Strengthening data access security with CyberArk

By David Cunningham

Every organization today is concerned about security and the inevitability of a ransomware attack. 64% of surveyed CISOs feel at risk of suffering a material cyber-attack in the next 12 months. With multi-generational data sprawl that increases the attack surface, recovering from a malicious attack in a consistent fashion becomes increasingly difficult.

Through Commvault’s multi-layered approach to data security and Intelligent Data Services platform, organizations can better manage ransomware risk and ensure their data is ready for business growth.  Commvault’s deep interoperability with applications, databases, cloud, virtual, and container platforms ensures that a great variety of workloads are protected (hence the Commvault mantra of “Never leave a workload behind”).   This interoperability does require special privileged credentials, and that’s why Commvault and CyberArk are combining to help organizations keep their data safe and recoverable from any threat.

The challenge with managing privileged credentials

Managing privileged credentials is a difficult challenge for organizations and, when improperly handled, can lead to accounts getting exploited for malicious use such as data exfiltration, data loss, and corruption.

Ransomware is especially notorious for relying on exploited credentials to spread and propagate within an environment. This puts production data as well as backup data at risk. Aggressive rotation policies provide a better level of security; however, there is greater risk of breaking interoperability within applications that rely on those credentials. 

Securing the privileged pathway

Together, Commvault and CyberArk are helping organizations solve this growing security issue head-on.

Global Identity Security leader CyberArk pioneered privileged access management (PAM), a critical layer of IT security to protect data, infrastructure, and assets across the enterprise, in the cloud and throughout the DevOps pipeline. As attackers increasingly seek to exploit privileged credentials and elevated access to compromise high-value data, CyberArk has been at the forefront of protecting organizations and their most sensitive assets.  The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 500.

With Commvault and CyberArk, organizations can reduce the risk of privileged account compromise by centrally managing credentials and enforcing strict password retention and rotation policies without affecting interoperability within the Commvault platform. CyberArk’s privileged session management plugins support any application account used within Commvault as well as any local admin accounts.

Privileged Session Management for secure administration

CyberArk has also integrated its privileged session management capabilities with Commvault. This provides secure administrative access to the Commvault management interface without ever exposing administrative credentials. This can be thought of as a password-less login session that isolates end users from direct access to target systems, as well as monitors and records the activity that occurs within the privileged session. The SecOP teams can manage local Commvault administrative credentials allowing them to implement stricter password complexity requirements and provide administrative access to Commvault without ever exposing the passwords to the end user.

Improved RTO and RPO

With these key CyberArk integrations, #SecOps teams now have full control to enforce the policies required to keep an organization safe and compliant without any impact to Commvault operations. This greatly improves recovery point and time objectives within Commvault while improving security posture for the organization.

These CyberArk plugins are available in the CyberArk Marketplace for CyberArk customers.  They are supported on Commvault 11.19+ and above platforms. To download the plugins, head over to the CyberArk Marketplace.

For more information, you can read this solution brief, view this demonstration video, or visit commvault.com/ransomware.