{"id":519003,"date":"2024-06-07T09:00:00","date_gmt":"2024-06-07T13:00:00","guid":{"rendered":"https:\/\/www.commvault.com\/?p=519003"},"modified":"2024-06-05T10:22:16","modified_gmt":"2024-06-05T14:22:16","slug":"new-layers-of-data-defense","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","title":{"rendered":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock"},"content":{"rendered":"\n

As evident with Commvault\u2019s recent Secure by Design Pledge<\/a>, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.<\/p>\n\n\n\n

In the ever-evolving cybersecurity space, threats are becoming more sophisticated and widespread. Securing privileged access has emerged as a critical imperative for organizations. Privileged access refers to elevated permissions and rights granted to certain users or accounts within an IT environment, often with the ability to delete, edit, reconfigure, or destroy parts of infrastructure or data.<\/p>\n\n\n\n

In a study of more than 750 enterprises, Oracle found that more than 37% of them had accounts in their organization that were over-privileged<\/a>, causing significant risk. These identities have the potential to wield significant destructive power, especially when privileged accounts are compromised. According to the 2023 Verizon Data Breach Investigation Report, around 50% of all breaches involve compromised credentials<\/a>, so the threat is imminent and has become especially prevalent in the era of social engineering and spear phishing.<\/p>\n\n\n\n

What Is Multi-Person Authorization?<\/h4>\n\n\n\n

MPA is a Zero Trust security measure that enforces a tiered approval process for privileged actions. In following Zero Trust architecture principles, an MPA process assumes the user is not trusted, regardless of their associated capabilities. A quorum of authorized approvers must approve the request before allowing the action to be submitted.<\/p>\n\n\n\n

What Is Compliance Lock?<\/h4>\n\n\n\n

Compliance Lock allows organizations to enforce software immutability by protecting data from deletion and retention changes. It keeps your organization \u201ccompliant\u201d to whatever policies you put in place to protect the data. Once configured, Compliance Lock is enabled on Commvault storage, so all associated plans and data are locked in and protected in accordance with the customer\u2019s retention policies.<\/p>\n\n\n\n

Why Are MPA and Compliance Lock Important?<\/h4>\n\n\n\n

Privileged actions are sometimes required for us to do our jobs effectively, but there must be checks and balances in place. MPA restricts privileged actions for certain tasks \u201cjust-in-time\u201d (only as needed for a specific task), while Compliance Lock helps organizations retain their data for the defined retention period. This reduces the risk of exposure to destructive actions by accident or by a malicious insider threat.<\/p>\n\n\n\n

What Does Commvault\u2019s MPA Solution Provide?<\/h4>\n\n\n\n

Commvault has offered MPA controls and Compliance Lock for several releases, managed as an opt-in security control within the Security IQ dashboard. Commvault\u2019s MPA is available across the entire Commvault cloud estate (software and SaaS). We provide MPA for data deletion, and data recoveries within the Command Center, CommServe Console, and API and CLI interfaces. Compliance Lock is available as a software immutability option that is configurable on storage targets. This is often used alongside storage level immutability\/WORM options. Both security features provide a multi-layered security approach.<\/p>\n\n\n\n

When Will MPA and Compliance Lock Be Available?<\/h4>\n\n\n\n

Commvault will enable MPA for actions that may cause bulk data deletion and compliance lock for AGP storage by default starting with release CPR 2024E (11.36) and above. This is expected to go live for Tech Preview on June 15, 2024.<\/p>\n\n\n\n

Once MPA is enabled, data deletion will no longer be processed immediately. Instead, it will send out an email request to all approvers to authorize the request. Approvers can approve or deny the request by clicking the appropriate link in the email or by submitting the response within the Approvals dashboard in Command Center. The deletion request will not be submitted for processing until enough approvals have been submitted.<\/p>\n\n\n\n

Compliance Lock will only be enabled by default for AGP storage. Once enabled, all apps and servers associated to the Compliance Lock storage will be locked from deletion. Retention policies cannot be changed as well.<\/p>\n\n\n\n

These new controls could have operational impact for users during certain administrative maintenance periods, but, as with many other security controls, the benefits to the safety of your data far outweigh the minimal operational impact that might occur.<\/p>\n\n\n\n

For deeper information on the requirements and flow for Commvault\u2019s MPA solution, see the Commvault documentation<\/a>.<\/p>\n\n\n\n

Continuing to Help Build Your Cyber Resilience<\/h4>\n\n\n\n

At Commvault, we continuously evaluate the threat landscape, so we can build solutions and provide smart defaults to secure your digital estate. We strive to be your trusted partner as you navigate this complicated world of cyberthreats. And as your partner, we will help you achieve true cyber resilience powered by the Commvault Cloud platform.<\/p>\n","protected":false},"excerpt":{"rendered":"

