Tag Archives: Protection

Commvault GO: Vendor ‘HyperScales’ data management strategy

The Commvault HyperScale appliance is the latest — and largest — example of how the data protection company has changed in recent years.

The vendor put those changes on display at its Commvault GO user conference in early November. Besides showing off its integrated appliance, Commvault emphasized its software’s role in data management and analytics across on-premises and cloud storage.

Commvault CEO Bob Hammer said the type of scale-out storage HyperScale represents will soon become common. The key is to have all the software pieces in place.

“Everybody and their brother is going to do some scale-out stuff,” Hammer said in an interview at Commvault GO. “But that doesn’t mean, from a customer use case standpoint, it solves their data management problem, their data protection problem, their DR problems, and still highlights data movement, compliance and analytics.”

Commvault long resisted the notion of selling its backup software on a branded Commvault-sold appliance. Hammer maintained Commvault should concentrate on software and let disk appliance vendors handle the backup target.

Bob Hammer, CommvaultBob Hammer

“We don’t want to be in the hardware business,” Hammer said after its largest software rival, Symantec — now Veritas — put its flagship NetBackup application on an integrated appliance in 2010.

But if Veritas couldn’t nudge Commvault into the hardware business, a pair of newcomers could. Startups Cohesity and Rubrik — both with leadership roots from hyper-converged pioneer Nutanix — emerged in 2015 with integrated appliances that went beyond backup. The upstarts called their products converged secondary storage, because they handled data for backup, archiving, test and development, and disaster recovery, and they pulled in the cloud as well as disk for targets. Both have gained traction rapidly with their converged strategy.

Commvault was already headed in a new direction with its software, changing the name from Simpana to the Commvault Data Platform in 2015. Commvault always mixed data management with protection, but critics and even customers found all that functionality difficult to learn and use.

“Commvault was not known as the least expensive solution, or the easiest to use,” said Jon Walton, CIO of San Mateo County in California, and a longtime Commvault customer. “But it was definitely the most flexible. Its challenge was it was seen as a good tool, but not the cheapest. And in government, cheap wins bids. But we were trying to introduce a single tool to back up everything.”

Walton said he took the plunge with Commvault and made sure his staff received the training it needed. “I don’t lose any sleep using this platform for my data,” he said.

Around early 2016, Hammer said it became clear that secondary storage, and some primary storage, was moving to a “cloud-like infrastructure.” Customers were looking for a more unified way to protect and manage their data, both on premises and in public clouds.

“Going way back, I didn’t want to go into the hardware business, but it was clear as day the market was going to be driven by an integrated device,” Hammer said. “We said, ‘OK, we can supply that device,’ and just needed to put partnerships together.”

HyperScale involves hardware, software partners

Commvault HyperScale appliances run on 1U servers from Fujitsu. HyperScale software provides data services on the appliance. Commvault also partners with Red Hat, using Red Hat’s Gluster file system as a foundation for the HyperScale scale-out storage.

Commvault also lined up server vendors Cisco, Dell EMC, Hewlett Packard Enterprise, Huawei, Lenovo and Super Micro as partners on reference architectures that run HyperScale software and the Commvault Data Platform stack on top.

Cisco became an OEM partner, rebranding HyperScale as ScaleProtect on Cisco Unified Computing System. Commvault sees the 2U UCS server — 4U blades are also planned — as a good fit for the enterprise, while its 1U HyperScale blades handle all secondary data needs for SMBs, remote offices and departments.

Commvault's HyperScale appliance
Commvault showed off its HyperScale integrated appliance at the Commvault GO user conference.

Wrapping all of its features — plus cloud support — on an integrated appliance could help Commvault solve its complexity problems. The vendor already moved to simplify pricing and management in recent years by changing its licensing and selling a targeted bundle for use cases such as cloud storage, endpoint backup and virtual machine protection.

Commvault uses capacity-based licensing for HyperScale, with free hardware refreshes at the end of a three-year subscription.

“I think Commvault recognized the cost challenges and has probably risen to the challenges of meeting those as well as everybody,” San Mateo’s Walton said in an interview at Commvault GO.

Other customers at Commvault GO agreed with Walton that Commvault’s complexity is at least partly the result of ifs comprehensive feature set, and its broad functionality is a selling point.

“It’s a single tool to help us protect structured data, unstructured data, virtual and physical machines,” said John Hoover, IT manager of the database and infrastructure team at the Iowa Judicial Branch. “It’s one pane of glass, one index, one tool to know.”

Hoover said his team includes five people for infrastructure and two database administrators to manage more than 100 million digital court documents.

“We’re busy people. Trying to keep up with multiple tools to protect all that data taxes our time,” he said. “And we have to protect it. An electronic file is the official file of the state. There’s no paper trail anymore.”

Commvault HyperScale fights old foes

Despite moving to an integrated model to take on the likes of Cohesity and Rubrik, Commvault still battles old backup software competitors — mainly Veritas and Dell EMC. Hammer referred to Veritas NetBackup as a “legacy scale-up appliance,” the kind that customers are moving to scale-out models to avoid.

Hammer also challenged Michael Dell during his Commvault GO keynote. Dell EMC is one of Commvault’s HyperScale server partners, but also sells backup and data management software. Hammer pointed to the Dell CEO’s claim that he would pump $1 billion over three years into research and development for an internet of things (IoT) division.

I say, ‘Game on,’ to Michael Dell. You can’t do it with piece parts. It’s not so simple.
Bob HammerCEO, Commvault

“I have news for him,” Hammer said. “We’re going to innovate faster than you are, Michael. Game on.”

