat detection to achieve secure status.



In the conversation, David and Indu take us through exactly what each of these concepts means and how they are used to develop a secure SaaS data protection solution. Naturally, some of the processes are trade secrets, but we can see from certifications including FedRAMP, FIPS 140-02, CJIS compliance, GDPR compliance, HIPAA and more, that the service is secured to a high degree of competence.



During the conversation, we reference Cloud Field Day 13 - here's the link to Commvault's presentations - https://techfieldday.com/appearance/metallic-presents-at-cloud-field-day-13/



We also quote the great Donald Rumsfeld about "known unknowns" - https://en.wikipedia.org/wiki/There_are_unknown_unknowns



Here are two previous pieces of content on vendor guarantees:




https://www.architecting.it/blog/backup-vendor-guarantees/



https://unpacked.network/guest-speakers/95-storage-guarantees/




Here's a link to Metallic Recovery Reserve, mentioned by Indu - https://metallic.io/metallic-cloud-storage



Here's the link to Metallic ThreatWise - https://metallic.io/threatwise-cyber-deception



Finally, here's a link to the Trust Centre mentioned by Indu - https://metallic.io/trust



Elapsed Time: 00:31:26



Timeline




00:00:00 - Intros



00:01:00 - Cloud Field Day 13 generated some thought about protecting SaaS applications



00:03:00 - “Disaster” has a new set of definitions in the hybrid world



00:04:30 - SaaS backup is an natural solution for modern data protection



00:05:40 - SaaS data protection has a unique set of additional security requirements



00:07:37 - Zero Trust, Secure software development, logical air gaps



00:10:26 - What do customers want and need to protect?



00:12:10 - Modern data protection needs more than simple immutability



00:13:52 - We need to focus more on what businesses really want



00:14:55 - Vendors need to demonstrate capability, but not expose how!



00:16:20 - ThreatWise enables Commvault to do early intrusion detection



00:17:53 - Commvault SREs make sure SLAs are met



00:19:30 - How do vendors avoid socially engineered hacks?



00:21:37 - What about the “unknown threats”?



00:23:00 - Is there any value in ransomware guarantees?



00:26:15 - I’d prefer to not have my leg cut off in the first place….



00:26:47 - Is there a minimum set of standards to expect?



00:28:42 - Commvault continues to innovate on a holistic approach to data protection



00:30:03 - Wrap Up








Copyright (c) 2023 Unpacked Network. Post #c3po. Do not reproduce without permission, in part, or whole.