By NHI Mgmt Group Editorial TeamPublished 2025-10-24Domain: General NHISource: Commvault

TL;DR: Its FY25 climate work reduced Scope 2 emissions by over 13% and improved emissions intensity from 12.7 to 9.6 metric tons CO2e per million USD revenue, according to Commvault. The governance signal is that sustainability metrics are now part of operational resilience, not separate from it, while linking cloud efficiency and resilience to broader sustainability goals.


At a glance

What this is: This is a sustainability and resilience commentary that ties data operations, cloud efficiency, and climate governance to measurable emissions improvements.

Why it matters: It matters to identity and security practitioners because resilience programmes increasingly intersect with platform governance, operational efficiency, and accountability across the systems that support IAM, NHI, and workload operations.

By the numbers:

👉 Read Commvault's climate action post on data resilience and sustainability


Context

Climate resilience is increasingly being managed as an operational governance problem, not just an environmental one. In this Commvault post, the focus is on how data center efficiency, cloud optimisation, and board-level climate accountability connect to measurable sustainability outcomes, with a broader message that resilience now spans both digital operations and environmental impact.

For security and identity teams, the relevance is indirect but real: the same operational controls that reduce wasted storage, improve workload efficiency, and tighten accountability also shape how mature an organisation is in IAM, NHI, and infrastructure governance. This is best read as a reminder that resilience programmes are widening beyond uptime and recovery into resource stewardship and disclosure discipline.


Key questions

Q: Why should security teams care about sustainability governance?

A: Security teams should care because sustainability governance often reveals whether an organisation can measure, own, and reduce operational waste across critical systems. The same discipline that tracks energy use and emissions can also expose redundant infrastructure, unclear accountability, and poor lifecycle control. That makes it relevant to IAM, NHI, and platform resilience.

Q: How does workload efficiency affect governance quality?

A: Workload efficiency affects governance quality by reducing the number of unnecessary systems, dependencies, and exceptions that teams must monitor. When infrastructure is more streamlined, there are fewer hidden assets to audit and fewer opportunities for control drift. Efficiency is therefore a governance enabler, not only a cost-saving measure.

Q: What does formal climate disclosure tell practitioners about accountability?

A: Formal climate disclosure tells practitioners that governance becomes credible only when ownership, measurement, and reporting are explicit. That principle translates directly to security and identity programmes, where controls fail when responsibilities are vague or metrics are not auditable. Accountability is what turns intent into a repeatable operating model.

Q: How can organisations connect resilience and resource stewardship?

A: Organisations can connect resilience and resource stewardship by treating waste reduction, workload optimisation, and reporting discipline as one operating model. If fewer resources are consumed to deliver the same service, the environment is usually easier to manage, and the governance posture is easier to defend.


Technical breakdown

Emissions intensity as an operational metric

Emissions intensity measures emissions relative to business output, which makes it more useful than raw totals when organisations are growing. In this context, the shift from 12.7 to 9.6 metric tons CO2e per million USD revenue suggests better operational efficiency, not simply a smaller footprint. For identity and platform teams, this matters because governance often ignores the cost profile of redundant services, unused workloads, and poorly controlled system sprawl.

Practical implication: track emissions intensity alongside service and control metrics so efficiency decisions are visible to governance leaders.

Cloud efficiency and workload optimisation

Cloud efficiency in this article is about reducing redundant storage and improving workload placement so infrastructure does less work for the same outcome. That is a resilience pattern because less waste usually means lower cost, lower energy use, and less operational noise. The security parallel is straightforward: identity and workload governance both benefit when unnecessary persistence, duplication, and uncontrolled growth are removed from the environment.

Practical implication: review workload and storage sprawl as operational risk indicators, not only as cost issues.

Climate governance and disclosure discipline

Climate governance here refers to the processes used to set targets, measure progress, and disclose environmental performance with accountability. Aligning with TCFD indicates a move toward structured reporting rather than informal sustainability claims. For identity programmes, the lesson is that governance only becomes durable when ownership, measurement, and reporting are explicit across the lifecycle of the systems being managed.

Practical implication: build measurable governance around infrastructure and identity services so sustainability and security reporting are both auditable.


NHI Mgmt Group analysis

Climate resilience is becoming an operational governance discipline, not a branding exercise. The article ties emissions reduction to data-centre efficiency, cloud optimisation, and disclosure accountability rather than to isolated environmental gestures. That matters because the same discipline that reduces operational waste also strengthens control visibility across infrastructure, IAM, and workload management. Practitioners should treat sustainability metrics as part of broader resilience governance, not as a separate reporting lane.