Off-stage, Hammer elaborated on Commvault’s relationship with Dell.

“Obviously, they’re a major player with HyperScale. Many customers are going to buy HyperScale with Dell servers,” he said. “That’s where we’re aligned. But it’s a whole different story putting a platform together for IoT and analytics, and that’s where I say, ‘Game on,’ to Michael Dell. You can’t do it with piece parts. It’s not so simple. I’m sure he’ll be in the game, but it’s not an easy thing.”

He should know, because Commvault has already gone down that path.

Druva Cloud Platform expands with Apollo

Druva moved to help manage data protection in the cloud with its latest Apollo software as a service, which helps protect workloads in Amazon Web Services through the Druva Cloud Platform.

The company’s new service provides a single control plane to manage infrastructure-as-a-service and platform-as-a-service cloud workloads.

Druva, based in Sunnyvale, Calif., sells two cloud backup products, Druva InSync and Druva Phoenix, for its Druva Cloud Platform. The enterprise-level Druva InSync backs up endpoint data across physical and public cloud storage. The Druva Phoenix agent backs up and restores data sets in the cloud for distributed physical and virtual servers. Phoenix applies global deduplication at the source and points archived server backups to the cloud target.

There is a big change going on throughout the industry in how data is being managed. The growth is shifting toward secondary data.
Steven Hillsenior storage analyst, 451 Research

Apollo enables data management of Druva Cloud Platform workloads under a single control plane so administrators can do snapshot management for backup, recovery and replication of Amazon Web Services instances. It automates service-level agreements with global orchestration that includes file-level recovery. It also protects Amazon Elastic Compute Cloud instances.

Druva Apollo is part of an industrywide trend among data protection vendors to bring all secondary data under global management across on-premises and cloud storage.

“There is a big change going on throughout the industry in how data is being managed,” said Steven Hill, senior storage analyst for 451 Research. “The growth is shifting toward secondary data. Now, secondary data is growing faster than structured data, and that is where companies are running into a challenge.”

“Apollo will apply snapshot policies,” said Dave Packer, Druva’s vice president of product and alliance marketing. “It will automate many of the lifecycles of the snapshots. That is the first feature of Apollo.”

Automation for discovery, analysis and information governance is on the Druva cloud roadmap, Packer said.

Druva last August pulled in $80 million in funding, bringing total investments into the range of $200 million for the fast-growing vendor. Druva claims to have more than 4,000 worldwide customers that include NASA, Pfizer, NBCUniversal, Marriott Hotels, Stanford University and Lockheed Martin.

Druva has positioned its data management software to go up against traditional backup vendors Commvault and Veritas Technologies, which also are transitioning into broad-based data management players. It’s also competing with startups Rubrik, which has raised a total of $292 million in funding since 2015 for cloud data management, and Cohesity, which has raised $160 million.

Quorum OnQ solves Amvac Chemical’s recovery problem

Using a mix of data protection software, hardware and cloud services from different vendors, Amvac Chemical Corp. found itself in a cycle of frustration. Backups failed at night, then had to be rerun during the day, and that brought the network to a crawl.

The Los Angeles-based company found its answer with Quorum’s one-stop backup and disaster recovery appliances. Quorum OnQ’s disaster recovery as a service (DRaaS) combines appliances that replicate across sites with cloud services.

The hardware appliances are configured in a hub-and-spoke model with an offsite data center colocation site. The appliances perform full replication to the cloud that backs up data after hours.

“It might be overkill, but it works for us,” said Rainier Laxamana, Amvac’s director of information technology.

Quorum OnQ may be overkill, but Amvac’s previous system underwhelmed. Previously, Amvac’s strategy consisted of disk backup to early cloud services to tape. But the core problem remained: failed backups. The culprit was the Veritas Backup Exec applications that the Veritas support team, while still part of Symantec, could not explain. A big part of the Backup Exec problem was application support.

“The challenge was that we had different versions of an operating system,” Laxamana said. “We had legacy versions of Windows servers so they said [the backup application] didn’t work well with other versions.

“We were repeating backups throughout the day and people were complaining [that the network] was slow. We repeated backups because they failed at night. That slowed down the network during the day.”

We kept tapes at Iron Mountain, but it became very expensive so we brought it on premises.
Rainier Laxamanadirector of information technology, Amvac

Quorum OnQ provides local and remote instant recovery for servers, applications and data. The Quorum DRaaS setup combines backup, deduplication, replication, one-click recovery, automated disaster recovery testing and archiving. Quorum claims OnQ is “military-grade” because it was developed for U.S. Naval combat systems and introduced into the commercial market in 2010.

Amvac develops crop protection chemicals for agricultural and commercial purposes. The company has a worldwide workforce of more than 400 employees in eight locations, including a recently opened site in the Netherlands. Quorum OnQ protects six sites, moving data to the main data center. Backups are done during the day on local appliances. After hours, the data is replicated to a DR site and then to another DR site hosted by Quorum.

“After the data is replicated to the DR site, the data is replicated again to our secondary DR site, which is our biggest site,” Laxamana said. “Then the data is replicated to the cloud. So the first DR location is our co-located data center and the secondary DR our largest location. The third is the cloud because we use Quorum’s DRaaS.”

Amvac’s previous data protection configuration included managing eight physical tape libraries.

