In a recent exclusive interaction with CRN India, Balaji Rao, Area Vice President – India & SAARC, Commvault, sheds light on Commvault’s current strategy, focusing particularly on cyber resiliency amidst the rising threat of cyberattacks. Rao discusses the pressing need for businesses to prioritise recovery strategies in addition to strengthening security postures. He also emphasises the importance of board involvement in investing in security and highlights Commvault’s engagement with partners and customers in India.
Can you provide an overview of Commvault’s current strategy and focus?
Commvault’s current strategy emphasizes enhancing cyber resilience and recovery to address the increasing threat of cyberattacks and ransomware incidents. This focus is particularly critical in India and the SAARC region due to the rise in cyber threats and vulnerabilities. We aim to ensure that businesses can recover swiftly and effectively from cyber incidents by building a comprehensive cyber-resilient framework.
Inspired by the MITRE framework, Commvault advocates for a “shift right” approach, prioritizing recovery over traditional threat prevention. This strategy is crucial as 98% of successful ransomware cases disable backups, highlighting the need for reliable recovery solutions.
Our significant strategic investments, such as acquiring Appranix, strengthen our ability to protect data and ensure operational recovery post-cyberattack. The unified platform integrates data protection, security, intelligence, and recovery, enhanced by AI and ML-guided operations to manage complex data flows and security challenges.
Additionally, Commvault Cloud, serves as a centralized hub for security, AI, and recovery, supporting hybrid IT environments, which aligns with India’s approach to cyber resilience. The launch of Cleanroom Recovery further reduces the need for costly data centre infrastructure, offering a secure environment for testing recovery plans and ensuring business continuity.
Arlie, our Generative AI tool, offers real-time responses to enhance cyber resilience. Commvault’s single pane of glass view simplifies data management and backup processes, while Cleanroom Recovery ensures secure, rapid application recovery, reducing on-premises management complexities.
Commvault’s layered threat detection strategy actively monitors live data for early threat warnings, facilitating quick response and mitigation. Features like global deduplication and dynamic provisioning reduce infrastructure costs and enhance scalability, ensuring businesses can adapt to evolving demands with ease. Commvault Cloud’s support for diverse data platforms and workloads highlights our commitment to providing integrated security across all data environments.
With the introduction of the Digital Personal Data Protection Act, 2023 in India, do you see any changes in your customers’ approach to security or compliance?
The Digital Personal Data Protection Act of 2023, enacted in India, has resulted in a noticeable shift in our customers’ approach to security and compliance. Previously, discussions on data classification were largely theoretical, with limited progress towards implementation. However, the imposition of hefty fines, up to 250 crores or two percent of turnover, has instilled urgency and concern among businesses.
Customers are now asking more pointed questions about data management practices. They seek assurance that PII, such as Aadhaar cards or photographs, can be identified and segregated during backups to ensure compliance. Our ability to provide such capabilities, including data segregation and limited access rights, reassures customers in safeguarding sensitive information.
Additionally, there is a growing emphasis on data retention policies and automated deletion mechanisms. Businesses are exploring ways to manage the data lifecycle effectively, including automatic deletion after specified retention periods. This shift indicates a departure from the previous mindset of data accumulation towards a more responsible data management approach.
Do you have any success stories related to cyber resilience or ransomware in the Indian sub-region?
One notable success story in the Indian sub-region relates to Persistent Systems, a prominent global IT services major listed in India and with a strong global presence. Recognizing the critical importance of cyber resilience, Persistent embarked on a journey to fortify its data protection and recovery capabilities, particularly in the face of escalating cyber threats.
Persistent opted for our Commvault Cloud solution to bolster its cyber resilience framework. The company took a comprehensive approach, defining clear Recovery Time Objective (RTO) and Recovery Point Objective (RPO) targets and implementing a robust strategy encompassing cyber insurance, essential tools and technologies, and a thorough recovery plan.
Transitioning from on-premises infrastructure to a pure cloud environment on Azure, Persistent migrated its entire data centre to the cloud, embracing a fully cloud-native approach. With our assistance, they seamlessly moved data from on-prem VMware to Hyper-V on Azure, leveraging our hypervisor transition capabilities and automating data migration processes.
