By Kevin Zawodzinski
We all know that there is a TON of sensitive data in every organization and company. This data could relate to Personally Identifiable Information (PII), Government Classified Information (TS), Protected Health Information (PHI), Intellectual Property (IP) or countless other data types.
Recently, I’ve had more than a few conversations about the responses that organizations have, legally or procedurally, to prevent or react to exposure of sensitive data. Along with the proverbial alphabet soup of acronyms for how we reference data types, there are just as many regulations that do the same – GDPR, CCPA, CMMC, HIPAA, NIST 800-171, etc.
Regardless of the data type or regulation, one thing is certain: If data is exposed to unauthorized users then some action is required. This will likely include deletion of the data in unauthorized locations and removal from any associated backups. This is where Commvault comes in……
Unlike our competitors, our architecture provides flexibility and allows us one VERY simple action that others simply can’t do: Delete a file or set of files from an existing backup set.
Let me explain. When a backup inadvertently contains sensitive data, something must be done to remove it. This is to prevent accidental, or intentional, recovery to the wrong location (and possible exposure) in the future.
So what does Commvault software do?
Either via Commvault Activate™ or our standard search tools, our solutions find the file and delete it. Simple, easy and effective. Of course, we have permission controls and myriad different ways to ensure this can’t/doesn’t happen by anyone without the correct authority, but the very nature of how we handle metadata and data provides this ability.
What does our competition do?
Delete the ENTIRE backup set.
Let’s illustrate this with a simple example:
Say you work for a company and you inadvertently save a top-secret file called “Don’t Share Me” to NAS share. All of your backups are done at the Share Level – in this example “Docs of Mine.” If we needed to remove “Don’t Share Me” from the backup of your documents with Commvault, you leverage our tools to find the document, delete the document from the source and all subsequent backups. Easy, done.
If you need to do this on [INSERT COMPANY NAME], you will need to delete the backup of ALL OF YOUR FILES to accomplish the same result. In other words, for as long as the file was on your share and being protected via backups, you need to delete every backup to eliminate the exposure. This leaves the customer in an extremely vulnerable position with either no backups for that data set after the deletion, or being exposed to potentially recreating the data breach at a later date via restore.
What does our competition suggest as a workaround to this architectural shortcoming? Make smaller backup sets to reduce the exposure of deleting an entire set of data. This is what we term – DAY 2 Overhead. In this example, they would suggest that you have 10 times the amount of backup jobs PLUS delete all other backup data that shared the specific location with the sensitive data. Due to the lack of flexibility of the competitors, they are asking you to make the administrators’ life harder. Wait, I thought they were simple?
Think about this same scenario when it comes to ransomware. With the median time between intrusion and detection being 11 days and the containment duration being 49 days, infected files could be scattered amongst your valuable data. How do you ensure that your backups don’t expose you further without the simple and flexible capability that Commvault has to offer?
The end result: our comprehensive solution, that was built to last, lives up to its No. 1 reputation – simple and powerful.
Kevin Zawodzinski is Commvault’s Vice President, Sales Engineering.