“It was not fun managing it,” Laxamana said. “And when we had legal discovery, we had to go through 10 years of data. We kept tapes at Iron Mountain, but it became very expensive so we brought it on premises.”

Laxamana said he looked for a better data protection system for two years before finding Quorum. Amvac looked at Commvault but found it too expensive and not user-friendly enough. Laxamana and his team also looked at Unitrends. At the time, Veeam Software only supported virtual machines, and Amvac needed to protect physical servers. Laxamana said Unitrends was the closest that he found to Quorum OnQ.

“The biggest (plus) with Quorum was that the interface was much more user-friendly,” he said. “It’s more integrated. With Unitrends, you need a third party to integrate the Microsoft Exchange.”

Aparavi takes three-piece approach to cloud data protection

Newcomer Aparavi jumped into the cloud data protection field today, following in the footsteps of Cohesity and Rubrik in trying to buck established backup vendors.

Rather than an appliance-based approach, Aparavi launched a software-as-a-service platform aimed at a lower end of the cloud data management market than enterprise-focused Rubrik and Cohesity. But like Rubrik, Cohesity and larger data protection vendors, such as Veritas and Commvault, Aparavi wants to store, protect and manage secondary data across on-premises platforms, private clouds and public clouds.

Aparavi hops into ‘hot market’

Aparavi’s leadership team comes from NovaStor, which moved into online backup for small companies nearly a decade ago.

Jonathan Calmes, Aparavi’s vice president of business development, said it’s not enough to just move backup data into a public cloud. Organizations also need to manage the data after it’s in the cloud. While Rubrik and Cohesity can help enterprises do that, he said, that capability does not exist for smaller organizations.

Today, data is hosted on servers in private clouds, public clouds and on premises. Data is fragmented in many locations. This is the new normal.
Jonathan Calmesvice president of business development, Aparavi

“The world has changed enough, but current products out there have not,” he said. “Cohesity and Rubrik are focused so far up market that they leave a large amount of the market unaddressed. Today, data is hosted on servers in private clouds, public clouds and on premises. Data is fragmented in many locations. This is the new normal.”

Calmes said Aparavi pricing starts at $999 per year for 3 TB of protected source data, with 1 TB free forever. He said with new clouds such as Wasabi focused on lower pricing than Amazon, Google and Microsoft, customers will demand lower-priced data retention, as well.

Still, Aparavi will need a compelling platform to avoid getting squeezed between established cloud data management leaders and the next-generation products of Cohesity and Rubrik.

Steven Hill, senior storage analyst for 451 Research, said Aparavi has picked the right market. Now, it has to show it has the right approach.

“It’s the hot market now,” Hill said of cloud data management. “The industry is evolving away from traditional backup and recovery to a combination of backup and multicloud availability. But the trick is how to go about it.

“The million-dollar question is, how are their policies being applied, and how much control do they give you in tuning the system to your environment? Are they inventing a better mousetrap, or just a different-colored mousetrap?”

Aparavi dashboard
The Aparavi dashboard tracks files protected on premises and in public and private clouds.

The Aparavi approach

Aparavi’s three-piece “mousetrap” consists of a web-hosted platform, an on-premises software appliance and client software. Aparavi can host the platform, or it can be located at a hosted cloud, any Amazon Simple Storage Service-compliant object storage or a customer’s disk target. Calmes said he expects most customers to choose Aparavi as the host. The platform handles the communication for the architecture, orchestrating reporting, alerts and provisioning.

The virtual appliance serves as the relationship manager, using file deduplication and byte-level incremental technology to only move changed data. It also handles data streaming to improve performance.

The client software runs on a protected file server, acting as a temporary recovery location for quick restores. It is also the AES-256 encryption source, so data is not exposed in transit or at rest.

Calmes said Aparavi’s point-in-time recovery software can recover data from any cloud or on-premises storage, migrate it to a different cloud or on-premises site, and rebuild it based on the time and date it was last protected. Aparavi software takes snapshots as frequently as every 15 minutes, and it can keep those snaps local for quick recovery.

Calmes said the product can move data between clouds without interruption, and it has an open data format, so third-party tools can read data without using Aparavi.

Aparavi’s platform supports Amazon Web Services, Google Cloud Platform, Wasabi, IBM Bluemix, Scality and Cloudian cloud storage.

Besides the 3 TB plan, Aparavi offers annual subscription plans of 10 TB for $2,500 and 25 TB for $4,500. That does not include public cloud subscriptions. Although formally launched with limited availability today, the platform won’t be generally available until January.

Aparavi, which is based in Santa Monica, Calif., has $3 million in funding from a private investor on a $30 million valuation. Calmes said the startup has 15 employees, mostly engineers.

Aparavi chairman Adrian Knapp, CTO Rod Christensen and Calmes all come from NovaStor.

Hitachi Data Instance Director redesigned for scalability

The latest version of Hitachi Vantara’s Data Instance Director data protection platform supports a new RESTful API for cloud deployments and includes a ransomware protection utility.

Hitachi Data Instance Director (HDID) was rearchitected with MongoDB as the underlying database. The more robust database enables Hitachi Data Instance Director 6 — generally available Tuesday — to scale to hundreds of thousands of objects, compared to the previous version, which scaled to thousands of objects.

The software was also upgraded from a single login access control to a granular, role-based access control at the RESTful API layer, so service providers have a secure interface to control domains, access roles and resources.

In addition, a new data retention utility automatically places a data snapshot in a lockdown write-once, read-many mode in case a company gets hit with a ransomware attack.

