I recently had the opportunity to attend a Commvault event in London, SHIFT, which was kicked off by Sanjay Mirchandani, Commvault’s President and CEO.
It is evident that Commvault is evolving and placing a significant emphasis on enabling clients to achieve cyber resilience, which is increasingly crucial in today’s market. Key takeaways from the event included the enhancement of reliability and redundancy for seamless application failover, particularly in cloud environments. The emphasis on managing complexity was particularly noteworthy, as Sanjay articulated the need to reframe business continuity as “continuous business.” This transformation underscores the importance of sustaining operations and engaging executives in matters related to security and recovery following cyber incidents. Additionally, the concept of continuous rebalancing—referring to the smooth transition of workloads and data—was introduced, highlighting the necessity for preparedness and the establishment of effective recovery workflows. Overall, the event provided valuable insight into the strategic direction Commvault is pursuing.
Results
Commvault’s stock (NASDAQ: CVLT) has risen by over 100% over the past year, indicating the successful execution of its strategy. The company is approaching the billion-dollar mark. It is reasonable to assume that it may reach this milestone within the next 18 months to two years, especially following recent acquisitions. Sanjay’s leadership over the last five to six years has delivered results.
Let’s look at marketing position – we collaborate with ETR to analyze competitors in the storage category using insights from hundreds of IT professionals to understand how various companies rank. The category is broadly labeled “storage” which is candidly very broad and not my preferred label in this case, but I am referring to it for consistency with the research.
The net score is a spending intention score. It accounts for new installations and increases in spending on existing setups. It also considers those reducing spending or replacing solutions. The net score represents the difference between projected increases and decreases in spending, resulting in a relative percentage. The pervasion score is a proxy for market penetration or market share, indicating how well a company performs in the market. I looked at the overall market but focused on Commvault in the enterprise sector, particularly within the Global 2000. This is a relevant way to view their position in the context of cyber resilience, data protection, and disaster recovery.
From my analysis, Commvault is well positioned regarding net spending (indicating that more financial resources are likely coming their way) and their prevalence within the Global 2000. The challenge for Commvault will be to expand this momentum beyond the Global 2000 and sustain its growth. Overall, the outlook compared to competitors is very strong. Notably, Rubrik and Cohesity are closely matched, an exciting dynamic. Of note, Dell is more pervasive than the other vendors (this is across a wide variety of storage and software offerings).
A New Category?
The data protection landscape is shifting – has shifted – towards cyber resilience, integrating cybersecurity with disaster recovery in the context of cyber recovery. Enterprise organizations face an evolving threat landscape, exacerbated by AI advancements that change threats and responses. Key challenges include data compliance, privacy governance, budget constraints, and a shortage of skilled personnel, complicating cyber recovery efforts.
To address these pressures, organizations must simplify their strategies and build resilience. Importantly, no single entity can tackle all cybersecurity needs alone, underscoring the importance of an ecosystem approach. Commvault is essential in this space, focusing on cyber resilience while identifying and mitigating threats. This strategic positioning allows for potential future expansions, including possible acquisitions.
Architecture
Let’s take a moment to understand Commvault’s architecture, which is essential for grasping their recent announcements. Their architecture is divided into three components:
1. Storage Plane: This is the fundamental building block.
2. Data Plane: This area is crucial for maintaining an agnostic view of data, especially as AI continues to play a more significant role in the coming years.
3. Control Plane: This is where authentication and network isolation occur, helping to establish a zero-trust architecture vital for cyber resilience.
Overall, the architecture lends itself to supporting cyber resilience capabilities, but it can also be argued that this has been a partial re-positioning exercise over the years.
Expanded Coverage, Product Strategy and Acquisitions
Execution is always crucial for product strategy, as highlighted by recent announcements like Cloud Rewind (through the acquisition of Appranix). This capability allows for the recovery of entire cloud environments, akin to high availability. Significant S3 and AWS protection enhancements have been made, reflecting the platform’s importance. The Clumio acquisition will be key moving forward in this context. There are also investments in edge hyperscale X for data protection in edge environments, linking to the broader AI landscape amidst hybrid setups involving cloud, edge, and on-premises platforms.
Among other improvements, the focus on enhancements to Active Directory protection is crucial, as its vulnerabilities can severely impact business continuity. Investments in Google Workspace underscore the importance of collaboration tools. Data protection in cloud environments, especially for full-stack applications, is complex, and APIs play a vital role. Commvault recognizes that recovery involves more than just data, addressing the increasing risks of cyber threats.
Their product strategy centers on cloud-first protection, representing a progressive shift from previous years, as many workloads are hosted in the cloud. However, while cloud-first protection capabilities are impressive, there’s still room for improvement in that area. I would like to see more developments and “workload” coverage in terms SaaS data protection, and I am confident we will hear more about that in the future. In my opinion, it is a strategic imperative: a strategic cyber resilience vendor should protect all the strategic workloads. Today, I would argue that a significant volume of data is sitting in SaaS environments without adequate protection.
