COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

CVTSP24 – Commvault® Risk

Analysis
Module - 07
August, 2023

commvault.com | 888.746.3849
© 2023 Commvault. See here for information about our trademarks and patents.
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Notices and Disclaimers

Commvault, Commvault and logo, the "C hexagon” logo, Commvault Systems, Metallic, Metallic and logo,
the “Wave” logo, Commvault HyperScale X, HyperScale X, Recovery Reserve, and ThreatWise are
trademarks or registered trademarks of Commvault Systems, Inc. (“Commvault) The unauthorized use of
any Commvault trademark is strictly prohibited.

Other company and product names mentioned herein may be trademarks of their respective owners.
References to any third-party products, services, or websites should not be considered an endorsement
by Commvault. Some examples are for illustration only and are fictitious.

All right, title, and interest, including all intellectual property rights in and to this document and to any
related subject matter (collectively “Ownership Rights”) are owned and expressly reserved by Commvault.
No Ownership Rights are granted to you.

This document is intended for distribution to and personal reference use solely by Commvault customers;
all use of Commvault Solutions, including this document, is governed by Commvault’s Master Terms &
Conditions (currently available at https://www.commvault.com/legal/master-terms-and-conditions) which
are incorporated herein in their entirety.

This document is provided “as is.” Information in this document, including any specifications, URLs, or
other references, is subject to change without notice.
See www.commvault.com/IP for more information about our trademarks, patents, and other IP rights.

Confidentiality

This document contains information that is confidential and proprietary to Commvault. Without limiting
rights under copyright or otherwise, this information is provided with the express understanding that it will
be held in strict confidence and that no part of this document will be disclosed, used, reproduced, stored,
or transmitted, in whole or in part, for any purpose other than as expressly approved or provided by
Commvault in writing.

©1999-2023 Commvault

2
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Table of Contents
Commvault® Risk Analysis ............................................................................................................................. 4

Learning Objectives .......................................................................................................................................... 5

Attracting ransomware attacks and data exfiltration ......................................................................... 6

Sensitive data is a precious jewel ............................................................................................................... 7

Commvault® Risk Analysis ............................................................................................................................. 9

Commvault® Risk Analysis ........................................................................................................................... 10

Commvault® Risk Analysis .............................................................................................................................12

Commvault® Risk Analysis .............................................................................................................................13

Commvault® Risk Analysis ............................................................................................................................ 14

Commvault® Risk Analysis ............................................................................................................................ 15

Commvault® Risk Analysis ............................................................................................................................ 16

Commvault® Risk Analysis ............................................................................................................................. 17

Commvault® Risk Analysis ............................................................................................................................ 18

Commvault® Risk Analysis ............................................................................................................................ 19

Commvault® Risk Analysis ........................................................................................................................... 20

Commvault® Risk Analysis .............................................................................................................................21

3
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault®
Risk Analysis
Commvault® Technical Sales Professional
Module - 7

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Welcome to module 7 of the Commvault® Technical Sales Professional course.

Looking at an Introduction to Commvault® Risk Analysis.

4
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Learning Objectives

Learning Objectives

1 2

After completing this

module, you will: Gain an understanding Be able to convey how
of the challenges that Commvault Risk Analysis
organizations are facing allows organizations to
governing and securing analyze, secure and
their data minimize sensitive data

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

After Completing this module, you will gain an understanding of the challenges that organizations are facing
governing and securing their data.

This will enable you to convey how Commvault Risk Analysis allows organizations to analyse, secure and
minimize sensitive data.

5
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Attracting ransomware attacks and data exfiltration

Sensitive data a double edge sword

Attracting ransomware attacks and data exfiltration

Ransom is 2x when
Data Exfil there is data theft. 89% of all attacks
increases average now involve data
downtime from exfiltration,
16 to 21 days. 9% more than in
2021.*

*BlackFog, "2022 Ransomware Attack Report," January 2023

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Today, many Security and IT Operations teams lack a cohesive way to identify and classify their
organization’s data, including its age and usefulness.

With more adoption of hardened backup & recovery, ransomware attacks are shifting focus. Attacks not only
encrypt data, which can be restored, they now also steal and extort organizations sensitive data.