Hitachi Vantara was created in September when Hitachi Data Systems, Hitachi Insight Group and Pentaho combined into one business unit. Now, Hitachi is rebranding Hitachi Data Instance Manager as Hitachi Data Instance Director. The product is based on the Cofio Software technology that Hitachi acquired in 2012. Hitachi’s data recovery software manages backup, archiving, replication, bare metal recovery and continuous data protection with a single platform.

“(Version 5) had a flat file database,” said Rich Vining, Hitachi’s senior worldwide product marketing manager for data protection. “Now it’s been architected to be 100 times more scalable than previous versions. Now you can set up as many users as you want with access rights. It can handle hundreds of users and restore points.”

Hitachi rounds out its data protection portfolio

Phil Goodwin, research director for IDC’s storage systems and software research practice, said the most significant part of the HDID upgrade is that Hitachi can now directly provide data protection capabilities to the user, instead of depending on partners.

“This rounds out their portfolio,” he said. “The HDID is a high-level management console and workflow director that invokes Hitachi TrueCopy and Universal Replicator to move data. Before, you had to manage TrueCopy and Replicator individually with each piece of hardware, but now, this gives a higher level workflow.”

Hitachi Data Instance Director works with the Hitachi Virtual Storage Platforms, the Hitachi Unified Storage VM, the Hitachi Unified Compute Platform and the Hitachi NAS Platform. The HDID targets customers with large databases.

We are using snapshot technology so we can work and protect large databased environments where traditional backups can’t perform as well.
Rich Viningsenior worldwide product marketing manager for data protection, Hitachi

“We are using snapshot technology so we can work and protect large databased environments where traditional backups can’t perform as well,” Vining said. “Built into the system are a set of replication technologies, such as thin image, shadow image, and synchronous and asynchronous replication.

“The challenge is these technologies are fairly complicated to set up, and HDID automates the thin image, shadow image and replication.”

The new role-based access controls also enable Hitachi Data Instance Director to offer cloud services that include backup as a service, copy data management and business continuity as a service. The new RESTful API can be used to connect to other services and cloud repositories.

Vining said roadmap plans call for the ability to use cloud storage as a backup target for Hitachi Content Platform object storage, as well. 

For everyone to benefit from technology, we need to ensure the free flow of information – Microsoft on the Issues

This week I’m in Hong Kong at the 39th International Conference of Data Protection and Privacy Commissioners. This is the seventh year in a row that I’ve attended. In 2014, as a commissioner on the U.S. Federal Trade Commission, I was the first U.S. official to serve on the International Conference’s executive committee. This year I’m attending in my new role as corporate vice president and deputy general counsel at Microsoft. Now, instead of being a regulator, I’m one of the regulated.

These gatherings are always important because privacy commissioners play such a key role in formulating and enforcing frameworks that protect individuals’ right to privacy and that regulate what companies can do with data. If anything, this year’s conference is more consequential than ever. Advances in cloud computing, data analytics and machine learning are beginning to revolutionize how we live, work and play, and the decisions privacy commissioners make will have a huge influence on how much people and businesses around the world benefit from this new wave of technology innovation.

Europe’s new General Data Protection Regulation (GDPR), which will take effect next May and which Microsoft supports, is a good example of the impact that privacy regulations can have. GDPR’s data protection provisions reach farther than any previous privacy law and the effect on how companies collect, move and use data will be enormous. That’s why Microsoft and other global technology companies are working around the clock to strengthen compliance and to make sure that our customers have everything they need to be ready as well.

But companies aren’t the only ones that need to respond to GDPR’s stronger requirements. The European Union (EU) has long required that countries have an adequate level of data protection to permit cross-border data transfers from countries in Europe. Because this adequacy requirement is now part of GDPR, countries around the world are reviewing their existing laws and considering changes to ensure that their data can flow freely in and out of Europe.

Japan, South Korea and Hong Kong are all exploring steps to create a legal and regulatory environment that aligns with GDPR. Japan has already adopted new data protection standards that more closely reflect GDPR, and Japan and the EU have announced that they are working to achieve a simultaneous finding of adequacy by early next year. Regulators in South Korea are also seeking an adequacy assessment, and in Hong Kong, the Office of the Privacy Commissioner is reviewing Hong Kong’s Personal Data (Privacy) Ordinance to determine what changes to recommend in light of GDPR.

Privacy Shield, a bilateral framework that facilitates data transfers between the EU and the U.S., is a possible model for other countries as they prepare for GDPR. It could serve as a useful reference point in Japan’s discussions with the European Commission about EU-Japanese data flows. Another encouraging approach is the Cross Border Privacy Rules (CBPR) system developed by the 21 nations participating in the Asia Pacific Economic Cooperation forum. This framework is designed to allow companies to use established mechanisms to protect the privacy and security of personal data as it moves across borders.

Support for sound regulatory frameworks isn’t the only way Microsoft promotes privacy and data protection for cross-border data transfers. Finding the right balance between the need for law enforcement to have appropriate access to data and our commitment to protect our customers’ privacy and their data is another critical issue that Microsoft has been deeply involved in.

Notably, in 2014, Microsoft sued the U.S. government to prevent a U.S. warrant from compelling us to produce email stored in a Microsoft data center in Dublin. We filed this case because it involves an extraterritorial application of a decades-old U.S. law that does not provide such authority and because it ignores Irish laws and the rights of those who own the emails. In the future, when critical principles with important consequences for our customers are at issue, we will not hesitate to return to the courts to uphold basic rights.

