CommVault - Experts & Thought Leaders

Commvault, a pioneering provider of cyber resilience and data protection solutions for the hybrid cloud, announced the appointment of Ha Hoang as its new Chief Information Officer (CIO). With over 25 years of experience in pioneering enterprise technology transformations for Fortune 500 companies, Hoang brings a wealth of expertise in cloud strategy, SaaS optimisation, and global infrastructure operations. Prior roles of Hoang In her role as CIO, Hoang will focus on advancing next-generation cloud, security, and AI technology initiatives and operations. She will also work closely with Commvault’s engineering and product teams to drive innovation. Additionally, she will engage directly with customers, showcasing how Commvault’s technology can drive new levels of resilience and provide exceptional business value. Advance cloud, security, and AI initiatives Hoang was Group Vice President of Cloud Engineering and Infrastructure at UKG Before joining Commvault, Hoang was Group Vice President of Cloud Engineering and Infrastructure at UKG, where she led global cloud transformation projects. She also held leadership roles at McKinsey & Company and Wipro, consistently driving technology strategies that delivered clear business results.  “Commvault is pioneering the way in cloud-first cyber resilience, delivering innovations that help customers and partners remain resilient in an era of escalating cyber threats and attacks,” Hoang said. “I look forward to working internally to advance cloud, security, and AI initiatives and operations while also engaging with customers and partners to showcase, firsthand, how they can advance resilience via Commvault technologies.”  Innovative cloud solutions “Ha’s proven track record of building and deploying innovative cloud solutions and cutting-edge technologies that can advance critical business objectives and operations makes her a perfect fit for Commvault,” said Danielle Sheer, Chief Trust Officer at Commvault.  “Her customer-first approach also aligns perfectly with our commitment to delivering best-in-class cyber resilience solutions. We’re thrilled to have her lead our enterprise technology initiatives as we continue to innovate and meet the evolving needs of our customers.” Hoang is a graduate of California State University, East Bay.

Commvault, a pioneering provider of cyber resilience and data protection solutions for the hybrid cloud, announced that the Commvault Cloud Platform can be easily deployed from major cloud marketplaces utilising CIS-hardened images. These CIS-hardened images are pre-configured with CIS-recommended settings and controls and are available on the following marketplaces: Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and VMware. Commvault’s CIS-hardened images CIS-hardened images are software files that are pre-configured to align with the CIS Benchmarks CIS-hardened images are software files that are pre-configured to align with the Centre for Internet Security (CIS) Benchmarks. Hardening helps reduce configuration vulnerabilities, such as overly-permissive network policies, that can create opportunities for malicious actors.  In fact, configuration errors are one of the most common causes of cloud vulnerabilities, contributing to 23% of cloud infrastructure attacks, according to industry research. Commvault’s CIS-hardened images are designed to reduce these risks by pre-configuring deployment to meet rigorous security benchmarks out-of-the-box, bringing confidence to IT and security teams. Other security certifications With the announcement, Commvault continues to deliver on its cybersecurity focus, with these deployment options joining other security certifications, such as FedRAMP® High Authorised, ISO27001:2013, SOC 2, Type II, and FIPS 140-2, among others. Customers can use the new CIS-hardened images to quickly and confidently configure and deploy Commvault Cloud and benefit from:  Pre-built Compliance Checks: CIS-hardened images provide organisations with secure, hardened environments from the moment of deployment and give customers confidence their control plane has been installed and configured using industry-recognised best practices.  Enhanced Cybersecurity: The CIS-hardened images minimise vulnerabilities by addressing common misconfiguration risks, offering peace of mind against attacker exploitation.   Streamlined Compliance Mapping: CIS Benchmarks are mapped to key security frameworks such as NIST CSF, HIPAA, PCI-DSS, and ISO 27001, simplifying adherence to complex regulatory requirements.   Broad Marketplace Availability: Organisations can deploy Commvault Cloud directly from AWS, Azure, Google Cloud, or VMware marketplaces, enabling fast and secure installations with minimal effort.  Public cloud services Commvault has raised a host of cloud-first offerings designed to make clients more resilient in the cloud The timing of this announcement also comes as more and more organisations are accelerating their move to the cloud. In fact, according to IDC, spending on public cloud services is expected to double to $1.6 trillion by 2028.  In the last year, Commvault has introduced a host of cloud-first offerings designed to make customers more resilient in the cloud, including Cleanroom Recovery, Cloud Rewind, and Clumio Backtrack. Now, the company is taking resilience in the cloud to the next level via CIS-hardened images for popular cloud marketplaces. Cyber resilience strategies “Organisations demand solutions that are not only secure and compliant but also straightforward to deploy,” said Chris Montgomery, CTO – Security, Americas at Commvault. “With our CIS-hardened images, we eliminate the guesswork, providing IT teams with a secure, pre-configured foundation to accelerate their cyber resilience strategies while meeting industry standards.”  “As a security-first organisation, having confidence in how our solutions are deployed is critical,” said Marek Duranik, Storage & Data Protection Associate Director at Merck. “Commvault’s CIS-hardened images give us the assurance that we’re starting from a strong security baseline, allowing our teams to focus on protecting and recovering critical data.”  Availability and pricing  Commvault’s CIS-hardened images will be available globally this quarter and at no additional cost to customers. Built on a hardened Rocky Linux 8 operating system, the images are designed to protect both the software and infrastructure layers. 