Exfiltration is rapidly on the rise, and IT teams just don’t have the tools to discover and secure sensitive data
in a timely manner.

Teams typically spend tedious hours manually searching for files and folders based on limited data analysis
and thus make potentially monumental decisions without a clear understanding of the data and how and
where it’s stored.

With rising levels of access to data from third-party apps and minimal monitoring, it’s no surprise that extorting
cyberattacks are on the rise.

6
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Sensitive data is a precious jewel

Sensitive data is a precious jewel

Some common challenges we hear….

C-Suite (including CISO) Sec Ops and IT Ops IT Ops

I'm worried about achieving Zero

I need to identify and protect I need to manage the data sprawl
trust protection and reducing the
sensitive data, remediate access and remove file duplicates to
risk of threat actors dwelling within
control gaps, and ensure reduce the risk of data leaks and
a network and exfiltrating data
compliance with regulations optimize storage utilization
from the company.

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Sensitive data is a precious jewel, and when talking to customers or prospects we often hear of the same
challenges being faced.

C-suite personas talk about being worried about achieving Zero trust protection and reducing the risk of threat
actors dwelling within a network and most importantly exfiltrating data from the company.

Sec ops and IT ops personas talk of a need to identify and protect sensitive data, remediate access control
gaps, and ensure compliance with regulations.

And IT ops persona also mention a need to manage the data sprawl and remove file duplicates to reduce the
risk of data leaks and optimize storage utilization.

When having conversations with a customer or prospect, you can talk about the risks organizations face and
how Commvault Risk Analysis can become the right solution. Some of the common topics you can extend
conversations are:

• Helping them reduce storage costs by streamlining data by categorizing it as business-critical, low-value
and ROT. Commvault’s Data Platform can provide archiving to support information lifecycle management
(ILM) and policy-based decisions.

• Migrating and consolidating data based on business needs in order to optimize costs and operational
efficiency

• Protecting data against risk and ransomware with the help of Commvault’s Ransomware Protection and
Recovery. With the National Institute of Standards and Technology (NIST) cybersecurity framework,
customers can identify, protect, monitor, respond and recover data securely and effectively.

• Enhancing privacy and compliance to achieve productivity gains for content collection and review. With
more accurate results, external legal counsels need lesser time for review, in turn, lowering costs spent on
eDiscovery. With Defensible Deletion, customers can also remove data that is deemed to have no use to the
organization to lower compliance and litigation risks.

7
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

We have provided conversation scenarios targeting personas for each of these value propositions that can be
downloaded from the resources section of this module.

8
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Analyze, secure and minimize sensitive data to reduce the impact of data exfiltration and attack surface

File Storage Optimization

Improves storage efficiencies, reduces
costs and reduces the risk of exposure. Risk Analysis (New Merged Product)

Combination of File Storage

Optimization and Data Governance as a
single addon package for analyzing live or
Data Governance backup data to identify sensitive files in the
Identify and classify sensitive data to environment and reduce the data
mitigate data privacy risks and maintain exfiltration and data breach impact.
compliance regulations.

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Commvault’s Risk Analysis product combines 2 prior products into one offering.

Commvault File Storage Optimization helps organizations reduce storage costs and data risk. Our solution
provides organizations a single pane of glass across backup and live data silos at a massive scale. With
streamlined cloud migrations and data consolidations, organizations can reduce the risk of ransomware on
critical and sensitive data. With Commvault File Storage Optimization, organizations can ensure that only the
right people have access to their data, both internally and outside, to avoid data breaches, business-critical
system downtime, and sensitive data leaks.

Commvault® Data Governance provides a streamlined framework for risk management to define, find,
manage, secure, and remediate sensitive data throughout hybrid cloud environments. This is achieved by
profiling and identifying sensitive data across live and backup data silos, providing data insights for review,
and the means for collaborative decision making for immediate or workflow-driven remediation to lower data
risks such as data leaks.

Now Commvault Risk analysis, offers a Combination of File Storage Optimization and Data Governance as
single addon package for analyzing live or backup data to identify sensitive files in the environment and
reduce the data exfiltration and data breach impact.