At the same time, we are heartened that the U.S. Congress is considering legislation to modernize the aging data protection framework in the U.S. and to provide a clear and fair legal process when governments seek to access emails and other digital information. We strongly support passage of the proposed International Communications Privacy Act.

It’s great to be in Hong Kong to attend the International Conference of Data Protection and Privacy Commissioners once again. I’m pleased to be here representing Microsoft, because I know that my former data commissioner colleagues and I all want the benefits and opportunities of technology to be shared broadly by the citizens, consumers, and customers we serve.

Tags: Data Protection, GDPR, Privacy

Veritas 360 data management embraces cloud, dedupe, NoSQL

LAS VEGAS – Veritas Technologies today launched data deduplication for cloud data protection in NetBackup, new parallel streaming to protect NoSQL, Hadoop and Cassandra workloads, and a strategic cloud partnership with Microsoft.

The product upgrades came during the first day of the Veritas Vision 2017 user conference. The expanded application and cloud support are a part of the Veritas 360 data management strategy to protect data wherever it resides.

The cloud deduplication is part of NetBackup 8.1 enterprise backup software. The dedupe will be available either as licensed software or a NetBackup Cloud Catalyst 5240 Appliance. Customers can dedupe when they store and manage data in multi-cloud environments such as Amazon Glacier and the Microsoft Azure Blob. NetBackup is Veritas’ flagship backup application and it is the basis to the Veritas 360 Data Management Suite.

Veritas has included deduplication inside NetBackup for years, but this is the first dedupe engine certified for cloud providers, Veritas chief product officer Mike Palmer said. While others, such as Commvault Systems, also dedupe data going into the cloud, Palmer said Veritas dedupe speed gives it an edge.

“With the Cloud Catalyst Appliance, customers can integrate their NetBackup backup data to Amazon Glacier or the Azure Blob Storage,” Palmer said. “This is a proprietary deduplication engine.”

Veritas 360 data management supports cloud workloads, hyper-convergence

The Veritas NetBackup parallel streaming enables faster data protection capabilities for cloud-based, scale-out big data applications and workloads. Palmer said Veritas recognizes that creating and protecting scale-out stores for applications such as NoSQL is different than protecting a standard, standalone server.

“We can stream data back consistently from multiple servers in a backup solution and represent data across multiple stores,” he said. “We think our obligation is to protect data regardless of the workload that the customer has chosen. We see cloud workloads as an obvious example. NoSQL is another obvious example. Another one we are announcing is support for hyper-converged like Nutanix.”

The Veritas 360 Data Management platform first launched during Veritas Vision 2016, its first conference as an independent company after it was sold by security giant Symantec to the Carlyle Group private equity firm for $7.4 billion last year.

Veritas aims to build a broad management portfolio that goes beyond data protection to include orchestration, data analytics, data mobility and automated policy management for virtual, physical and cloud tiers, all managed from a single console.

Veritas, Microsoft partner on hybrid cloud support

The partnership with Microsoft is another step in Veritas’ quest to become a data management vendor. Microsoft now supports the Veritas Resiliency Platform, orchestration software that helps data recovery of multiple virtual machines in multi-vendor hybrid clouds.

Customers can monitor and do failover and failback of multi-tiered applications to and from Azure with one click. Customers can use the cloud as a recovery target in disaster recovery setups while automating DR testing.

Veritas also announced a Veritas Information Map connector for the Azure cloud. The information map gives customers visibility into their unstructured data inside Microsoft Azure Blob storage and Microsoft File Storage. That follows an Amazon Web Services S3 Connector for unstructured data in the Amazon cloud that launched in June.

Mark Russinovich, chief technology officer for Microsoft Azure, said the connector can give customers more control while migrating data into the cloud.

“One of the first tests when you talk about cloud migration is data classification,” Russinovich said. “You need to understand where your data is and what it is doing and what applications are doing because when you move data to the cloud, you need to keep in mind the data gravity problem. And you need to keep in mind the type of controls you put in place in the cloud to keep it secure and keep the costs under control.”

The Azure connector was among more than 30 new connectors for Information Map in Veritas 360 data management, including those for Box, Google Drive and Microsoft Office 365. The Veritas Information Map visualization tool helps identify risk, waste and complicated migration paths in multi-cloud environments. The ability to identify and delete data will be particularly important as organizations work to meet the European Union’s General Data Protection Regulation requirements by May 2018.

“We will focus on classification engines so that unstructured data gets automatically classified instead of users having to go put metatags on data,” Palmer said. “We will talk about index engines and object stores so that when data goes into an object store, it can understand what the content was. We are about intelligent storage.”

Urgent DACA legislation is both an economic imperative and humanitarian necessity – Microsoft on the Issues

We are deeply disappointed by the administration’s decision today to rescind protection under the program for Deferred Action for Childhood Arrivals (DACA). As we said last week, we believe this is a big step back for our entire country.

The question for individuals, employers and the country is what we do now.

For Microsoft, the first step is clear. The administration has given Congress six months to replace DACA with new legislation. We believe this means that Congress now needs to reprioritize the fall legislative calendar and move quickly with new legislation to protect these 800,000 Dreamers. This means that Congress should adopt legislation on DACA before it tries to adopt a tax reform bill. This is the only way, given the number of legislative days Congress has scheduled over the next six months, we realistically can expect Congress to complete DACA legislation in time.