Additionally, Persistent implemented air gap copies within Azure, ensuring secure and immutable storage for critical data. This approach, coupled with extensive cyber resilience testing, enabled Persistent to achieve remarkable results. They reduced restoration time from days to hours, significantly surpassing their RTO and RPO objectives.
Persistent’s success highlights the effectiveness of our solutions in building and validating a comprehensive cyber resilience strategy. This case serves as a compelling example for organizations in the Indian sub-region seeking to enhance their cyber resiliency and recovery capabilities amidst evolving cyber threats.
How do you see the board’s interest and involvement in investing in security?
Boards are increasingly recognizing the critical importance of investing in security, driven by two key factors – physical security concerns and the evolving perception of cybersecurity as a business risk rather than solely a technological one. Global data indicates a heightened seriousness among boards regarding cybersecurity, with a growing emphasis on understanding RTO and recovery metrics.
Regulated industries face even greater scrutiny as regulators demand assurance of robust safeguards against cyber threats. The digitization of operations has further underlined the potential existential risks posed by data breaches, prompting boards to prioritize cybersecurity as a strategic imperative.
Experiences with firsthand breaches have increased awareness among boards, prompting proactive measures to strengthen defences and response mechanisms. As a result, investing in security has become a top action item for boards across industries, with regulated sectors leading the charge in implementing stringent security measures.
How are you utilising AI for cyber resiliency and data management to enhance your data management solutions and protection?
For us, AI serves multiple purposes, primarily enhancing efficiency, scanning for threats, and addressing customer training and enablement needs. From a security perspective, we leverage AI extensively to detect ransomware-related risks. Its rapid data processing capabilities allow for thorough scanning across vast datasets, enabling pattern matching and identifying changes indicative of potential threats. We have integrated AI into our threat scanning solutions, strengthening our ability to detect and mitigate malware by leveraging comprehensive malware databases.
Additionally, our AI-powered assistant, Arlie, plays a crucial role in assisting customers. Arlie offers code assistance for API generation, aids in navigating software interfaces, and ensures data safety, especially in large data lakes. One notable feature is its real-time analysis, providing detailed reports and insights. For instance, users can effortlessly inquire about backup failures or seek integration guidance with specific security frameworks like Palo Alto, with Arlie promptly generating the necessary code.
In practical terms, Arlie simplifies complex tasks by guiding users through software interfaces step by step, similar to having a personal assistant. Moreover, it streamlines reporting processes, allowing users to obtain critical information swiftly and effortlessly. Overall, AI continues to play an expanding role in our operations, streamlining tasks, recognising risks, and enhancing overall efficiency.
How does AI help in high- pressure scenarios?
AI plays a pivotal role not only in identifying ransomware threats but also in the crucial phase of data recovery following an attack. In such high-pressure scenarios, the IT team, along with the board and CEO, are under immense pressure to restore operations swiftly and securely. In these instances, relying on a last known good copy becomes crucial. With AI, we can predict which data copy is clean and safe to use for recovery. This ensures that the restoration process is efficient and minimises the risk of inadvertently restoring malware-infected data. Without the need for writing code or scripting, AI streamlines the recovery process, saving valuable time and resources, especially when dealing with large datasets that would otherwise take hours to recover. This capability provides peace of mind and confidence during data recovery efforts in ransomware situations.
Commvault Cloud, a unified dashboard with AI integration, addresses the challenge of managing multiple dashboards to enhance visibility and control holistically. The integration of everything into one console, with both SaaS and software offerings, not only strengthens cybersecurity defences but also ensures swift recovery, safeguarding valuable information and maintaining business continuity. This consolidation simplifies operations for our customers, making tasks like email archival and desktop backup more streamlined.
Additionally, the increasing adoption of SaaS is streamlined through Commvault’s air gap copy available on Azure, enabling seamless data transfer for recovery without the need for additional infrastructure. Moreover, this service-oriented model on Azure in India minimizes data transfer charges between hyperscalers, further enhancing simplicity for users. We anticipate a surge in the adoption of air gap protection within the next six months due to its straightforward approach.
Continuing the commitment to cyber resilience, Commvault integrates with various partners, including ADRs and XDRs, to share pertinent cybersecurity insights. The partner ecosystem has been integral to the company’s growth trajectory in India and is continuously growing to strengthen our journey towards cyber resilience.