9
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Enables organizations to identify, analyze, manage and secure sensitive data across the multiple silos via live or backup
data, with a simple, easy to use GUI.

Secure - Identify Defend - Monitor Defend - Respond

• Identify and Classify Sensitive • Monitor data for any • Remediate Actions in Bulk
data across On-Prem or Cloud changes in Sensitive Data
• Adjust User Permissions for
or its access
• Scan sensitive data across Sensitive data
multiple data types • Assess Risk based on
• Quarantine Or Delete
Sensitivity and Impact
• Run scans with predefined Sensitive data based on
entities for HiPAA, GDPR etc., • Review File Access & need
Privileges to Sensitive Files
• Add Custom entities for additional • Archive sensitive data for
PII scans • Monitor orphan data and compliance regulations
files in the environment
• Identify Redundant, Obsolete and
Trivial (ROT) data

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

The next use case is the use of Forensics and threat analysis to identify the source/ scope of attacks.

Users need to Analyse infected recovery points to identify the attack vector and the nature of Ransomware
attacks. We have defined the three important pillars of our platform which is secure, defend and recover which
aligns towards the cybersecurity framework.

And for risk analysis, it falls under the secure and defend category.

So, when you think about secure, think about it as a foundation of identifying sensitive tech data across on
prem and cloud, you can identify risk across both live or backup data.

There are predefined entities available which supports HiPPA and GDPR, you can also define custom entities
based on the business needs to identify not only the Personally Identifiable Information or PII but also the
intellectual property.

And then we are also talking about overexposed sensitive data, which means managing that access,
identifying those access control gaps.

And then we are talking about identifying the data sprawled in the environment.

Now, the next pillar is defence.

So, when you think about defence, you can defend your environment by continuously monitoring it.

Risk analysis provides a single user interface which provides you the analysis as well as the insight.

It also allows you to identify the risk score in your environment or the sensitivity in your environment.

You can monitor the access control gaps.

The other part of the defence is when you monitor and when you see the risk, how do you defend it,

how do you respond to these threats?

risk analysis provides you an option to take remediation action on this sensitive data.

You can either quarantine it or you can delete it.

10
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

You can also take an archiving decision on these sensitive data or business critical data either through
surgical force or through policy-based archiving, right?

You can also fix access control gaps through risk analysis.

11
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Indexing Architecture

Analyze from
Backup

Content Index
Delete
Analyzer Server CommServe
server and
Web Server

Move & Delete

Live source
Backup

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Now, let's look at the analysis indexing architecture.

you can scan data across multiple sources like files, databases, VMs, Endpoints and emails.

Risk analysis provides an ability to scan live data as well as backup data.

So, in case of live scan, the data is directly fetched from the source, and it gets pushed into the content
analyzer.

Now, in content analyzer, the data gets analyzed and extracted and then it gets pushed to the index server.

similarly, in case of backup, it's the media agent which sends the list of files for analysis and content in that
extraction.

Now, once the index server has the entities and all the information available, it starts populating the insights
like Personally Identifiable Information, file duplicates and data sprawl into

command center via web server.

Risk analysis also gives the flexibility to remediate that data by providing options to move it or delete it from
your backup as well as on from your source.

12
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Identify and remediate sensitive data

Find sensitive files and remediate Solution

• As a Sec Ops I would like to know what types of • Identify and automatically classify sensitive files
sensitive files are present in the environment , across on-prem and cloud storage
which departments owns and what are the risks in
• Identify risk based on the risk and sensitivity
the environment
score.
• I would also like to take proactive remediation
• Quarantine or delete sensitive files to reduce data
actions on the sensitive files in the environment
exposure.
• As an IT Admin, I have to share a report of sensitive
file location in the environment to Sec Ops team

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

• We’ll go through some common use cases, and how Risk Analysis can help customers.

• The first use case is identifying and remediating sensitive data.

• Sensitive data can be defined as any data that an organization would not want to be leaked. This most often
relates to personal data, including personally identifiable information (PII). However, sensitive data could
include intellectual property, trade practices, restricted financial documents, medical records, or any other
classified information.

