IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Calm before the GDPR storm: An exclusive interview with Commvault
Thu, 24th May 2018
FYI, this story is more than a year old

Don Foster is a Commvault veteran.

Over 15 years ago, he began to work his way up through the ranks to the company's product management division. Today, he holds a global position as senior director of solutions marketing, a role that sees him lead a worldwide solutions marketing team.

He's a key bridge between customers' needs and expectations and ensuring Commvault's products are aligned with these needs.

For customers around the world, those needs are most likely related to data management, and on May 24th, the day before the implementation of the EU's GDPR, we can assume data regulation and compliance is very top-of-mind.

"GDPR is not just about your production data,” warns Foster.

“It's so much more complex than that. It includes everything including secondary data, and many would say secondary data is probably the more difficult challenge for many companies."

"Organisations are becoming more digital, and as customers become more digital, they are creating more data. The interesting thing about secondary storage is it can be 2-3 or, in some cases, 5 times the size of what product storage is."

"That's because of all the use cases existing in the enterprise from dev and test and backup to how you do use case validation, and reporting; there are a number of reasons why customers need secondary storage copy.

“That drive to protect the new digital business, while enabling it, is what's driving a massive boom in secondary storage, as well as production storage.

"Here's an example. My kids like to play video games, and I play video games with them sometimes. There's a video game store that's actually shutting its doors because of GDPR; because they couldn't actually secure their data in the European Union corporately for their customers."

"They would have to completely redo the way their online game community was structured. That's an interesting outcome of what could happen when you start to look at what this regulation really means."

"Secondary storage usually houses a copy of everything you have in your production storage. So, if you have trouble keeping your production environment aligned to regulation, I imagine it's going to become even more difficult to ensure the copies of that data in your secondary environment are just as secure."

“Another key thought here surrounding secondary storage is security, and how strong that storage is in terms of protection if the business is hit by a ransomware or malware attack."

"Secondary storage is key to disaster recovery, and customers are starting to focus on how "recovery-ready" they are. What's driving this trend is the rise in ransomware/malware attacks that we've seen globally.

"Executives are asking the question 'how ready are we to recover and to get out business back online if we are impacted?' Executives want someone to come in and prove how recovery-ready their business is.

"This is where Commvault can help. We use customers' secondary data to test how recovery-ready they really are, to showcase what operations they need to use in case they get hit by something and then use this information to really improve their overall operations to the point where they might actually have to use these particular plans, and then ultimately, automate it."

Testing your recovery-readiness

However, it's not that easy to become recovery-ready, warns Foster. It's a multi-step process, and Foster says many companies don't even have the first step covered.

"The first step is to make sure you've defined and your writing down what your SLAs are, and what systems you have that need those SLAs.

“If you know that, say, 25% of your systems are critical, and that they need to be back up in less than an hour, then you need to make sure you have that documented and you're aware.

“I know it sounds like a very simple thing to do, but many organisations don't even have this first step completed."

"Once that's done - and this is really where Commvault comes in to help -  you can start using those SLAs to map how well you're actually operating against that outcome.

“What we're talking about here is not being focused on a job or an operation, but focusing on the outcome the company wants.'

“If you don't have a way to show say, these SLAs for these 25 systems with X amount of data need to recovered this quickly - how well am I doing against this? If you can't quickly get those metrics then you obviously have a risk and a gap in your organisation that many can't close."

"Part of what we do is, if these systems are being protected with Commvault, we can use the operational data that we collect on a day-by-day, job-by-job basis and showcase how well you as an organisation are able to meet those SLAs if a disaster were to strike."

"Say there were 100 systems that made up that critical tier and 10% of those were not making their SLA, we are able to provide insights and advice into how you could change your current protection and secondary storage infrastructure to meet the readiness requirements that the organisation has.

“This sheds a whole new light on what it takes to keep a business protected and operational if a disaster strikes."

Challenges ahead for businesses working with IoT

But what about the Internet of Things (IoT)?

Foster says there are still many businesses that are trying to wrap their heads around IoT.

"In many cases, the data from IoT is really only useful for probably the minutes or hours after it has been created. That data gets overwritten pretty quickly. There are some scenarios where that data can get kept for a longer period of time.

“The challenges that lie ahead for business here will come about when IoT data starts to actually generate revenue.

“The real challenge will be, how do you ensure that data is being met by the same sort of governance and compliance policies that the rest of the company's data might be subject to."

"And here is where you get the attorneys and legal involved.

“You need to understand whether or not this data needs to be secured, whether it is personal or not, and the type of devices this data is being transmitted from - all of these are questions that will have to be answered as business becomes more and more digital and increasingly use this type of data to drive business generate revenue."

"One of the places we start when we focus on IoT on the endpoint data; you have workers that are spread across the globe in many organisations that are creating data, maybe not quite the level of a sensor in a watch or an airplane, but they are absolutely creating data - and we can help businesses manage that data and secure that data, and make sure it's a match to different government timelines for regulation."

Don Foster, Commvault's senior director of solutions marketing.