The IT Nerd

BY JAKUB LEWANDOWSKI – COMMVAULT

Happy 2023 Data Privacy Week!

Just as everyone started to get more or less cozy with the regulatory landscape in data privacy/protection and individuals and businesses learned to navigate the shallow waters of data subject requests, risk management, and impact assessments – BOOM   – another tidal wave of regulatory requirements and new challenges rushed in!

2023 is the perfect moment to start internalizing new acronyms (get ready for #NIS2, #DORA, #DPDPB, #CPRA, #CCPA, #CPA, #CDPA, #UCPA, #VCDPA, #ADPPA, #PrivacyPenaltyBill) and legislative acts they stand for.

The underlying motive of the upcoming changes is to boost and enhance the cybersecurity postures of various organizations and manage evolving cyber risks more effectively.

Here is a helicopter view of selected legal developments around the world:

• EU – Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2)
• EU – Regulation on digital operational resilience for the financial sector (DORA)
• US – State & Federal privacy laws
• India – Digital Personal Data Protection Bill (DPDPB)
• Australia – Privacy Penalty Bill & overhaul of the Privacy Act 1988

NIS2

According to ENISA, the general spending on cybersecurity is 41 per cent lower by organizations in the EU than by their US counterparts. With the arrival of NIS2, this ratio is expected to shift to cover this enormous gap at least partially. Conservative estimates are that NIS2 entry in force will translate into a ~22 per cent increase in ICT spending over a 3–4-year period.

NIS2 was published just before year-end, and EU Member States now have 21 months to transpose requirements and mechanisms described into national laws. The 2016 NIS Directive – despite shortcomings – served as a cornerstone for increasing Member States’ cybersecurity capabilities. Now, NIS2 will expand the scope and the list of impacted organizations. It is expected that as many as 160 000 organizations will be subject to this new legislation, including digital services providers (platforms and data centre services), electronic communications networks and services providers, manufacturing, food, and the public sector.

NIS2 aims to strengthen cybersecurity postures by, amongst other: improving cybersecurity governance, addressing the security of supply chains, streamlining reporting obligations (early warnings/shortened notification periods), and introducing more stringent supervisory measures and stricter enforcement requirements.

What can you do right now?

• First, try to understand which obligations will apply to your organization and in which compliance bucket your organization will fall into: “Essential Entity,” “Important Entity,” or maybe “other.”
• Next, see if you can create synergies and leverage existing technical and organizational measures implemented during preceding compliance efforts (e.g., GDPR, NIS1, etc.)
• Start looking for the right partners that can adequately support your compliance efforts. Engage your vendors in discussing the approach that best fits your organization.
• Last but not least, initiate planning for increased spending to address any remaining gaps. In compliance could result in administrative fines of up to 10 million euros or up to 2 per cent of the total annual worldwide turnover of the organization.

DORA

DORA aims to achieve “a high common level of digital operational resilience,” mitigating cyber threats and ensuring resilient operations across the EU financial sector. It will become directly applicable from January 17th, 2025. It will impact the financial sector (banks, insurance companies, investment firms) and its ICT providers (i.e., cloud platforms) – roughly around 22,000 organizations.

New requirements imposed by DORA will effectively boil down to reviewing and updating risk management practices. Financial sector customers will need to transfer as many regulatory risks as possible to ICT providers or apply different risk-mitigating strategies. In any case, ICT providers will need to be able to assure adherence to DORA’s requirements. The whole industry will also need to reassess contractual relations with vendors. DORA will incorporate requirements for contracts between financial companies and their critical ICT providers, including the location where data is processed, service level agreement descriptions, reporting requirements, rights of access, and circumstances that would lead to terminating the contract.

In a separate post – Commvault’s Product Team will perform a more technical deep-dive into DORA’s requirements related to detection (art. 10), response and recovery (art. 11), and backup (art. 12).