• You need a way to identify where your organization's sensitive data is located (which could be on public
facing servers across multiple clouds), and a quick means of remediation (moving, deleting or archiving).

• We hear from Sec Ops personas who need to know what types of sensitive files are present in the
environment, which departments owns and what are the risks in the environment and would like to take
proactive remediation actions on them.

• We also know that often the IT Admins need to produce and share reports of this sensitive data to Sec Ops
teams and require a simple and efficient method to produce these reports.

• Commvault solution allows customers to Identify and automatically classify sensitive files across on-prem and
cloud storage.

• They can Identify risk based on the risk and sensitivity score and Quarantine or delete sensitive files to reduce
data exposure.

13
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Identify and remediate sensitive data

What types of sensitive data

exists in your enterprise? Who owns the data?

Classify data based on

What risks exist? sensitive data type

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Once the data has been analysed, we can present it to prompt an appropriate decision or action.

The Review process may consist of.

• Searching for specific information across content silos, still respecting content access controls. This
approach sets us apart because our in-place content inherits governance properties from the source
environments.

• Gather sets of content for discovery or investigations

• Visualize data risks and opportunities.

• Present reports and dashboards to support decision making.

• Initiate emails to prompt reviews using forms from the Application Builder

In this case we can see examples of review panels from the Sensitive Data Analysis Dashboard shows
graphical results from the analysis. We can also prompt workflow-based reviews that support parallel and
serial process review flows where that is appropriate.

In the Sensitive Data Dashboard, you can see:

• What types of sensitive data exists in your enterprise?

• What risks exist?
• Who owns the data?
• and you can Classify data based on sensitive data type.

14
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Identify ownership gaps and restrict unauthorize access

Find and fix unauthorize access Solution

• As an IT Ops, I have to share the list of users with • Analyze live or backup data to identify the ROT by
my CISO who has access to folders containing access or modified time.
sensitive data.
• Storage trend reports with tags, to help drive
• I would also like to adjust the permissions for the archiving decisions.
users who do not need access to the sensitive data.
• File duplicates report to minimize data sprawl.

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Data breaches often occur due to the incorrect personnel accessing data they are not supposed to. This can
lead to accidental or malicious deletion, halting your daily business operations. Even worse, it could result in
stolen sensitive data such as proprietary code or PII (personal identifiable information).

Identifying which files and folders have inadequate permissions, and immediately remediating these risks by
refining access can prevent a data breach. Business-critical data should be restricted to only those who need
to delete or modify the data.

The review folder and file permissions integrated into the Commvault Command Center expands the folder
level tree structure to see exact ACLs assigned and rectify access issues immediately.

Because the ability to modify file and folder permissions are all integrated into the Commvault Command
Center, it makes it easy to support investigations and audits in a few simple clicks.

The Commvault Command Center further provides you with easy to view dynamic charts to review file access.

15
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Identify ownership gaps and restrict unauthorize access

Review folder and file

permissions

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Often, due to a lack of insight on setting the correct folder permissions, in certain scenarios, there is a risk that
files are exposed to "Everyone".

Additionally, end-users who place their data in these folders are likely unaware that their data is being
exposed.

This can result in a data breach that could include files containing sensitive information such as personally
identifiable information (or PII).

Entitlement Management is a feature that can be leveraged by Commvault Risk Analysis, which can review
the existing permissions to determine who can access the data…

16
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Identify ownership gaps and restrict unauthorize access

Adjust permissions on
the fly

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

….and remediate permissions, to protect sensitive data from loss, tampering, and exposure.

17
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Identify ownership gaps and restrict unauthorize access

Audit permission
changes Revert unwanted
changes

Identify ownership gaps and restrict unauthorize access

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Admins can also use the Audit trail to monitor the permission change activity done using the Entitlement
Manager dashboard, without the need for Windows operating system-level auditing. The audit trail feature
provides administrators with an easy way to (CLICK)

revert permission changes in case of inadvertent issues. A complete audit trail provides a mechanism to
demonstrate adherence to governance policies.

File and folder access for shared volumes can be reviewed through the Entitlement manager. Entitlement
Manager not only allows you to view access rights of individual files and folders, it also allows you to view
what access other users or groups have too. In addition, you can also view activities to see who has
accessed certain data.