Commvault, a pioneer provider of cyber resilience and data protection solutions for the hybrid cloud, announced a new integration with the CrowdStrike Falcon® cybersecurity platform. The collaboration leverages CrowdStrike’s rich security data and world-class threat intelligence within the Commvault Cloud, delivering layered threat detection and fast data recovery for joint customers. AI-native CrowdStrike Falcon CrowdStrike prevents and detects malicious activity or a suspicious event, officials can view the alert Commvault’s integration with the AI-native CrowdStrike Falcon platform marks a significant step forward in addressing the rapidly evolving cyber threats. By adding another layer of enriched threat insights from the Falcon platform within Commvault Cloud, organisations can gain faster, more comprehensive visibility to streamline incident response, helping customers achieve continuous business, even in the face of sophisticated attacks.  When CrowdStrike prevents and detects malicious activity or a suspicious event, administrators can view the alert in Commvault Cloud, run Threat Scan to check for threats, and rapidly restore affected data to a previous, known-good state. Commvault’s commitment The collaboration underscores Commvault’s commitment to proactively addressing the needs of modern enterprises and delivering solutions that enhance both cyber resilience and continuous business.  “The average organisation has seen 8 cyber incidents in the last year, 4 of which are considered major. At Commvault, we are committed to empowering businesses with the tools they need to not only safeguard their data but to enhance their overall cyber resilience,” said Alan Atkinson, Chief Partner Officer, Commvault. Key benefits of the integrated solution Atkinson added: “By partnering with CrowdStrike, we are combining our deep expertise in cyber resilience with their advanced threat detection capabilities, empowering our joint customers with faster response times and a stronger cyber resilience posture.”  The integrated solution from Commvault and CrowdStrike leverages real-time threat intelligence from the Falcon platform, with Commvault Cloud’s cloud-first cyber resilience capabilities. The key benefits of the integrated solution include:  Proactive Threat Detection: CrowdStrike’s Indicators of Compromise (IOCs) and AI-driven insights are designed to help businesses identify threats earlier, enabling faster response time and mitigation.  Accelerated Clean Data Recovery: Organisations can rapidly recover clean data by identifying the last known clean version, minimising downtime and maintaining continuity – critical as recent global research shows 62% of respondents say either downtime or data loss associated with attacks has been disruptive.  Streamlined Operations: The integration enables seamless collaboration between SecOps and ITOps teams, enhancing response and recovery processes through a unified workflow.  Continuous Business: By reducing response times and downtime, the solution helps enterprises maintain critical operations even during sophisticated cyberattacks.  This latest collaboration with CrowdStrike builds on Commvault’s growing ecosystem of pioneering security partners. Together with CrowdStrike, Commvault continues to push the boundaries of what’s possible in threat detection, mitigation, and recovery, helping customers maintain business operations in the face of growing cyberattacks.

