Data Unpacked 005 – Securing SaaS Data Protection Solutions with Commvault Metallic (Sponsored)
In this recording, Chris talks with David Ngo (CTO for Metallic) and Indu Peddibhotla (VP Products at Commvault) on how Commvault and the Metallic platform implement secure SaaS data protection. Customers depend on Metallic to recover from ransomware and other data loss scenarios. This puts more pressure on SaaS backup to be secure, protected and impregnable from assault. Commvault uses a set of design principles in its approach with Metallic that include; Security built-in, Certification, Air-gapped security, audit trails, multi-factor authentication, zero-trust methodology and early threat detection to achieve secure status.
In the conversation, David and Indu take us through exactly what each of these concepts means and how they are used to develop a secure SaaS data protection solution. Naturally, some of the processes are trade secrets, but we can see from certifications including FedRAMP, FIPS 140-02, CJIS compliance, GDPR compliance, HIPAA and more, that the service is secured to a high degree of competence.
During the conversation, we reference Cloud Field Day 13 - here's the link to Commvault's presentations - https://techfieldday.com/appearance/metallic-presents-at-cloud-field-day-13/
We also quote the great Donald Rumsfeld about "known unknowns" - https://en.wikipedia.org/wiki/There_are_unknown_unknowns
Here are two previous pieces of content on vendor guarantees:
https://www.architecting.it/blog/backup-vendor-guarantees/
https://unpacked.network/guest-speakers/95-storage-guarantees/
Here's a link to Metallic Recovery Reserve, mentioned by Indu - https://metallic.io/metallic-cloud-storage
Here's the link to Metallic ThreatWise - https://metallic.io/threatwise-cyber-deception
Finally, here's a link to the Trust Centre mentioned by Indu - https://metallic.io/trust
Elapsed Time: 00:31:26
Timeline
00:00:00 - Intros
00:01:00 - Cloud Field Day 13 generated some thought about protecting SaaS applications
00:03:00 - “Disaster” has a new set of definitions in the hybrid world
00:04:30 - SaaS backup is an natural solution for modern data protection
00:05:40 - SaaS data protection has a unique set of additional security requirements
00:07:37 - Zero Trust, Secure software development, logical air gaps
00:10:26 - What do customers want and need to protect?
00:12:10 - Modern data protection needs more than simple immutability
00:13:52 - We need to focus more on what businesses really want
00:14:55 - Vendors need to demonstrate capability, but not expose how!
00:16:20 - ThreatWise enables Commvault to do early intrusion detection
00:17:53 - Commvault SREs make sure SLAs are met
00:19:30 - How do vendors avoid socially engineered hacks?
00:21:37 - What about the “unknown threats”?
00:23:00 - Is there any value in ransomware guarantees?
00:26:15 - I’d prefer to not have my leg cut off in the first place….
00:26:47 - Is there a minimum set of standards to expect?
00:28:42 - Commvault continues to innovate on a holistic approach to data protection
00:30:03 - Wrap Up
Copyright (c) 2023 Unpacked Network. Post #c3po. Do not reproduce without permission, in part, or whole.
Data Unpacked 005 – Securing SaaS Data Protection Solutions with Commvault Metallic (Sponsored)