Entitlement manager allows administrators to change permissions for files and folders or aggregation of files
and folders, using the pull-down menus.

18
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Identify and delete unused data to reduce risks

Find ROT and manage data sprawl Solution

• As an IT Ops, I have to do infrastructure planning • Analyze live or backup data to identify the ROT by
and I would like to know that how much access or modified time.
ROT(redundant, obsolete and trivial) data lives in
• Storage trend reports with tags, to help drive
the environment.
archiving decisions.
• I would also like to know the file duplicates which
• File duplicates report to minimize data sprawl.
can increase the risk of data leaks.

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

With ransomware hitting organizations so frequently, encrypting your data and threatening data availability,
you need a way to proactively identify data that is critical to your business.

Data insights can help you proactively identify business-critical or high-value data that is at risk from cyber-
attacks. Using them, you can then drive the necessary remediation actions to delete, secure, move, or archive
your data.

Data can help uncover business-critical data at risk and categorize it by data type and location to streamline
management. The Built-in review and lockdowns on data access help secure sensitive data and secure
backup copies provide better availability for faster data recovery in case a cyberattack occurs.

Deleting ROT or Redundant, Obsolete and Trivial data, moving high-value data from exposed systems to
secured locations and archiving files to move to a secured location and deleting from the source in a single
action allows for a proactive approach to prevent and effectively manage ransomware attacks.

Commvault Risk Analysis enables Customers to Analyze live or backup data to identify the ROT by access or
modified time.

It provides Storage trend reports with tags, to help drive archiving decisions and File duplicates report to
minimize data sprawl.

19
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Identify and delete unused data to reduce risks
Ownership & Users
Analyze data by created, orphans Departments
modified or accessed date

Identify sprawl

Tags for sensitive

Take action
file classification

© Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

• The Risk Analysis dashboard can be used to identify and delete unused data to reduce risks.
• Data can be analyzed by created, modified or access dates.
• Data sprawl is easily identifiable.
• Details of File ownership and orphaned files are clearly displayed.
• Tags can be used to help classification of sensitive data.
• And lastly, with the unused data identified, you can take action to Delete, move or archive the
identified files.

20
COMMVAULT PROPRIETARY AND CONFIDENTIAL INFORMATION - INTERNAL AND PARTNER UNDER NDA USE ONLY- DO NOT DISTRIBUTE

Commvault® Risk Analysis

Commvault® Risk Analysis

Repackaging and Licensing

• Existing features available with File Storage Optimization

(FSO) and Sensitive Data Governance (SDG) will remain
intact
File E-Mail/O365 VM Endpoint
• A single addon package to Commvault Backup & Recovery
• Risk Analysis has the similar licensing model as FSO and
SDG
✓ TB ✓ USER ✓ VM ✓ USER
• Customers with existing FSO and SDG licenses will be
transitioned at no cost
• File Storage Optimization and Sensitive Data Governance
licenses will be end of sale in Aug 2023
• Customers needs to upgrade to SP32 to get supported
functionalities by 2024

Licensing Options © Commvault 2023

Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute.

Notes:

Finally, Risk Analysis is simple to scope, price and deploy.

It’s a single package with use-case licensing and this will allow customers to address their most pressing
challenges first, paying for what they need.

Furthermore, it just makes sense to price based on volume for file-oriented data and by users for emails and
M365.

A single license can be used for Sensitive file analysis and for File Storage optimization. For example, a
customer has 100 Tb of data in the environment, and they want to use Sensitive Data Governance and File
Storage optimization on different data sources.

While we currently don’t have license enforcement in place, we will first release the license/usage metering
and then license enforcement.

21
COMMVAULT PROPRIETARY/CONFIDENTIAL – FOR COMMVAULT PARTNERS UNDER NDA USE – NOT TO BE FURTHER DISTRIBUTED

Thank You

© Commvault 2023
Commvault Proprietary and Confidential Information Internal and Partner Under NDA Use Only - Do Not Distribute

commvault.com | 888.746.3849
© 2023 Commvault. See here for information about our trademarks and patents.