We say this even though Microsoft, like many other companies, cares greatly about modernizing the tax system and making it fairer and more competitive. But we need to put the humanitarian needs of these 800,000 people on the legislative calendar before a tax bill. As an employer, we appreciate that Dreamers add to the competitiveness and economic success of our company and the entire nation’s business community. In short, urgent DACA legislation is both an economic imperative and a humanitarian necessity.

As this debate moves forward, we need to remember that these 800,000 individuals came to our nation as children. They grew up in this country. They attended our local schools and count millions of American citizens as friends. They obey our laws, pay taxes here and have registered voluntarily with the federal government for DACA relief. They are loyal to this country and contribute their time and money to local churches, schools and community groups. The Dreamers are part of our nation’s fabric. They belong here.

That’s why we believe a second point is also fundamental. Although we should all ask Congress to act within six months, we should be prepared for the possibility that it will not do so. Such a failure would not relieve anyone else in the country of the responsibility to act thoughtfully and wisely.

This is why we will work as needed with other companies and the broader business community to vigorously defend the legal rights of all Dreamers. For the 39 Dreamers that we know of who are our employees, our commitment is clear. If Congress fails to act, our company will exercise its legal rights properly to help protect our employees. If the government seeks to deport any one of them, we will provide and pay for their legal counsel. We will also file an amicus brief and explore whether we can directly intervene in any such case. In short, if Dreamers who are our employees are in court, we will be by their side.

We appreciate that even limited immigration legislation like DACA is complex, controversial and even difficult. We also appreciate that this issue arises at a time of other important national priorities and sharp divisions within Congress. But when it comes to DACA, there are too many affected people who contribute too much to our country for Congress to fall short. There are leaders on both sides of the aisle who have long championed this issue. And there is a growing list of supporters from across the country who want to see this get done. We’re confident that Microsoft is but one of many companies and groups that will support them.

Tags: Brad Smith, DACA, Immigration

Cisco Spark app gets features for regulated organizations

Cisco has added to Spark the content protection, compliance and security features the collaboration service needs to attract highly regulated organizations, such as healthcare providers, government agencies and financial institutions.

The improvements, introduced this week, include content protection in the Cisco Spark app for mobile devices, legal team access to all documents and messages, and the option of on-premises deployment of the Spark key server, which handles decryption and encryption of all data flowing in the service.

Cisco is not the only collaboration vendor to add features attractive to organizations that need the highest levels of security and content control. Slack moved in that direction this year by providing support for third-party mobility management and data loss prevention products. Symphony Communication Services has always focused on regulated industries with a secure messaging app used by 80% of global investment banks.

The latest Spark enhancements correct weaknesses that hampered adoption by organizations watched closely by regulators.

“Not having these kinds of controls has slowed implementation of Spark, especially in larger and regulated organizations,” said Irwin Lazar, an analyst at Nemertes Research, based in Mokena, Ill. “In these kinds of companies, we’ve found a reluctance to embrace a cloud-based messaging solution that doesn’t provide end-to-end encryption, enterprise mobility management integration, and the ability for an organization to control its own keys.”

Spark’s key server ensures all content is encrypted and cannot be read by Cisco or anyone else unless authorized by the organization using the service. To satisfy the most security-conscious organizations, Cisco introduced the option of letting them hold the key server on premises rather than in the vendor’s cloud.

Cisco Spark app Control Hub enhancements

Along with in-house key management, Cisco added control features to the Spark management console, called the Control Hub. Through the platform, administrators can identify individuals who get access to all documents and messages in Spark. That level of access is necessary for lawyers and compliance officers.

Besides the new Control Hub features, Cisco opened up the console to third-party security systems through the release of what it calls the Pro Pack. The software, which costs extra, lets organizations integrate third-party compliance and archiving, data loss prevention and identity management systems.

Cisco also beefed up security in the Cisco Spark app that runs on smartphones and tablets. Features include automatically logging off users when they leave the corporate network and adding a method called certificate pinning that prevents man-in-the-middle attacks. Also, managers can set the app to deny access to mobile users that fail to set their devices’ PIN lock after three warnings.

Finally, Cisco made improvements to the Spark analytics engine. Users can more easily manipulate data to determine, for example, whether any users are experiencing poor call quality and whether the problem is affecting others. The better analytics are also available in WebEx, the company’s video conferencing and file-sharing software.

Kaspersky Free

Everybody needs the protection of a powerful, accurate antivirus utility. Is it fair to withhold this protection from those who can’t afford it? Eugene Kaspersky, eponymous founder of Kaspersky Lab, thinks not. The brand-new Kaspersky Free offers the full power of the company’s malware-fighting technology, minus frills and bonus features. It doesn’t cost a thing, and independent testing labs give its protection excellent marks.

Like most free antivirus utilities, Kaspersky Free is only free for noncommercial use. During installation, you must create or log into your My Kaspersky account for full activation. The product also installs a toolbar for Chrome, Firefox, and Internet Explorer. Kaspersky Free automatically updates its antivirus database signatures in the background, but it couldn’t hurt to manually call for an update right after installation.

Even though this is a simple, stripped-down product, it’s still important for users to understand all its features. To that end, the installation winds up with a simple tour of important aspects of the software. I appreciate that the tour points out Kaspersky’s on-screen keyboard, which some users might otherwise miss. More on this tool below.

The main window looks just like that of Kaspersky Internet Security, with one significant difference. It displays the same six icons as the suite does: Scan, Database Update, Safe Money, Privacy Protection, Parental Control, and Protection for All Devices. However, only Scan and Database Update are enabled in Kaspersky Free. Grayed-out icons with a royal crown overlay indicate that access to these features requires a premium upgrade.

