In this recording, Chris talks with David Ngo (CTO for Metallic) and Indu Peddibhotla (VP Products at Commvault) on how Commvault and the Metallic platform implement secure SaaS data protection. Customers depend on Metallic to recover from ransomware and other data loss scenarios. This puts more pressure on SaaS backup to be secure, protected and impregnable from assault. Commvault uses a set of design principles in its approach with Metallic that include; Security built-in, Certification, Air-gapped security, audit trails, multi-factor authentication, zero-trust methodology and early threat detection to achieve secure status.
In the conversation, David and Indu take us through exactly what each of these concepts means and how they are used to develop a secure SaaS data protection solution. Naturally, some of the processes are trade secrets, but we can see from certifications including FedRAMP, FIPS 140-02, CJIS compliance, GDPR compliance, HIPAA and more, that the service is secured to a high degree of competence.
During the conversation, we reference Cloud Field Day 13 – here’s the link to Commvault’s presentations – https://techfieldday.com/appearance/metallic-presents-at-cloud-field-day-13/
We also quote the great Donald Rumsfeld about “known unknowns” – https://en.wikipedia.org/wiki/There_are_unknown_unknowns
Here are two previous pieces of content on vendor guarantees:
Here’s a link to Metallic Recovery Reserve, mentioned by Indu – https://metallic.io/metallic-cloud-storage
Here’s the link to Metallic ThreatWise – https://metallic.io/threatwise-cyber-deception
Finally, here’s a link to the Trust Centre mentioned by Indu – https://metallic.io/trust
Elapsed Time: 00:31:26
- 00:00:00 – Intros
- 00:01:00 – Cloud Field Day 13 generated some thought about protecting SaaS applications
- 00:03:00 – “Disaster” has a new set of definitions in the hybrid world
- 00:04:30 – SaaS backup is an natural solution for modern data protection
- 00:05:40 – SaaS data protection has a unique set of additional security requirements
- 00:07:37 – Zero Trust, Secure software development, logical air gaps
- 00:10:26 – What do customers want and need to protect?
- 00:12:10 – Modern data protection needs more than simple immutability
- 00:13:52 – We need to focus more on what businesses really want
- 00:14:55 – Vendors need to demonstrate capability, but not expose how!
- 00:16:20 – ThreatWise enables Commvault to do early intrusion detection
- 00:17:53 – Commvault SREs make sure SLAs are met
- 00:19:30 – How do vendors avoid socially engineered hacks?
- 00:21:37 – What about the “unknown threats”?
- 00:23:00 – Is there any value in ransomware guarantees?
- 00:26:15 – I’d prefer to not have my leg cut off in the first place….
- 00:26:47 – Is there a minimum set of standards to expect?
- 00:28:42 – Commvault continues to innovate on a holistic approach to data protection
- 00:30:03 – Wrap Up
Copyright (c) 2023 Unpacked Network. Post #c3po. Do not reproduce without permission, in part, or whole.
Podcast: Play in new window | Download
Podcast (dataunpacked): Play in new window | Download