US data privacy laws – CPRA/CCPA, CPA, CDPA, UCPA, VCDPA, ADPPA

As of January 1st, 2023, California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act 2018 went into effect. Many temporary exemptions in place expire, imposing additional obligations on companies dealing with California residents’ personal information, e.g., regarding employment-related personal data, opt-out from selling personal information.

2023 is also the year when the Colorado Privacy Act (CPA), The Connecticut Data Privacy Act (CDPA), The Utah Consumer Privacy Act (UCPA), and The Virginia Consumer Data Privacy Act (VCDPA) will become effective. Legislative fragmentation risk is imminent and substantial, and this is the kind of risk that caused the European Union to harmonize the regulatory approach. Let us see whether the same will be true in 2023 in the case of the American Data Privacy and Protection Act (‘ADPPA’) – a proposal for a federal and general data privacy law.

India – DPDPB

Indian legislators plan to introduce a very ambitious Digital Personal Data Protection Bill (DPDPB) this year. When enacted, long-awaited legislation will undoubtedly impact all kinds of organizations due to India’s role as a tech powerhouse and a global outsourcing hub.

Australia – Privacy Penalty Bill & overhaul of the Privacy Act

Australian authorities announced yet another complete overhaul of the Privacy Act dated 1988. The current legislation was summarized as “out of date and not fit for purpose in the digital age.”

In the meantime, still in 2022, Australia passed the Privacy Penalty Bill that increased privacy-related sanctions to levels comparable with trends introduced by GDPR (up to 50m AUD) and expanded regulatory powers of the Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority (ACMA).

Summary

The relentless compliance clock just started ticking again. Cross-functional teams consisting of IT, compliance, privacy, legal professionals, and business analysts will spend considerable amounts of time analyzing the impact of the cloudburst of legislative developments that emerged at the end of last year and will materialize throughout 2023.

Be aware that the legislative developments presented here could be more comprehensive. You can be sure, however, that they will become standard talking points not only in 2023 but also for the years to come.

Commvault, a global enterprise leader in intelligent data services across on-premises, cloud, and SaaS environments, today announced that leading industry research firm GigaOm has named Commvault a “Leader” and “Outperformer” in the new GigaOm Radar for Kubernetes Data Protection for the third year running.

Commvault was evaluated along with 14 other vendors based on execution, roadmap and ability to innovate. According to GigaOm, Commvault is “doing very well by combining solutions for SaaS applications, on-premises (VM-based) infrastructure, containers, and databases efficiently.” Commvault provides Kubernetes data protection through its Commvault Complete™ Data Protection software and Metallic Data Management as a Service (DMaaS) solutions, giving customers the flexibility to choose their preferred storage vendor through their extensive ecosystem.

Kubernetes and containers have not (yet) replaced all cloud and traditional applications – they have integrated into the application landscape and need to be protected accordingly. Over the last year, Commvault has significantly advanced its protection for Kubernetes workloads by integrating, fully automated management, replication, migration, and security enhancements across its portfolio of Intelligent Data Services. According to the GigaOm Radar for Kubernetes Data Protection, Commvault provides effective protection for “hybrid applications that run across Kubernetes, VMs, and cloud services, consolidating backup operations on a single platform.”

To learn more about how Commvault and our Metallic SaaS portfolio ranked in the GigaOm Radar for Kubernetes Data Protection, view the report here.

Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announced a new approach to data protection with the launch of Metallic^® File & Object Archive, a Data Management as a Service (DMaaS) solution designed to lower storage costs, while cost-effectively transforming how organizations navigate the world of Governance, Risk, and Compliance (GRC).

Global and industry GRC-related regulations are constantly changing, creating gaps in an organization’s ability to manage data across live and backup sources, resulting in a lack of visibility and insights, data sprawl, and greater opportunities for data vulnerabilities. Coupled with major shortages in IT staff and strict budget constraints, organizations are struggling, using multiple solutions to meet compliance guidelines and keep their data protected.