Stellar Lab Results

Antivirus testing labs around the world do their best to evaluate security programs and determine which are the most effective. This isn’t just a matter of scanning a million static malware samples to see how many the antivirus catches. Most of the labs work to create tests that simulate real-world conditions as closely as possible, and Kaspersky gets outstanding scores from almost all of them.

The one exception is Virus Bulletin’s RAP (Reactive and Proactive) test. Kaspersky’s score in this test is just average. However, I find that results of the RAP test don’t necessarily track with the other labs; I give it less weight in my aggregate labs score calculation.

The researchers at SE Labs capture real-world malicious websites and use a web traffic playback system to expose all tested products to the exact same web-based attack. Products can earn certification at five levels: AAA, AA, A, B, and C. Like Avast, AVG, and most products in the latest test by this lab, Kaspersky received AAA certification.

AV-Comparatives certification works a bit differently. All products that earn the minimum passing score receive Standard certification, while those that do better than the minimum can earn certification at the Advanced or Advanced+ levels. In the four tests from this lab that I follow, Kaspersky received Advanced+ all four times. Bitdefender and Avira also managed to sweep all four tests.

Tests by AV-Test Institute measure antivirus success on three criteria: protection against malware, low impact on performance, and few false positives to impact usability. Software can score up to six points in each of these categories. Kaspersky earned a perfect 18 points from this lab, as did Avira, Norton, and Trend Micro.

Most of the labs report their results as certification levels or numeric scores. With MRG-Effitas, products either achieve a near-perfect result or they fail, with no middle ground. In one test, anything but perfect defense is a failure. For the other test, a product that totally prevents all malware attacks earns level 1 certification. If some attacks get through, but the product fully remediates them afterward, that’s level 2 certification. Kaspersky passed the first test and earned Level 1 certification in the second; it’s the only recent product to do so.

Kaspersky’s aggregate lab score, based on results from all five labs, is 9.8 of 10 possible points, a result also achieved by Bitdefender Antivirus Free Edition. Avira looks even better, with a perfect 10 points, but its results come from just three of the five labs. Tested by all five labs, both Avast and AVG earned 9.2 points, which is still quite good.

Scans and Settings

Kaspersky’s file antivirus component scans files in real time when any process accesses them. The web antivirus watches for dangerous websites and downloads. And the IM and mail antivirus components check for dangerous attachments and phishing messages. On the Protection tab of the Settings page you can turn these on and off—but you should leave them on. Another 10 components show up as unavailable, meaning you’d have to upgrade to use them.

A full system scan of my standard clean test system took 30 minutes, which is quite good, considering that the current average is 45 minutes. Bitdefender and AVG both took over an hour, and Avira Antivirus required more than two hours. Like many antivirus products, Kaspersky performs optimization during the initial scan to speed subsequent scans. A second scan of the same test system finished in a speedy four minutes.

In theory, the real-time protection component should handle any malware attacks that occur after your initial full scan. However, you have the option to schedule a full scan or quick scan to run daily, each weekday, each weekend day, weekly, or monthly.

Malware Protection Test Results

By default, Kaspersky refrains from bothering you when it detects malware, instead dealing with it automatically. Also by default, it doesn’t meddle with objects that are probably (but not certainly) infected. For testing purposes, I disabled both of those features, forcing it to check all of its actions with me. Most users should leave those settings checked, allowing Kaspersky to take care of business silently.

To start the test, I simply opened the folder containing my current collection of malware samples. The minimal file access caused by Windows Explorer listing the files was sufficient to trigger a scan by Kaspersky’s real-time protection. It disinfected virus-infested files and offered to delete non-virus malware. It identified a few samples as “legitimate software that can be used by criminals to damage your computer.” I chose to delete those as well, figuring this category is similar to what other products call potentially unwanted applications, or PUAs.

When the notifications stopped after a few minutes, I found that Kaspersky had eliminated 57 percent of the samples, the same as Bitdefender. That’s on the low side—Emsisoft Anti-Malware and IObit both wiped out 79 percent of the same samples on sight.

Continuing the test, I launched the samples that survived real-time protection. The results were disappointing. Matching Bitdefender once again, Kaspersky detected 79 percent of the samples overall. Some of those it detected managed to plant executable traces on the test system, dragging Kaspersky’s overall score down to 7.2 of 10 possible points, just a hair above Bitdefender. Tested with the same sample collection, Emsisoft managed 9.4 points. Webroot and Comodo Antivirus achieved a perfect 10 points, but since they came up against my previous sample collection the results aren’t directly comparable.

For another measure of malware protection, I use a feed of very new malware-hosting URLs supplied by MRG-Effitas. Typically, these are no more than a day old. I launch each URL and note how the antivirus reacts. Does it divert the browser away from the dangerous URL? Does it halt the download before it finishes? Does it eliminate the malware payload after download? I don’t care how it handles the problem as long as it prevents the download.

Kaspersky exhibited a wide variety of reactions during this test. In many cases, it displayed a warning message in the browser, plus a pop-up notification that had it blocked a dangerous URL. It offered to block download of legitimate but dangerous software. It advised blocking pages containing adware. Despite this variety of responses, however, it only prevented 67 percent of the malware downloads. Norton holds the top score in this test, with 98 percent protection, and Avira managed 95 percent.