Data efficiency and identity efficiency are converging around the same control problem. Redundant systems, duplicated services, and unmanaged operational sprawl increase both energy consumption and governance complexity. The article’s emphasis on smarter storage and workload efficiency points to a broader pattern: operational excess creates blind spots, whether the object is carbon, cost, or access. The practitioner conclusion is that simplification improves both resilience and governability.

TCFD-style accountability shows that resilience programmes are moving toward evidence-based reporting. Once organisations disclose climate-related risks and progress through formal governance channels, they create a model that security and identity leaders should recognise. The control lesson is not environmental alone. It is that durable programmes depend on measurable ownership, explicit targets, and auditable reporting across all critical operational domains.

The sustainability conversation now reaches infrastructure identity and lifecycle governance. When cloud operations are designed to use fewer resources, the same environment usually becomes easier to govern because there are fewer unnecessary dependencies to track. That does not replace security control design, but it does reduce governance drag. Practitioners should view operational efficiency as a structural enabler of better identity and platform control.

Operational efficiency debt: the article shows that energy waste, storage redundancy, and governance overhead often arise from the same underlying failure to manage system sprawl. That failure mode is familiar to identity teams because unmanaged growth also drives entitlement sprawl and lifecycle drift. The practitioner implication is to treat efficiency and governance as linked disciplines rather than separate initiatives.

From our research:

What this signals

Operational efficiency debt: organisations that let infrastructure sprawl continue usually end up with both higher resource consumption and weaker control visibility. That is why sustainability metrics belong in the same governance conversation as workload ownership, access hygiene, and platform rationalisation.

As climate reporting matures, identity and security leaders should expect more pressure for auditable operational evidence rather than broad claims. Organisations that can already prove who owns what, what changed, and why it changed will find it easier to extend that discipline into resilience and sustainability reporting.


For practitioners

  • Map efficiency metrics to governance ownership Tie emissions intensity, storage usage, and workload efficiency to named owners in the same way you would assign accountability for IAM or NHI controls. This makes sustainability reporting harder to ignore and easier to audit.
  • Review infrastructure sprawl as a control issue Identify duplicated storage, redundant workloads, and underused services that increase both operational cost and governance complexity. Use the review to remove persistence that adds no business value.
  • Align resilience reporting with formal disclosure discipline If your organisation already reports against a framework such as TCFD, bring security and platform governance teams into the same reporting cadence so operational claims can be validated consistently.

Key takeaways

  • The article frames sustainability as an operational governance issue, not a standalone environmental message.
  • Its main evidence is improved emissions performance tied to smarter data-centre and cloud operations.
  • For practitioners, the lesson is to treat efficiency, accountability, and resilience as one control surface.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while ISO/IEC 27001:2022 define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0GV.OC-01Climate governance and resilience reporting align with organisational context-setting.
NIST SP 800-53 Rev 5PM-11Program governance fits the article's emphasis on top-down accountability and reporting.
ISO/IEC 27001:2022A.5.1Policy governance is relevant where sustainability reporting needs formal accountability.

Link sustainability metrics to organisational resilience objectives and accountable ownership.


Key terms

  • Climate Governance: Climate governance is the set of policies, controls, and reporting practices used to manage environmental risk and performance with accountability. In practice, it depends on clear ownership, measurable targets, and evidence that progress can be verified rather than asserted.
  • Emissions Intensity: Emissions intensity measures emissions relative to business output, such as revenue or production volume. It helps organisations compare performance over time even when the business grows, making it a more useful governance metric than raw emissions totals alone.
  • Operational Resilience: Operational resilience is the ability to keep critical services functioning under stress, disruption, or change. In governance terms, it depends on efficient systems, reduced waste, and controls that make the environment easier to understand and recover.

What's in the full article

Commvault's full article covers the sustainability and climate-governance detail this post intentionally leaves for the source:

  • The specific FY25 sustainability metrics and the operational changes behind them.
  • The discussion of LEED-certified headquarters features and facilities choices.
  • The collaboration context around the Net Zero Institute and climate accountability.
  • The article's own framing of how data efficiency supports resilience outcomes.

👉 The full Commvault post covers emissions progress, operational choices, and climate governance context.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2025-10-24.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org