Announced at Commvault Connections 2022 and available next quarter, Metallic File & Object Archive directly addresses the need for deep insights into critical data with archive modeling delivered as SaaS with air gapped protection. It is a comprehensive solution for cost-effective data placement leveraging data insights, access controls, tagging, metadata search, audit trails, and reports to help manage compliance needs over a large amount of unstructured data. The result is a lower cost solution that helps reduce the risk of non-compliance. 

With predictable cost modeling, actionable data insights, flexible bring your own storage options, and compliance-ready operations, Metallic File & Object Archive enables organizations to lower costs, meet compliance needs, and reduce management overhead with the simplicity of SaaS.

Metallic File & Object Archive will be discussed in more detail during the Connections session, “More Data, More Risk? Introducing Our Latest SaaS-Delivered Data Service.” Register here to listen in and attend the interactive experience.

To learn more about Metallic File & Object Archive and how it can help lower costs, reduce risks, and support an organization’s GRC strategy, please visit metallic.io/file-object-archive.

Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announced expanded protection for Kubernetes workloads, including fully automated management, replication, migration, and security enhancements, across its entire portfolio. The new features, delivered through Commvault Complete™ Data Protection and Metallic® offerings, provide customers with simple management and enterprise-grade protection for hybrid, multi-cloud environments. 

Organizations are increasingly adopting Kubernetes to modernize their environments and accelerate the migration of applications to the cloud. According to Gartner, by 2025, 85 per cent of global enterprises will be running containerized applications in production.

By integrating Kubernetes protection into its portfolio, Commvault is enabling enterprises to innovate. The latest Kubernetes data protection enhancements include:

• Complete, cloud-native protection and recoverability for the entire Kubernetes ecosystem, including full clusters, namespaces, and ETCD and SSL certification protection
• Faster, simpler development testing and lifecycle events with seamless migrations of Kubernetes applications between clusters, distributions, versions, and storage
• Cost-effective disaster recovery by replacing business-critical applications offsite for on-demand application recovery – with no long-running infrastructure 

Named a leader and outperformer in GigaOm’s 2022 Radar report for Kubernetes Data Protection, Commvault’s Metallic portfolio is the only Data Management as a Service (DMaaS) solution to meet FedRAMP Ready High status, addressing a critical gap in the market. Partnering with NetApp, Commvault delivers Metallic Government Cloud, providing much needed Kubernetes data protection to federal and government agencies.

To learn more about Commvault’s Kubernetes offerings, register now for Commvault Connections, where Poulton will be leading a session – “Is Kubernetes Cloud-Native Data Protection the Next Frontier?”

Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announced the dates for Commvault Connections 2022, a best-in-class cloud data management experience that will provide customers and partners with insights and best practices they need to Innovate with Confidence. A global event, Connections will feature multiple regional broadcasts starting on November 2^nd in the Americas and November 3^rd in EMEA and APJ.

An event for data-minded IT decision-makers, Commvault Connections offers a uniquely interactive experience, featuring virtual exhibit booths, a live DemoZone, and a customer panel where attendees will gain real-world cloud transformation advice from companies like American Pacific Mortgage. The event’s packed agenda includes solution tracks centered around the key aspects of business transformation – Fending Off Ransomware, Modernizing Data Management, and Investing Wisely. Plus, new for 2022 is Commvault’s inaugural Customer Innovation Awards and sponsored partner solutions sessions with Microsoft, Oracle, and more to be announced:

• Microsoft: Protect Your Critical IT Assets with Azure, featuring Saurabh Sensharma, Sr. Product Manager, Azure Storage, Microsoft and David Ngo, CTO, Metallic, Commvault
• Oracle: Protecting Against Ransomware in a Multi-Cloud World, featuring Joe Corvaia, GVP, NACT ISV, MGS and MSP Sales, Oracle and Alan Atkinson, Chief Partner Officer, Commvault

Bill Mew, Chair of Cyber Working group for IARCC and CEO of Crisis Team said, “Connections 2022 is not only coming at exactly the right time, but its focus is spot on. An intelligent, integrated approach to data management and security from proactive cyber deception strategies to effective recovery strategies, as Commvault is doing to help clients reduce the impact of ransomware attacks, is now essential.”

