At the intersection of security and operations, we’re seeing a new discipline emerge. Commvault calls it ResOps, a blend of DevOps, SecOps, and FinOps with a wide view over the business’s applications and data. It’s a sign that cyber resilience is becoming a team sport. It isn’t just about having a backup; it’s about ensuring the entire recovery process is clean and coordinated across the whole business. Commvault presented ResOps at Cloud Field Day 23; you can find all their presentations on the Tech Field Day website.

I’ve examined how organizations plan for disasters, and often, this planning has been siloed. The backup team did their thing, the security team did theirs, and they hoped it all met in the middle. It often seemed that the objective was to tick a compliance box on a management report. ResOps changes that by bringing cross-functional collaboration into the heart of the recovery process and making business continuity the central objective.

One significant challenge in modern cyberattacks is that attackers don’t immediately delete or encrypt your data. They linger and persist, often in systems such as Active Directory or in scheduled scripts on Linux. If you immediately restored your VMs from yesterday, you might be restoring the attacker’s access, right along with your data. This is where ResOps starts to deliver real value.

Part of the ResOps approach is the use of disconnected restores. Instead of a direct full recovery to production, you restore to an isolated environment. This lets you identify attack persistence without risking your production network. You can scan for signs of an intruder in your AD or application configurations before you let that data back into production. Remediating persistent compromises in a disconnected environment is more practical, reducing the chance of re-infection after restoration. It’s a way to validate that you’re recovering a clean system, not just old data.

We’re also seeing a shift in how we think about the “Minutes of the Meltdown.” This isn’t just a catchy phrase; it’s a realization that the first few minutes of a cyber event are critical. ResOps focuses on preparing for those minutes in advance. It’s about having a plan that everyone understands, from the engineers to the executives.

The rise of ResOps also highlights the importance of automation. You can’t handle the complexity of a modern cyberattack with manual processes. You need tools that automate threat identification, mitigation, and recovery orchestration. But remember, tools aren’t a substitute for being good at IT; automation can enable mistakes at scale. The automation is only as good as the processes and people building it.

I suspect we’ll see more organizations adopting ResOps as they realize that cyber resilience is a continuous process, not a one-time project to tick a box. It requires a mindset shift, especially in IT management. You must assume an attack will occur or has occurred, quiet and hidden at first, and be prepared to respond. Being prepared means knowing your dependencies and having a validated recovery path for every critical application. The fastest restore time is not the critical measure; the restore must be clean.

ResOps isn’t just a new buzzword. It’s a necessary evolution in how we manage and protect our data. By integrating security and operations, we can build more resilient systems better equipped to address the challenges of the modern threat landscape. It’s about ensuring that when a meltdown occurs, your team is ready to act, not just react.

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

SHARE THIS STORY

RELATED STORIES:

Commvault Shift 2024 Live Blog

Commvault’s Top Down Approach to Cyber Resilience

Goodbye Chaos, Hello Commvault Cloud

Commvault Shifts to Focus on Continuous Business