Commvault Metallic launches backup security dashboard
Commvault's Metallic Security IQ provides visibility into potential security vulnerabilities in Metallic environments and calculates a security posture score for admins to beat.
Commvault wants customers to aim for a high backup security posture score with its new feature.
Launched this week during the Commvault Connections21 virtual event, Metallic Security IQ is a console available across all Metallic backup-as-a-service environments. It consists of a dashboard that informs IT admins of potential security threats to Metallic backups such as anomalous data change rates among backups, unencrypted backup sets and the lack of multifactor authentication (MFA) usage.
Admins can click through dashboard notifications to take corrective measures, such as enabling encryption, viewing data changes and, if necessary, restoring environments to a state from before the unusual data changes occurred.
Metallic Security IQ, an optional feature for Metallic products and offered free of charge, also gamifies security by providing a security posture score based on detected vulnerabilities. This encourages admins to follow through on addressing those vulnerabilities, according to Manoj Nair, general manager of Metallic.
"If there's a score, people want 100%," Nair said.
Metallic is Commvault's SaaS platform for delivering data protection in the cloud. The majority of Metallic's products deliver backup for various workloads, including databases, file and object storage environments, Microsoft Office 365 and Dynamics 365, Salesforce, endpoints and Kubernetes. Metallic also offers a managed cloud storage service.
Although features such as MFA and access control push into the realm of security, IT administrators responsible for managing a company's storage systems need these functions to protect their backups, Nair said. Cybercriminals target backup data to prevent their victims from recovering, so it's become IT operations' responsibility to ensure that data is secure.
"Backup is no longer just about compliance or keeping things around because corporate wants me to," Nair said. "It's the last line of defense against ransomware."
The notifications and gamification in Metallic Security IQ are designed to help IT admins carry out security tasks that are a little outside their skillset, Nair added.
Bolstering the front line
The greatest beneficiaries of Metallic Security IQ are going to be managed service providers (MSPs), according to Christophe Bertrand, senior analyst at Enterprise Strategy Group, a division of TechTarget. The posture score and gamification don't just make security simpler for end customers -- they also make managing and securing backups easier for MSPs serving multiple clients, he said.
This ultimately benefits end customers because, for many businesses, MSPs are their IT, Bertrand added. Giving MSPs tools to spot and fix security vulnerabilities in their clients' backup environments can help ensure recoverability during attacks -- features that are especially important for MSPs, which often get called as a ransomware attack unfolds.
"MSPs are the first line of defense against ransomware, and this gives them a really cool tool," Bertrand said.
Metallic Security IQ is already integrated with some triggers in IT security frameworks, such as alerts and requests for authorization when an administrator wants to delete or restore data, but it could use more workflow automation, Bertrand said. He added that he expects that's already on Commvault's roadmap.
Backup vendors are generally recognizing that security needs to intersect with data protection to ensure that backup copies are protected against cybercriminals, Bertrand said.
Druva's integration with FireEye Helix in 2020, Arcserve's partnership with Sophos in 2019 and Carbonite's acquisition of Webroot in 2019 all demonstrate this trend, and it wouldn't be surprising if there are more acquisitions, mergers and partnerships between cybersecurity and data protection vendors in 2022, he said.
"This is exactly where the market is. Disaster recovery is not enough -- cyber recovery is the new bar," Bertrand said.
Johnny Yu covers enterprise data protection news for TechTarget's Storage sites SearchDataBackup and SearchDisasterRecovery. Before joining TechTarget in June 2018, he wrote for USA Today's consumer product review site Reviewed.com.