Event attendees will walk away with the tools to transform their business amid today’s IT, security, and resource complexities. To attend Connections 2022, register here.

Solution Tracks:

Commvault Connections will feature three solution tracks with three sessions each:

Modernizing
Data Management: When your business dreams it, you need to deliver. Take charge by embracing a modern data management strategy that intelligently scales fast, supports new workloads, and enables you to use your data in creative ways.

Fending Off
Ransomware Attacks: While they may be inevitable, breaches, leaks, and losses don’t have to be disasters. Get on the offense with our proactive and responsive data protection capabilities that keep your data safe and your company out of the headlines.

Investing Wisely: Innovation may be priceless, but budgets aren’t endless. We can help you find the right balance gaining value from your data while managing your costs to protect it on your journey to the cloud.

Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announced the general availability of Metallic ThreatWise an early warning system that proactively surfaces unknown and zero-day threats to minimize compromised data and business impact. 

According to Enterprise Strategy Group, only 12 per cent of the IT directors surveyed indicated confidence in having the proper tools and necessary location agnostic protection to secure data equally across on-premises and cloud.

With ThreatWise, Commvault is further defining data security with an early warning that no other vendor in this space provides. It uses decoys to proactively bait bad actors into engaging fake resources, spot threats in production environments, and arm businesses with tools to keep data safe. Simultaneously, Commvault is also extending its machine learning and critical threat detection and security capabilities to its broader platform, which is available today. 

Availability and to Learn More

Metallic ThreatWise, along with Commvault’s latest platform update features are available now. To learn more, join us at Commvault Connections, to take part in live demos and engage in industry sessions. To get started today on your new data protection journey, register here.

Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announced that data protection industry veteran Alan Atkinson has joined the company as Chief Partner Officer. Atkinson will report to Riccardo Di Blasio, Commvault’s Chief Revenue Officer.

Atkinson brings a wealth of cloud and data protection experience to Commvault – from building the industry’s first, pre-eminent cloud service provider to leading WysDM Software until it was acquired to driving technology strategy and commercial sales at Dell. Under his leadership, Commvault will further strengthen the company’s strategic alliances with cloud partners and continue to galvanize and grow its partner program.

Commvault, a global enterprise leader in cloud data management, today announced that Gartner, a company that delivers actionable, objective insight to executives and their teams, has given it the highest Product Score across all three use cases in the 2022 Critical Capabilities report: Data Centre Environments (4.23/5), cloud environments (4.18/5), and edge environments (4.22/5).

Commvault Complete Backup & Recovery scored highest  in all three use cases evaluated in this research. Commvault was also recently named a Leader in the 2022 Gartner Magic Quadrant™ for Enterprise Backup and Recovery Software Solutions, here Commvault has been positioned for its “Ability to Execute” and “Completeness of Vision.” 

Scoring the highest across all three Use Cases for three consecutive years speaks to Commvault’s commitment to innovation in protecting, managing, and securing today’s broadest range of workloads for on-prem, edge, and multi-cloud environments.

Commvault’s software and its Metallic SaaS solutions, can ensure data is protected and recoverable wherever it lives and however the customer wants it managed – as software, SaaS-delivered, an integrated appliance, or through a member of Commvault’s expansive partner ecosystem.

To read the 2022 Gartner Critical Capabilities for Enterprise Backup and Recovery Software Solutions and the latest Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions report, visit: https://www.commvault.com/itleaders. 

Commvault, a global enterprise leader in cloud data management, today announced that it has been positioned by Gartner as a “Leader” in its most recent report: “2022 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions.”[1]

The 2022 Gartner Magic Quadrant evaluates vendors based on a range of factors, including completeness of vision and ability to execute.

