Skip to content
  • Resources
  • Case Studies
  • SMMPA Unified Backup, Recovery, and Cyber Resilience with Commvault

How SMMPA Unified Backup, Recovery, and Cyber Resilience with Commvault

Serving 17 municipal utilities with a two-person IT team, SMMPA uses Commvault to protect critical systems, meet cyber insurance requirements, and validate clean recovery with confidence.

Long-term platform confidence

Insurance requirements addressed

Minimal backup management overhead

<1 hr/mo

SMMPA spends less than one hour per month managing backups because automated reporting surfaces issues without requiring daily manual checks.

5–10 min

Software updates download in five to ten minutes, and upgrades take about five minutes per system.

1 platform

SMMPA consolidated physical backup, virtual workloads, Microsoft 365 protection, AirGap , and Cleanroom in one Commvault platform.
CHALLENGE
  • Legacy backup software removed needed features and introduced a less intuitive interface.
  • A lean IT team needed one platform for physical, virtual, and cloud protection.
  • Cyber insurance reviews increasingly emphasized air-gapped backups, malware scanning, recovery objectives, and recovery confidence.
SOLUTION
  • Commvault replaced a fragmented backup approach with one application across core workloads.
  • Metallic Microsoft 365 backup extended protection to cloud email and collaboration data.
  • Commvault Air-Gap and Commvault Cleanroom added isolated recovery and cleaner validation for ransomware scenarios.

 

RESULTS
  • SMMPA reported a significant reduction in cyber insurance premiums.
  • Backup operations now run with minimal hands-on effort and automated visibility.
  • Annual clean room tests validate readiness today, with biannual exercises under consideration.
A long-term Commvault customer expanded from backup to full cyber resilience
SMMPA is an electric wholesale utility serving 17 member municipalities with approximately 50 employees. Its two-person IT team is responsible for everything from help desk support to backup, recovery, and corporate cybersecurity. That operating reality shaped every technology decision: the team needed protection that was dependable, efficient, and manageable without adding operational complexity.

“Our previous solution kept changing and removing the features we relied on. With Commvault, it has been the exact opposite. The platform keeps growing, the capabilities keep improving, and after more than ten years, we have never had a reason to look anywhere else. ”

Alan Wagner

Manager of IT and Corporate Cybersecurity, SMMPA

When the status quo stopped working

SMMPA’s journey with Commvault began in early 2014, after its previous backup product became harder to trust. According to Alan Wagner, a major release removed features the team depended on and introduced a dramatically different interface.

For a small team already stretched across infrastructure and security responsibilities, that was more than an inconvenience—it was added risk. The organization evaluated Commvault alongside Veeam and ARCserve. What separated Commvault was its ability to handle both physical and virtual backup in a single application.

Veeam’s physical backup capability was not as strong for SMMPA’s needs, while ARCserve would have required multiple modules to achieve the same coverage. For a public-sector utility focused on resilience and operational simplicity, fewer moving parts mattered.

“Commvault was the only platform that handled everything we needed in a single application: physical servers, virtual machines, and cloud workloads. No extra modules. No integration risk. That simplicity was the deciding factor.”

— Alan Wagner, Manager of IT and Corporate Cybersecurity, SMMPA

From backup tool to resilience platform

Commvault became SMMPA’s operational foundation for backup and recovery, initially protecting file servers, SQL Server, Active Directory, and other core systems. As the organization moved more of its collaboration environment to Microsoft 365, it added Metallic backup for cloud-based email and productivity data. Later, as cyber insurance requirements evolved and ransomware recovery expectations became more explicit, the team expanded again—this time with AirGap  and Cleanroom . Cleanroom  was implemented in February and March 2025. SMMPA uses it to validate that priority workloads—such as domain controllers, file servers, SQL servers, application servers, and print servers—can be restored in an isolated Azure-based environment without reintroducing potentially malicious data into production.

“We were looking for additional ways to safeguard and protect our environment. Cleanroom Recovery felt like a natural and valuable addition to our recovery strategy.”

— Alan Wagner, Manager of IT and Corporate Cybersecurity, SMMPA

Practical deployment with responsive support

Implementation followed the same pattern as SMMPA’s broader Commvault experience: practical, phased, and supported. In the original 2014 deployment, the team brought workloads online one at a time and relied on technical support to resolve configuration issues until everything was operational within roughly two months. During the Cleanroom implementation, the biggest challenge was getting VMware virtual machines working smoothly after they were restored into the Azure container. SMMPA also encountered some documentation mismatches. In both cases, Commvault support helped the team work through the issues and complete testing successfully. That mattered for a small IT organization where speed of resolution is as important as product capability.

Confidence, efficiency, and lower premiums

The most important outcome for SMMPA is confidence in clean recovery. The team has not needed to use Cleanroom in a real-world incident, but it runs annual tests and is considering a move to biannual exercises to keep recovery procedures familiar. That testing discipline supports a broader cyber resilience strategy while reducing uncertainty around whether restored systems would bring malware back into production. Operationally, Commvault also reduced day-to-day management overhead. Automated reporting means the team does not have to log in every day to verify jobs; it can focus only on exceptions, keeping backup administration under one hour per month. Upgrades are also faster and more predictable, with software downloads taking five to ten minutes and upgrades taking about five minutes per system. SMMPA also stated that deploying Air-Gap and Cleanroom contributed to a significant reduction in cyber insurance premiums.

“Cleanroom Recovery gives me a more secure feeling that if something happened, we would be able to get back up and running in a reasonable amount of time—without the concern, or with a minimal concern that there’s something malicious in the data being restored.”

— Alan Wagner, SMMPA

A platform built to grow with them

SMMPA’s story is not just about adopting Commvault once—it is about continuing to expand its use over time as operational and security needs changed. That progression is a strong proof point for differentiation. The organization started with unified backup, moved into Microsoft 365 protection, then added air-gapped protection and clean-room validation as cyber resilience requirements increased.

Throughout that journey, the deciding factors stayed consistent: one platform instead of multiple tools, support that helped a small team stay productive, and new capabilities that addressed current risks without forcing a forklift change.

For government and utility organizations managing critical operations with lean staff, that combination of continuity and extensibility is what makes the platform valuable.

“In the backup and recovery world, it is very hard to move away from a platform you trust. Commvault has given us no reason to look elsewhere, and every reason to stay.”

— Sam Mack, IT/OT Cybersecurity Specialist, SMMPA

CAPABILITIES

Commvault Cleanroom Commvault AirGap Microsoft 365 Backup Storage
Ready to get started?
Request demo Contact us