AI is also crucial here, both for protecting AI workloads and for leveraging AI to enhance cyber resilience. These are two sides of the same coin, and both conversations are vital since they address different yet equally critical issues. Focusing on cyber recovery is at the core of addressing these challenges and creating a secure environment. Adding robust data management capabilities should also be more emphasized within these strategic vectors in my opinion.
About acquisitions, I mentioned Appranix and Clumio before. These acquisitions complement and enhance an already comprehensive portfolio. The Appranix acquisition has been rebranded as Cloud Rewind, an apt name that targets composable applications. This solution enables recovery of all components of an application, which is essential—not only for recovering from a compromised environment but for many other use cases as well. Automating and simplifying the recovery process is crucial, especially given the numerous moving parts, which can sometimes be overwhelming. Clumio is a natural addition focused explicitly on AWS’s digital-native environments.
These acquisitions represent a fundamental step towards future developments. Considering the market evolution driven by AI and cyber risks and the current threat landscape, having all these components is essential. Additionally, customers are increasingly operating in hybrid environments. The advantage of having cloud-native resilience lies in the capability to scale effectively, secure backups, and ensure near-immediate recovery. Ultimately, the focus here is on digital natives and their need for scalable solutions. Let’s watch how the integration and execution unfold on the product and solution sides.
Also, Commvault has a compelling approach to AI that is logical and sound; they focus on leveraging AI to create a more user-friendly product and enhance the end-user experience. This focus certainly makes sense and bodes well for the market, particularly with Commvault’s involvement in agentic AI and other processes they can develop.
Cyber recovery and data recovery, in general, are complex areas. Utilizing AI to simplify these processes is a great idea. Resiliency is crucial, and the ultimate goal is to enhance your resilience index—essentially, your ability to withstand various challenges. AI can play a significant role in this regard.
The future of AI in data protection and cyber resilience will yield the most visible end-user benefits. However, another critical aspect intertwined with this is governance. Promoting responsible AI adoption is essential, especially in complying with numerous requirements. Resilience is vital, but compliance is equally important, as it ensures resilience and mitigates risks associated with improper data usage. Additionally, we must consider this from a data management perspective, which can help with compliance. This brings us to a more data-platform-oriented approach. It may well be the prize…time will tell.
Let’s remember that other vendors in this space have robust AI strategies, making it a competitive landscape. Ultimately, the companies that thrive, whether Commvault or others, will effectively leverage AI within their platforms and execute their go-to-market strategies well. AI-driven cyber resiliency will be a significant factor in driving adoption.
Don’t be shy with bi-directional APIs
Think about this in the context of the NIST framework: Identify, Protect, Detect, Respond, and Recover. Various outcomes emerge at each stage, and the key will be to identify them. Commvault is headed in this direction and appears to be doing well. There are multiple agents and processes they can build upon. One critical aspect of this is teamwork. The cyber resilience solution must be collaborative—not just among teams executing the cyber recovery plans but also across technologies that need to work together seamlessly. In my opinion, Commvault has not sufficiently highlighted their excellent bidirectional APIs. They have a formidable wall of logos representing various cybersecurity partners they work with.
Wrapping Up
Overall, Commvault has executed well to date. The numbers reflect a strong performance supported by a solid executive team. They have maintained a balanced focus on security without overemphasizing it, demonstrating their commitment to cyber resilience through transparent communication about their capabilities. Their product strategy is robust, and their recent acquisitions signal a strong commitment to growth, marking a departure from their previous hesitance in the acquisition space.
There is a strong focus on understanding the market and serving customers. The expansion of capabilities aligns well with product strategy and has been thoughtfully considered. There is a clear recognition of various stakeholders involved; it’s not limited to traditional storage or IT professionals but also includes collaboration with cybersecurity teams, incident response teams, and more. This context poses both a challenge and an opportunity, not just for Commvault, but for other vendors in the space. Having the right go-to-market strategy, sales teams, and marketing efforts in place is essential to engage these different personas and facilitate collaboration for success effectively.
An interesting tabletop exercise conducted by Commvault for clients simulates a cyber attack by assigning participants different roles. This approach highlights the stakeholders involved and reveals the need for more preparedness and communication many organizations face. It emphasizes that key issues often extend beyond technology to encompass people and processes, effectively educating the market. Ongoing sales and marketing efforts in this area have the potential to yield significant benefits for Commvault. The work being done with partners is also noteworthy and an important message.
Additionally, the marketing team deserves commendation for a remarkable transformation, marking a crucial pivot in this market.
For end users exploring various players in this field, it’s essential to recognize that it is a highly competitive landscape. Many excellent solutions are available, and competition is likely to intensify over the next couple of years. Factors such as effectively delivering cyber resilience, engaging with end-user needs, and integrating seamlessly within existing ecosystems will be critical. The role of AI is expected to be a significant proof point in developments within this sector. This dynamic market features several major players, and substantial competition is anticipated.
The cyber resilience space is experiencing exciting changes, with expectations for significant evolution and increased investment from Commvault alongside various competitive responses.