When my hands-on results don’t sync with the results from the independent labs, especially when all of the labs are involved, I defer to the lab results. Still, I’d be happier with stellar results both in lab tests and in my own tests.

Impressive Phishing Protection

The same web protection mechanism that keeps your browser from reaching malware-hosting URLs also fends off phishing sites, fraudulent websites that try to steal your login credentials. In fact, you have to look closely to see just which type of protection is active. For malware-hosting sites, the warning page reports “dangerous URL.” For phishing pages, it lets you know about a “threat of data loss.”

Phishing websites are transitory things. The fraudsters aim to capture as many passwords as they can before they get backlisted, then they move on to new sites. For testing, I gather the newest phishing URLs I can find from sites that track such things. I launch each URL simultaneously in five browsers and note what happens in each. The product under test protects one browser, naturally, and another has Symantec Norton AntiVirus Basic (which I use as a baseline) at work smacking down frauds. The other three use the phishing protection built into Chrome, Firefox, and Internet Explorer.

If any of the browsers throws an error message instead of loading the URL, I toss it. If the page doesn’t actively attempt to mimic a secure site and steal login credentials, I toss it. When I’ve got data on 100 or so valid frauds, I calculate a score.

Phishing is more of an art than a science. The clever ploy that gets past detection one week may be a flop the next week. Because of this, I report the difference in each product’s detection rate from the other browsers, rather than a hard number. Kaspersky’s detection rate came in just one percentage point behind Norton’s. Last time I tested Kaspersky, it actually did better than Norton, but coming very close is still quite good—better than about 80 percent of competing products.

Kaspersky also did better than the protection built into all three browsers. That may not seem like a feat, but more than half of current products failed to beat at least one of the three, and over 20 percent scored lower than all of them. Bitdefender is the current champion in this test, with a detection rate 12 percentage points better than Norton’s.

Avast’s free edition fared much worse in this test, coming in 57 points behind Norton; the paid Avast did better. AVG AntiVirus Free lagged 70 points behind Norton. Chrome and Internet Explorer beat both Avast and AVG in this test. Kaspersky definitely tops these two as far as phishing protection goes.

Few Bonus Features

You might think that security companies in general would limit what they give away, reserving the best features for paying customers. In some cases, that’s true, but other companies give you a ton of goodies to go along with your free antivirus protection. AVG comes with the Zen remote management tool, a secure deletion shredder, and a web protection component that marks up dangerous search results and actively foils trackers. With Avira, the bonus features come as separate installations, including a free, bandwidth-limited edition of Avira’s Phantom VPN, a privacy-centered browser, a vulnerability scanner, and a price comparison tool.

Avast Free Antivirus really piles on the bonuses, at no charge. Its Wi-Fi Inspector checks all networks, wired or wireless, for security problems, and recommends fixes. It includes a full-featured (if basic) password manager, a vulnerability scanner, and an ad-stripping browser that switches to hardened Bank Mode for financial transactions. It marks up dangerous links in search results, watches for URL typos, and (like Avira) seeks better prices when you’re shopping online.

As with Bitdefender Antivirus Free Edition, Kaspersky’s bonus feature collection is sparse by comparison. You can activate its previously mentioned on-screen keyboard to type passwords without any chance of capture by a keylogger, even a hardware keylogger. And it installs a free, bandwidth-limited edition of Kaspersky Secure Connection VPN. To be fair, even in Kaspersky’s full security suite products, the VPN comes with the same 200MB per day bandwidth limit. Rounding out the free edition’s bonus features is a simple search markup system that flags dangerous links and, with a click, identifies the relevant type of danger.

See How We Test Security Software

What’s Not Here

Eugene Kaspersky referred to Kaspersky Free as “the indispensable basics that no one on the planet should do without.” The emphasis here is on basics. While Kaspersky Free does contain all of Kaspersky’s basic antivirus technology, some features only appear in the paid edition. For example, at one point during my testing the antivirus suggested running the Microsoft Windows Troubleshooter, but advised that doing so would require an update to a paid edition. Other features present in the paid antivirus but not in the free edition include creation of a bootable Kaspersky Rescue Disk, cleaning traces of browsing activity and computer activity, and scanning the system for vulnerabilities.

The free edition does offer the same file, web, instant messaging, and mail antivirus components found in the paid edition, but it doesn’t include the System Watcher component. Among its other skills, System Watcher can roll back malware activity, including ransomware activity. When I tested Kaspersky Anti-Virus with all protection components except System Watcher turned off, it correctly identified a half-dozen ransomware samples as malware (though it didn’t specifically call them out as ransomware).

Finally, the free edition doesn’t offer the advanced technical support granted to paid users. You can root around in the FAQs and documentation, or post questions in the forums. But you can’t get the phone and live chat help that paid users enjoy.

A Treat for Kaspersky Fans

If you’re a Kaspersky enthusiast or a security-conscious person on a tight budget, you’ll love the fact that Kaspersky Free gives you all the basics of antivirus protection at no charge. This is the same malware-fighting technology that gets top scores from the independent labs, and it also earned a very good score in our hands-on antiphishing test. It’s true that it didn’t do so well in our other hands-on tests, but when the labs all praise a product, we listen.

This product is completely free, so you can install it and have a look for yourself without spending a penny. But if you do, we suggest you also take a look at Editors’ Choices Avast Free Antivirus and AVG AntiVirus Free. Both get great lab scores (though not quite as high as Kaspersky’s) and they also pack a bundle of useful security bonus features at no charge.