I recently attended Commvault’s Shift event on November 8 in New York City, along with over 200 customers and partners. I am not easily impressed; it comes with the territory of being an industry analyst. Not this time. The company organized an event that marks another strategic turning point for Commvault. This time, it’s about AI. As I wrote in 2020 and the year before, this is no longer the legacy company of a few years ago. It is intent on leapfrogging others in the market—again. Competitors should take close notice.
A few years ago, Commvault redefined itself under the leadership of its then-new (and current) CEO, Sanjay Mirchandani, by making two critical moves: the acquisition of Hedvig and the creation of Commvault Cloud (previously known as Metallic). These significant strategic investments were critical to meet market requirements and competitive pressures at the time and directly positioned the company for today and for what it will be next.
The strategic shift (pun intended) Commvault is operating is the culmination of a multifaceted technology optimization strategy through operational automation, unification, and efficiency at the platform level and a focus on data resilience at scale. These two key areas of operations and resilience were critical in building and evolving the Commvault Cloud offering while preserving the traditional installed base of on-premises and hybrid customers. The company now claims 4,000 customers for its as-a-service offering. That’s an impressive number.
This is happening at a critical time in a market that has shifted from traditional disaster recovery to cyber-recovery or cyber-resilience, a fact that ESG recently researched and confirmed.1 Ransomware fundamentally affects business processes and operations, with significant compliance and financial exposure ramifications. The devastating impacts of repeated and often successful ransomware cyber-attacks have become the new normal, making ransomware an existential threat for many organizations. In our recent research, most respondents recognized that ransomware supersedes all other potential threats. Unfortunately, most are not well prepared to deal with it. Few organizations can successfully restore all of their data.
The other key trend affecting the data-protection space and beyond is the need to simplify and optimize processes and operations at scale. Many IT teams are trying to keep pace with data growth, and our research shows that they also struggle to protect mission-critical applications and deliver on key recovery objectives. Many IT and cloud operations professionals tasked with backup and recovery responsibilities drown in complexity, multiple tools, and inconsistent processes. Combine this with ransomware and you have a perfect storm. This is reflected in extended RPOs and RTOs and heightened business-level risk.
Disaster recovery is crucial to business continuity, especially regarding application and data recovery. Testing is a critical best practice that helps identify potential issues with people, processes, and technology and enables corrective measures to be taken. Regular testing is essential for gauging one’s ability to recover from a disaster. However, many organizations find it too complex and expensive to conduct frequent testing. This can lead to extended intervals between tests, which may cause critical interdependencies between infrastructure and security teams to be overlooked. This is particularly concerning in ransomware attacks, where the need for effective collaboration between teams is paramount. Cost and the lack of skill sets are also significant factors that hinder frequent testing.
Recognizing this fundamental market change, Commvault has made additional strategic platform investments to bring together data protection, security (including SIEM/SOAR ecosystem integrations), intelligence, and recovery with machine learning and AI operationalizing the most complex and error-prone tasks.
On the ransomware front, the platform can help improve recoverability with what the company calls a “cleanroom recovery service,” allowing users to test and detect threats without impacting production. In partnership with Microsoft Azure, the platform uses AI to verify “clean” recovery points and provides a fully ready environment to recover. This is key because hardware microcode or operating systems that make up infrastructure can also be affected by cyber-attacks. So not only does one need a clean recovery point, but one also needs a clean environment to restart.
A few years ago, Commvault made some crucial architectural decisions that are beneficial because they now clearly help differentiate the company. For instance, separating the control plane from the data plane and the storage plane is now paying off since it allows for an any-to-any set of permutations for moving data around for backup and recovery, whether on-premises or in the cloud. Today, most enterprises operate in a hybrid and multi-cloud environment.
Combining testing and recovery capabilities with ecosystem partnerships and integrations, the company is positioning itself as a critical player in the security supply chain without losing its focus on what it does best: data resilience and recoverability. Cloud burst capabilities help address cost at scale by only using compute for a controlled time at a fraction of the cost of a hardware-based approach. This removes the last significant objection to frequent cyber-resilience testing or recovery testing.
Commvault recognizes that it is not a security company but a data-resilience platform company, one that is part of an ecosystem in which security technology players provide part of the broader solution.
Over the past few months, I’ve noticed a company that’s less timid and more assertive. They are not afraid to take on their competitors and are doing so effectively with clear and precise messaging. The marketing team has executed its strategy well, and I believe that this same team will be the driving force behind the success of recent announcements, which will go beyond just the technological aspect.