Data protection services provider Commvault Systems Inc. hastodayannounced the availability of what it says is a new kind of “cleanroom” for data recovery operations, enabling enterprises to recover compromised workloads and data from any location to a safe and secure isolated environment in the cloud.

The Commvault Cloud Cleanroom Recovery service builds on the basic concept of a data cleanroom, allowing any company to safely and securely recover a clean copy of the most critical data in the wake of a devastating cyberattack.

Cleanrooms are not a new concept. They are isolated recovery environments that are frequently used to aid in secure cyber recovery scenarios. They’re extremely reliable, offering strong guarantees that companies will always be able to recover rapidly should their data be compromised, damaged or become inaccessible.

However, they’re also expensive to operate, with companies required to constantly maintain a duplicate environment for every critical application, across every server and every location. This makes them impractical for many organizations.

Commvault Cloud Cleanroom Recovery is meant to democratize access to cleanrooms, so companies of all sizes can benefit from the enhanced guarantees they provide. It’s essentially an on-demand cleanroom service that’s designed to orchestrate recovery into a clean, isolated location in Microsoft Corp.’s Azure cloud. The main innovation is that customers pay only when they actually need to use the service.

It allows customers to set up a cleanroom-on-demand in Azure that’s ready and waiting to restore their most critical business applications, as well as the data they use, should they suffer a cyberattack. For instance, Cloud Cleanroom can be set up to restore Microsoft Active Directory, which governs user access to critical enterprise systems. In this way, companies have a way to revert quickly to their proper authorizations should an attacker compromise their network and give themselves privileged access.

The cleanroom will only be generated on-demand, in the cloud, within an isolated environment that’s free from any other threats, so application testing and production system backups can be performed in a safe place. The service integrates with Microsoft’s Defender tool, giving customers a way to scan their data and ensure it is clean prior to recreating their applications or services. It also offers capabilities for rebuilding those applications and services from a known clean state in order to maintain server operations as quickly as possible.

The system is aided by Commvault’s artificial intelligence-powered Cleanpoint Validation tool, which helps users to rapidly identify the last clean recovery point, which is then replicated in the on-demand cleanroom. Users also have the ability to customize their recovery sequences, ensuring their data will be recovered in the most logical order, the company said.

Moreover, an upcoming integration with Palo Alto Networks Inc.’s Cortex XSOAR platform will further enhance the Cleanroom’s capabilities by enabling teams to carry out forensic analysis and facilitate the recovery of compromised data assets.

As an added benefit, Commvault said, the offering eliminates a second barrier to entry for cleanrooms. Besides having the cleanroom ready to go, companies need to regularly test all of the interdependencies across their hybrid cloud and on-premises environments, to ensure they can recover quickly and generate a new environment inside the cleanroom.

Such tests are incredibly resource-intensive and cost prohibitive, and so many organizations don’t have the time, money or staff to carry them out often enough. Commvault solves these problems by automating much of the process, allowing organizations to test and retest their cyber recovery plans and get them just right.

Chief Technology Officer Brian Brockway said this capability is especially important, because the rise of artificial intelligence-powered cyberattacks means that the threat landscape faced by companies is constantly changing.

“With natural disaster recovery, testing your recovery strategy once a year was fine,” he said. “You just needed to be able to recover. Now, with AI-driven attacks, threat vectors change by the hour. The need to not only test your recovery frequently, but know you have a clean place to recover in the cloud has never been more important.”

Enterprise Strategy Group analyst Christophe Bertand said ransomware and other cyberattacks have become an existential threat for the vast majority of organizations today. “Commvault’s Cleanroom Recovery critically enables organizations to maintain operational integrity through a continuous loop of testing and constant adaptation,” he said. “This solution not only meets the critical need for resilience, but evolves with it.”

Image: Microsoft Designer