As enterprise IT organizations are faced with challenges such as ransomware attacks, rampant data proliferation, rising security threats, and resource limitations, they need solutions that not only protect against these threats, but also detect them before they happen. As a result, customers are turning to Commvault to mitigate risk with its integrated software and SaaS solution for air-gapped ransomware protection. Additionally, Commvault expanded its portfolio to include Threatwise™ which gives customers extended end-to-end proactive and responsive ransomware protection. 

Commvault continues to expand its offerings with its broad partner ecosystem to engineer and deliver solutions designed to change the face of the hybrid cloud for customers. Most recently, Commvault partnered with Oracle to include Metallic Data Management as a Service (DMaaS) on Oracle Cloud. As part of Commvault’s multi-cloud strategy, Metallic’s industry-leading services will be offered on Oracle Cloud Infrastructure (OCI) and available in all commercial OCI regions globally. 

To read the 2022 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions report, visit: https://www.commvault.com/itleaders. 

By Bernard Laroche, VP, Global Strategic Partners, Commvault

The Commvault and NetApp partnership is strong – built on a 15 year history of delivering modern data management solutions to more than 1,200 customers. Together, we address customers’ most challenging data management pain points, especially data loss as a result of ransomware, internal bad actors, or accidental deletion.

To combat these concerns and provide a more flexible model for our joint customers, we’ve expanded our partnership with NetApp to offer Metallic® Office 365 Backup as a replacement for NetApp’s discontinued support for O365 backup. Commvault’s award-winning Metallic Data Management as a Service (DMaaS) provides the tools customers need to manage, migrate, access, and recover their data – no matter where it lives – while also reducing cost and risk. It’s everything you’d expect from an enterprise-grade solution, but with the simplicity and cost-savings of SaaS.

Today, the Metallic portfolio works seamlessly across NetApp’s data fabric and brings industry-leading DMaaS to customers’ hybrid workloads. Get a first look at how our solutions work together this week during Microsoft’s annual Inspire event. 

NetApp’s Only SaaS Backup Solution for Office 365 Data

The addition of Metallic®Office 365 Backup solves one of today’s biggest needs – broad-ranging protection for our customers’ most used Office 365 applications. From Exchange and Teams, to OneDrive, SharePoint, and more, companies rely on Office 365 applications to maintain day-to-day business operations, making the data within these applications critical. And while Microsoft manages the physical infrastructure and network elements of Office 365, the customer is responsible for their own O365 data. With Metallic® 

Office 365 Backup, customers get that extended long-term data retention they need, seamlessly safeguarding their business from deletion, corruption, and ransomware attacks. 

• Complete Coverage: Metallic offers comprehensive SaaS protection across Office 365 applications, as well as unlimited Azure storage and retention. With granular restore, customers can effortlessly locate active or deleted data, rapidly recover from attack, and easily meet business SLA and compliance requirements. 
• Hardened Security: Metallic’s multi-layered approach to security meets the most stringent of safety standards. Its built-in privacy protocols and zero-trust access controls, along with the ability to provide virtual air-gapped backup copies, safeguards customers’ most critical Office 365 data from data loss and threats.
• Seamless SaaS: Metallic® Office 365 Backup removes the complexity of data backup and protection, offering hassle-free deployments, flexible subscriptions, and no maintenance and management requirements. With no hardware, installation, or large upfront capital investments and zero egress fees or hidden storage charges, Metallic has been proven to reduce costs, ensuring customers only pay for what they need.

Commvault and NetApp are leading the way in digital transformation – providing customers with the flexibility and security to manage and protect their data whenever they need it, wherever it resides. Together, we are offering customers the data protection and management strategy that is built to address the challenges of today and tomorrow.

Metallic® Office 365 Backup is available globally on the NetApp price book. 

Interested in seeing the solutions in action? Don’t forget to check us out this week at Microsoft Inspire! We’ll have demos, customer stories, on-demand sessions, and more!