Getty Images/iStockphoto

Commvault adds Cleanroom Recovery for ransomware attacks

A new Cleanroom Recovery service enables customers to spin up data center infrastructure within Commvault Cloud for continued enterprise operations after a cyberattack.

Commvault now offers an automated infrastructure and data restoration cloud service to keep enterprise operations humming in case of a cyberattack.

Commvault Cleanroom Recovery, now generally available, offers a testing and failover service for Commvault Cloud customers to automate recovery using tertiary data copies stored in the vendor's Air Gap Protect vault service.

Cleanroom Recovery enables users to create a secure, isolated cloud environment to avoid further infection during an attack or to test a response with orchestration capabilities for recovery. Users can also avoid paying for infrastructure maintenance and uptime when the service is not in use.

Enterprises have always been able to create and maintain additional production environments for ransomware recovery, said Jerome Wendt, founder and analyst at Data Center Intelligence Group. Those environments, however, can quickly run up a tab if active in the cloud or use data center resources on premises, he said.

Enterprises might choose to rely on checklists or action plans rather than spending the money to test the infrastructure, he added. Having the ability to create those environments as needed and place storage needs for the infrastructure in the hands of a third party could differentiate Commvault's offering from other backup vendors.

"As much as companies may say they want to be practicing [for ransomware], they're not." Wendt said. "Most companies just don't have the response. They're in firefighting mode [following an attack] and looking for someone to help put out a fire more quickly."

Hit the showers

If a customer's backup environment becomes infected, Cleanroom Recovery creates a read-only copy of the customer's control plane within the Commvault Cloud SaaS environment. The service then uses vault data from Air Gap Protect to create a new, isolated environment within Microsoft Azure.

Data within this service is portable and can replicate workloads to on-premises data centers as well as to Azure, AWS, Google Cloud and Oracle Cloud Infrastructure, according to the vendor.

Additionally, Cleanroom Recovery includes an integration with Microsoft Defender to scan data for threats. The vendor also plans to integrate technology from its Appranix acquisition earlier this month to expedite cloud application recovery.

Unlike disaster recovery offerings, such as HPE's Zerto, Cleanroom Recovery does not prioritize short recovery point objectives (RPO) and recovery time objectives (RTO), according to Tim Zonca, vice president of portfolio marketing at Commvault.

Rushing to meet a certain recovery objective could compromise the process, he said, as corrupted data or infrastructure might still exist in the environment. Instead, customers can test their recovery plans within Cleanroom Recovery at no additional charge. Implementation of an environment into production will likely incur some infrastructure costs, Zonca said.

"Those [RPOs and RTOs] aren't relevant within a cyberattack scenario, as you can't trust the data," he said. "What we haven't set up [Cleanroom Recovery] for is super-fast recovery. If you're too hasty and recover too fast, you can make matters worse."

The Cleanroom Recovery service is available to Commvault Cloud software and SaaS customers, according to the vendor. It's priced by each 10 TB of data maintained within Air Gap Protect.

Need or speed?

Cyber recovery is emerging as a term to specify eliminating a ransomware infection or other cyberattack, compared with the more generic term disaster recovery, which tends to focus on recovering data lost from natural or accidental issues, said Johnny Yu, an analyst at IDC.

Taking the time for a comprehensive and safe recovery from a cyberattack might be ideal, Yu said. However, he added, IT teams still need to recover as soon as possible before the perceived financial damage from the outage outweighs the risk in paying the ransomware.

Cyber recovery is disaster recovery with extra steps.
Johnny YuAnalyst, IDC

"Cyber recovery is disaster recovery with extra steps," Yu said. "Speed is still a factor. There's still a feeling out there among customers that their recovery software isn't fast enough and [they could] just pay the ransom."

Most cyber recovery efforts should not consider optimizing RPO and RTO as doing so could lead to mistakes or additional infections, said Krista Macomber, an analyst at Futurum Group. Even IT teams that rehearse recovery cannot prepare for the ransomware variant they may face, she said, leading to malleable time frames.

"You're not going to be able to determine until it happens how your environment will be impacted," Macomber said. "That's when the RPO and RTO becomes more a best effort. Of course, that's not going to be the most comfortable answer to the business."

Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.

Dig Deeper on Data backup and recovery software

Disaster Recovery