Security is a key concern when managing your centralized multi-tenanted shared services platform.
All activities in your Commvault environment are written to the Audit Trail log and are viewable to authorized users from the Audit Trial report.
For more information, see Audit Trail Report - Overview.
Before you onboard additional users onto your shared platform, verify if the Retention Days for Audit Trail meet your internal security policy.
For a full log of which activities are auditable and their relative log severity, consult Operations Recorded by the Audit Trail.
Securing Your Database
The CommServe database holds your Audit log, system credentials and encryption keys for backup data and secure client communications. Protecting your CommServe database is crucial to the security of your Commvault platform.
Commvault has published a set of Security Best Practices that you can implement subject to your internal security policy. For information on securing your CommServe database, see Securing the CommServe Computer.
Commvault has built-in ransomware protection for both MediaAgents and remote Client Computers.
Enable the MediaAgent ransomware protection immediately after installation. For more information, see Enabling Ransomware Protection on MediaAgents.
Note: Monitoring ransomware events on Client computers is typically reserved for Laptops (as high-risk devices). Consider offering ransomware protection in Endpoint protection services. For more information, see Monitoring File Anomalies On Client Computers.
Enabling Privacy Controls
In a Service Provider environment, companies expect the Service Provider to not have access to view or download their data. While this configuration choice is ideally made during Service Deployment, it can often be requested by tenants after onboard.
You must enable privacy control at the CommCell level before individual tenants can enable this feature. For more information, see Enabling Privacy at the CommCell Level.
When enabled, the tenants will have a new option in their Company configuration window.