Every day, millions of people worldwide use their personal credentials to prove their identity and access a range of services, from databases in their workplace to the banking app on their smartphone. But while this ensures only authorised people have access to certain systems, the use of this personal data opens users up to cyber risks, primarily in the form of identity theft. On Identity Management Day, Source Security spoke to seven IT and cybersecurity experts to discuss their experiences and advice on identity management, including James Brodhurst, Principal Consultant at Resistant AI, who reinforces that: “Securing identities is more important than ever, as fraud and identity theft has impacts for businesses as much as for individuals.” Effective identity management He recommends that businesses and other organisations that use consumer identities as an integral part of operations must address the significant challenges of managing identities and recognise that there is no single solution to all possible cyber threats. Effective identity management is only achieved through a broad range of technologies and data. Businesses have a critical role to play in mitigating cyber threats, as does society as a whole" This is an important first step for organisations to know who they are interacting with, and subsequently distinguish between genuine or illicit actions. “Businesses have a critical role to play in mitigating cyber threats, as does society as a whole. Initiatives such as Identity Management Day serve to increase our collective awareness of the issues and threats we’re facing, and also safeguard sensitive data.” External cyber defences “Why is identity theft so common?” ponders Andy Swift, Technical Director of Offensive Security at Six Degrees. “Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. I don't suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you'd find lists of credentials with different attributes – whether they've been tested, whether they have access to financial data – that dictate price.” “Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off.” Access sensitive data Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target" “And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.” Gregg Mearing, Chief Technology Officer at Node4, adds: “Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target. In 2020 alone there were 193 billion credential stuffing attacks globally. Attacks commonly start with a database of stolen credentials, usually with usernames, emails and passwords – although phishing emails and suspicious websites are also used to steal corporate credentials. Once they have gained entry into the organisation's system, the attacker can move laterally, completely unnoticed, to access sensitive data, remove files or plant malware.” Most common threats “Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene, 65% of people still reuse passwords across multiple accounts. There can be no doubt that employees are the first line of defence for an organisation against a cyber attack. If trained properly, they can act as a human firewall. However, poor cyber hygiene, a lack of best practice when it comes to managing credentials, and a limited understanding of the most common threats can make an organisation’s employees its greatest weakness.” Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene" Alongside credential stuffing and phishing, Liad Bokovsky, Senior Director of Solutions Engineering at Axway, explains how API attacks are yet another way criminals are executing identity theft: “In fact, last year API attacks increased 348%, and companies affected included some of the largest corporations – Facebook, Instagram, and Microsoft.” Protecting customers’ data “Companies need to do a better job at protecting their customers’ data. In a recent survey, 82% of UK consumers confirmed they would stop doing business with a company if it suffered a data breach that exposed their personal information.” “Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe. This means having technology and processes in place to make sure that API design, implementation, and management are done properly.” Owning smart devices This needs to change and with the UK no longer required to adhere to EU-GDPR legislation" Michael Queenan, CEO, and Co-Founder of Nephos Technologies, explains how the huge volumes of personal data being created every day are putting consumers at risk: “Whether shopping online, setting up a social media account or simply reading a news article, we are regularly being asked for our identifiable information. With 10% of UK homes now owning smart devices – e.g. an Alexa or a Ring doorbell – our data is constantly being collected, even within our own homes. Should it fall into the wrong hands, it could be used for identity theft or fraud.” “This needs to change and with the UK no longer required to adhere to EU-GDPR legislation, it presents an opportunity to rectify how personal data can be shared. Ultimately, I believe individuals should be responsible for their own data and how it is used.” Ensure data privacy “A possible way of achieving this is through identity-centric blockchain, whereby everyone has a national email address associated with their blockchain identity that permits access to their personal data. This would ensure that only you get to decide who has access – your data, your choice!” This would ensure that only you get to decide who has access – your data, your choice" Steve Young, UKI Sales Engineering Director at Commvault also comments on how identity management is vital for meeting data regulations, thereby supporting data management throughout the business: “In the world of data management, you’d be forgiven for thinking that the focus is all on backups and recovery. But while these are absolutely crucial elements, another key aspect of data management is identity management – only through understanding it will businesses be able to drive their data management to the next level. Identity management is necessary to ensure data privacy.” Latest data regulations “Many people will be most familiar with its function as a way to restrict access of employees to certain files and resources that may hold sensitive or classified information. But what is becoming more important today is how identity management also helps prevent cybercriminals entirely outside an organisation from gaining unauthorised access to a system and initiating a ransomware attack, for example. Because of this, identity management helps businesses be compliant with the latest data regulations, as it ensures that any customer data collected and stored is kept secure.” So, what solutions should IT leaders be prioritising to strengthen their identity management measures? Six Degrees’ Andy Swift recommends multi-factor authentication (MFA): “MFA provides great defence against identify theft, but it's also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials.” Cyber security training Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management" “That's why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There's no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.” “We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing,” concludes Tyler Farrar, CISO at Exabeam. “Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organisations must build a security stack that is consistently monitoring for potential compromise." "Organisations across industries can invest in data-driven behavioural analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behaviour indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”