Well, we're not a security company, we're a data management company. But one of the first thing that happens if you do get compromised or if you have do have a service that goes away is you've got to first identify what happened and secondly, get that service back as quickly as possible. Thirdly, you need to work with the PR people and figure out how you're going to, if it's required, how you're going to tell the public what happened. Because the longer these things fester, the worse it becomes for you when the public/consumers find out. People were angry with Sony because there were months of data that was stolen and they didn't say anything. Had they come out and say, "We've had a breach, we have a problem", then people could have begun checking and making sure their data was safe and not compromised.
From CommVault's point of view, we're really into classification of our customers data. We're able to help customers understand what kind of data they have and where that data is located. This is important because data is everywhere now. Data is in multiple clouds, multiple disks and data centers. Where are the copies of data, where has data changed? CommVault can help with like an intrusion, detection system or host-based intrusion detection system network based, where enterprises can say, "Well, we think we have had a breach. We are unsure." CommVault can help identify what's changed in this set of data that belongs to this business service. Enterprises can therefore now know exactly where to look, identify that data, roll back with CommVault and put the old data back in and say, look out where you were 4 hours ago before the breach. This can be done using snapshots, and leverage snapshots on everybody's hardware, get it up and running again.
CommVault also lets you take physical and virtual machines. I have a virtual machine running in my data center. I can put a virtual machine in the cloud like a Microsoft cloud. CommVault can make sure that the one in the cloud is in sync with the one in the terrestrial data center. I can say this one has been compromised but that one is still good.
You can do the sync and the data will not get corrupted?
You can do the sync within as little as 15 minutes or as much as several hours. This can be a strategy and this is what the CIO and the CISO (Chief Information Security Officer) have to decide, what their plan is for a 4-hour business resumption or a 24-hour disaster recovery plan. By classifying the data with CommVault and mapping the data to specific business functions, you can decide which is mission critical, hence this can't be down for more than an hour. Here's what our plan is and not waste time and money on the rest of it that you don't actually need. What we find is that most IT organizations don't know what they've got because they have inherited data over the years from acquisitions and mergers. Data is being stored because people are afraid to erase it. Whether the data are of use, the data sits in hardware, which costs money.
Sign up for CIO Asia eNewsletters.