around 50% of all breaches involve compromised credentials<\/a>, so the threat is imminent and has become especially prevalent in the era of social engineering and spear phishing.<\/p>\n\n\n\nWhat Is Multi-Person Authorization?<\/h4>\n\n\n\n MPA is a Zero Trust security measure that enforces a tiered approval process for privileged actions. In following Zero Trust architecture principles, an MPA process assumes the user is not trusted, regardless of their associated capabilities. A quorum of authorized approvers must approve the request before allowing the action to be submitted.<\/p>\n\n\n\n
What Is Compliance Lock?<\/h4>\n\n\n\n Compliance Lock allows organizations to enforce software immutability by protecting data from deletion and retention changes. It keeps your organization \u201ccompliant\u201d to whatever policies you put in place to protect the data. Once configured, Compliance Lock is enabled on Commvault storage, so all associated plans and data are locked in and protected in accordance with the customer\u2019s retention policies.<\/p>\n\n\n\n
Why Are MPA and Compliance Lock Important?<\/h4>\n\n\n\n Privileged actions are sometimes required for us to do our jobs effectively, but there must be checks and balances in place. MPA restricts privileged actions for certain tasks \u201cjust-in-time\u201d (only as needed for a specific task), while Compliance Lock helps organizations retain their data for the defined retention period. This reduces the risk of exposure to destructive actions by accident or by a malicious insider threat.<\/p>\n\n\n\n
What Does Commvault\u2019s MPA Solution Provide?<\/h4>\n\n\n\n Commvault has offered MPA controls and Compliance Lock for several releases, managed as an opt-in security control within the Security IQ dashboard. Commvault\u2019s MPA is available across the entire Commvault cloud estate (software and SaaS). We provide MPA for data deletion, and data recoveries within the Command Center, CommServe Console, and API and CLI interfaces. Compliance Lock is available as a software immutability option that is configurable on storage targets. This is often used alongside storage level immutability\/WORM options. Both security features provide a multi-layered security approach.<\/p>\n\n\n\n
When Will MPA and Compliance Lock Be Available?<\/h4>\n\n\n\n Commvault will enable MPA for actions that may cause bulk data deletion and compliance lock for AGP storage by default starting with release CPR 2024E (11.36) and above. This is expected to go live for Tech Preview on June 15, 2024.<\/p>\n\n\n\n
Once MPA is enabled, data deletion will no longer be processed immediately. Instead, it will send out an email request to all approvers to authorize the request. Approvers can approve or deny the request by clicking the appropriate link in the email or by submitting the response within the Approvals dashboard in Command Center. The deletion request will not be submitted for processing until enough approvals have been submitted.<\/p>\n\n\n\n
Compliance Lock will only be enabled by default for AGP storage. Once enabled, all apps and servers associated to the Compliance Lock storage will be locked from deletion. Retention policies cannot be changed as well.<\/p>\n\n\n\n
These new controls could have operational impact for users during certain administrative maintenance periods, but, as with many other security controls, the benefits to the safety of your data far outweigh the minimal operational impact that might occur.<\/p>\n\n\n\n
For deeper information on the requirements and flow for Commvault\u2019s MPA solution, see the Commvault documentation<\/a>.<\/p>\n\n\n\nContinuing to Help Build Your Cyber Resilience<\/h4>\n\n\n\n At Commvault, we continuously evaluate the threat landscape, so we can build solutions and provide smart defaults to secure your digital estate. We strive to be your trusted partner as you navigate this complicated world of cyberthreats. And as your partner, we will help you achieve true cyber resilience powered by the Commvault Cloud platform.<\/p>\n","protected":false},"excerpt":{"rendered":"
As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.<\/p>\n","protected":false},"author":164,"featured_media":519004,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_custom_css":"","_custom_js_footer":"","_page_background_color":"","_remove_from_search":false,"_dark_mode":false,"_light_footer_mode":false,"_sidebar_form":{"id":"","name":"","cta":"","redirect":""},"_alert_notification_bar":{"show":true,"bg_color":"","content":"","call_to_action_label":"","call_to_action_link":""},"_footer_cta":{"show":false,"title":"","subtitle":"","cta_text":"","cta_link":"","background":{"id":0,"url":""}},"_cmv_customer_logo":{"id":0,"url":""},"_jetpack_memberships_contains_paid_content":false,"i18n_hreflangs":"","footnotes":""},"categories":[1064],"tags":[],"cmv_author":[861],"class_list":{"0":"post-519003","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-commvault","8":"cmv_author-david-cunningham","9":"entry"},"yoast_head":"\n
New Layers of Data Defense: Multi-person Authorization & Compliance Lock | Blog<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n \n \n\t \n\t \n\t \n","yoast_head_json":{"title":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock | Blog","description":"As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","og_locale":"en_US","og_type":"article","og_title":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock","og_description":"As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.","og_url":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","og_site_name":"Commvault - English - United States","article_publisher":"https:\/\/www.facebook.com\/Commvault\/","article_published_time":"2024-06-07T13:00:00+00:00","article_modified_time":"2024-06-05T14:22:16+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","type":"image\/png"}],"author":"rijnashpk","twitter_card":"summary_large_image","twitter_creator":"@commvault","twitter_site":"@commvault","twitter_misc":{"Written by":"rijnashpk","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#article","isPartOf":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense"},"author":{"name":"rijnashpk","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/e8397b26dc620551baacfb35c66ec01d"},"headline":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock","datePublished":"2024-06-07T13:00:00+00:00","dateModified":"2024-06-05T14:22:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense"},"wordCount":730,"publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","articleSection":["Commvault"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","url":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","name":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock | Blog","isPartOf":{"@id":"https:\/\/commvault-new.go-vip.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#primaryimage"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","datePublished":"2024-06-07T13:00:00+00:00","dateModified":"2024-06-05T14:22:16+00:00","description":"As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.","breadcrumb":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#primaryimage","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.commvault.com\/"},{"@type":"ListItem","position":2,"name":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock"}]},{"@type":"WebSite","@id":"https:\/\/commvault-new.go-vip.net\/#website","url":"https:\/\/commvault-new.go-vip.net\/","name":"Commvault - English - United States","description":"","publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/commvault-new.go-vip.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/commvault-new.go-vip.net\/#organization","name":"Commvault","url":"https:\/\/commvault-new.go-vip.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","width":1200,"height":628,"caption":"Commvault"},"image":{"@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Commvault\/","https:\/\/x.com\/commvault","https:\/\/www.instagram.com\/commvault\/","https:\/\/www.linkedin.com\/company\/commvault","https:\/\/www.youtube.com\/user\/commvault","https:\/\/en.wikipedia.org\/wiki\/Commvault"]},{"@type":"Person","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/e8397b26dc620551baacfb35c66ec01d","name":"rijnashpk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/37c838d5879db9a6fc3632ac17fcc4a8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/37c838d5879db9a6fc3632ac17fcc4a8?s=96&d=mm&r=g","caption":"rijnashpk"}}]}},"jetpack_featured_media_url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/519003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/users\/164"}],"replies":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/comments?post=519003"}],"version-history":[{"count":2,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/519003\/revisions"}],"predecessor-version":[{"id":519006,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/519003\/revisions\/519006"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media\/519004"}],"wp:attachment":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media?parent=519003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/categories?post=519003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/tags?post=519003"},{"taxonomy":"cmv_author","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/cmv_author?post=519003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}