As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.<\/p>\n","protected":false},"author":164,"featured_media":519004,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_custom_css":"","_custom_js_footer":"","_page_background_color":"","_remove_from_search":false,"_dark_mode":false,"_light_footer_mode":false,"_sidebar_form":{"id":"","name":"","cta":"","redirect":""},"_alert_notification_bar":{"show":true,"bg_color":"","content":"","call_to_action_label":"","call_to_action_link":""},"_footer_cta":{"show":false,"title":"","subtitle":"","cta_text":"","cta_link":"","background":{"id":0,"url":""}},"_cmv_customer_logo":{"id":0,"url":""},"_jetpack_memberships_contains_paid_content":false,"i18n_hreflangs":"","footnotes":""},"categories":[1064],"tags":[],"cmv_author":[861],"class_list":{"0":"post-519003","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-commvault","8":"cmv_author-david-cunningham","9":"entry"},"yoast_head":"\nNew Layers of Data Defense: Multi-person Authorization & Compliance Lock | Blog<\/title>\n<meta name=\"description\" content=\"As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Layers of Data Defense: Multi-person Authorization & Compliance Lock\" \/>\n<meta property=\"og:description\" content=\"As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense\" \/>\n<meta property=\"og:site_name\" content=\"Commvault - English - United States\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Commvault\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-07T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-05T14:22:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"rijnashpk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@commvault\" \/>\n<meta name=\"twitter:site\" content=\"@commvault\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"rijnashpk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock | Blog","description":"As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","og_locale":"en_US","og_type":"article","og_title":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock","og_description":"As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.","og_url":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","og_site_name":"Commvault - English - United States","article_publisher":"https:\/\/www.facebook.com\/Commvault\/","article_published_time":"2024-06-07T13:00:00+00:00","article_modified_time":"2024-06-05T14:22:16+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","type":"image\/png"}],"author":"rijnashpk","twitter_card":"summary_large_image","twitter_creator":"@commvault","twitter_site":"@commvault","twitter_misc":{"Written by":"rijnashpk","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#article","isPartOf":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense"},"author":{"name":"rijnashpk","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/e8397b26dc620551baacfb35c66ec01d"},"headline":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock","datePublished":"2024-06-07T13:00:00+00:00","dateModified":"2024-06-05T14:22:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense"},"wordCount":730,"publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","articleSection":["Commvault"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","url":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense","name":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock | Blog","isPartOf":{"@id":"https:\/\/commvault-new.go-vip.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#primaryimage"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","datePublished":"2024-06-07T13:00:00+00:00","dateModified":"2024-06-05T14:22:16+00:00","description":"As evident with Commvault\u2019s recent Secure by Design Pledge, we are committed to providing our customers with a secure platform to help manage risk and remain resilient in today\u2019s digital landscape.","breadcrumb":{"@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#primaryimage","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.commvault.com\/blogs\/new-layers-of-data-defense#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.commvault.com\/"},{"@type":"ListItem","position":2,"name":"New Layers of Data Defense: Multi-person Authorization & Compliance Lock"}]},{"@type":"WebSite","@id":"https:\/\/commvault-new.go-vip.net\/#website","url":"https:\/\/commvault-new.go-vip.net\/","name":"Commvault - English - United States","description":"","publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/commvault-new.go-vip.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/commvault-new.go-vip.net\/#organization","name":"Commvault","url":"https:\/\/commvault-new.go-vip.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","width":1200,"height":628,"caption":"Commvault"},"image":{"@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Commvault\/","https:\/\/x.com\/commvault","https:\/\/www.instagram.com\/commvault\/","https:\/\/www.linkedin.com\/company\/commvault","https:\/\/www.youtube.com\/user\/commvault","https:\/\/en.wikipedia.org\/wiki\/Commvault"]},{"@type":"Person","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/e8397b26dc620551baacfb35c66ec01d","name":"rijnashpk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/37c838d5879db9a6fc3632ac17fcc4a8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/37c838d5879db9a6fc3632ac17fcc4a8?s=96&d=mm&r=g","caption":"rijnashpk"}}]}},"jetpack_featured_media_url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/06\/Data-Defense-Blog-Image.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/519003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/users\/164"}],"replies":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/comments?post=519003"}],"version-history":[{"count":2,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/519003\/revisions"}],"predecessor-version":[{"id":519006,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/519003\/revisions\/519006"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media\/519004"}],"wp:attachment":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media?parent=519003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/categories?post=519003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/tags?post=519003"},{"taxonomy":"cmv_author","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/cmv_author?post=519003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}