Metallic SaaS Security, Privacy & Compliance

Built on industry-proven Commvault technologies, Metallic® offers a unique and hardened approach to data protection and security.

Multi-layered security in the cloud

With built-in zero-trust security protocols, Metallic meets the most stringent confidentiality, integrity, and availability standards for government agencies and business, alike.

Security Threat Detection, Protection, and Response

Foundational detection, protection, and response services

  • SIEM
  • Infrastructure Firewalls, Web Application Firewalls (WAFs)
  • IDS (Intrusion Detection System)
  • IPS (Intrusion Prevention System) 
  • Proactive, AI based Incident Response Management 
  • NDR (Network Detection and Response)
  • EDR (Endpoint Detection and Response)
  • DDoS Protection (Distributed Denial of Service attack  
  • End-to-end service monitoring 

Zero-trust authentication

Stringent user authentication protocols

  • Role Based Access (RBA) controls 
  • Multi-factor Authentication (MFA)
  • FIPS 140-2 certified hardware tokens for MFA

Zero-trust access

Hardened controls, to prevent unwanted access

  • Role Based Access (RBA) controls 
  • Privileged identity management
  • Workflow based reviews and approvals
  • Automated user behavioral tracking, auditing and management 

Virtual air-gap

Preservation of data backups and recovery services

  • Independent cloud-based architecture
  • Isolated backup copies
  • Decoupled backup architecture 
  • Dedicated secured storage containers
  • Separate security domain – outside customer and Commvault network  
  • Data-in-transit encryption 


Robust controls to prevent data tampering

  • AES 256-bit Dual Data-at-Rest encryption 
  • Privacy locks
  • Read-only rights
  • Multi-authorization workflows  
  • Deletion protection

Advanced Detection

Tools and insights to identify and remediate risks

  • Security Posture Score
  • Anomaly Detection (File and Data-level)
  • Abnormal Event Monitoring and incident management
  • User audit trails

Security Whitepaper Resources


Metallic® Backup Security & Compliance Overview


Metallic® ThreatWiseTM Security & Compliance Overview

Industry Standards and Certifications

InfoSec Registered Assessor Program

Australian security assessment framework for systems, services, and applications.


Provides data security standards for organization handling criminal justice and law enforcement-centric data.

FedRAMP® High Authorized

The most stringent confidentiality, accessibility, and availability standards set forth for US government contractors and agencies.

See Commvault Cloud for Government for more information.

FIPS 140-2 Compliant

Validates cryptographic modules for encryption and document processing for handling sensitive data.


Sets guidelines for the collection and processing of personal information and data. 


HIPAA Compliant

Regulates the use and disclosure of protected health information, preventing unauthorized use or theft of sensitive patient data.

ISO Certified

Establishes international standards for managing risks to the security of information.

PCI Certified

Provides security standards and criteria for the acceptance, processing, storage, and transmission of credit card information.


SOC 2: Type II Certified

Assesses ability to meet overall security policies, including availability, processing integrity, confidentiality, and privacy standards.

Data Sovereignty

To help global businesses fulfill their data residency and compliance requirements, Metallic customers have full control over where their data lives and can select one (or more) Azure data centers and associate users to that region.

For more information, please visit our Documentation site.

Proven Protection. No compromises.

See why our customers trust us to enable secure experiences

Safeguard your data

Metallic is committed to supporting our customer’s compliance with GDPR, and prioritizes the privacy and security of the data we protect with our entire product suite.

Future-proof protection – for better peace of mind

Zero-trust security to safeguard endpoints, SaaS applications,
and hybrid cloud environments – now and in the future

Security IQ

Spot risks, reduce threats, and exceed recovery objectives – from a single view

Metallic ThreatWise

Actively defend your data with fully-integrated cyber deception.

Metallic Government Cloud

The ONLY FedRAMP High In Process – In PMO Review DPaaS solution, for federal agencies and government contractors

Security & Ransomware Blogs


Ransomware Cybersecurity


Active Directory Ransomware-recovery


New Security Tools & Insights from Metallic


Security Notices and Alerts

Stay up-to-date on the latest incidents and alerts

It’s a good day for a test drive

Advanced security meets data management with Security IQ