The News: At Commvault Shift in New York City, the vendor made a number of product developments and collaborations with partners targeted at facilitating cyber-resiliency in the multi-hybrid cloud, utilizing artificial intelligence. Details on the product developments and the partnerships are available in two Commvault press releases.
Commvault Cloud, Powered by Metallic AI, Accelerates Cyber Resilience
Analyst Take: Cyber-resiliency has never been more important. At the same time, it has never been more challenging to facilitate data security and recoverability. Data is sprawling across multi-hybrid cloud environments that include software as a service (SaaS) applications, making it difficult to gain visibility and obtain governance across the data. This reality is also sparking the introduction of additional data security and protection tools into a landscape that is already fragmented.
The Futurum Group, in collaboration with Commvault, executed a survey of 205 C-suite, VP, and director-level IT operations and security professionals in which more than 90% of respondents indicated a level of concern that their organization will suffer a ransomware attack. A staggering 98% of respondents indicated that data recoverability influences their ability to be resilient against ransomware attacks, making it unsurprising that 90% noted that fragmentation of data protection tools is affecting their cyber-resiliency. Full findings from the research, which also includes qualitative interview commentary, will be available in an upcoming report.
Commvault, for its part, used its Shift event to introduce a number of new and enhanced capabilities, as well as integrations with technology partners, designed to accelerate threat detection and response and help ensure clean data recovery for customers.
Most notably, the event served as a re-introduction to the company’s data protection platform, with the integration of its core data protection services with its Metallic backup as a service under a common interface.
Since launching Metallic in October 2019, Commvault has maintained separate branding for the unit. This setup made sense for getting Metallic off the ground and has helped to successfully ramp the business. Most recently, Commvault reported that its SaaS annual recurring revenue (ARR) grew 77% year-over-year (YoY) during the quarter to $131 million. The problem, as The Futurum Group sees and Commvault leadership acknowledges, is that it is not uncommon for customers to think they are separate companies.
In reality, the architectures are the same. Metallic was built on the Commvault codebase, and the company is about three-quarters of the way through rearchitecting the codebase for Complete, its core data protection offering, to be microservices-based for a cloud-like operational model with parallelism and scaling – much like Metallic.
Now, Commvault is pulling Metallic in under the banner of Commvault Cloud, powered by Metallic AI. The objective is to offer a singular user interface (which The Futurum Group notes will help to bring existing customers along) with a cloud-like operational model capable of being deployed on-premises or in the public cloud. Pricing will be common and subscription based. Demand for SaaS hosting continues to grow, but it is not appropriate for all industries and use cases. For this reason, allowing customers to mix and match their delivery models and have control over the deployment model is a smart approach.
The AI component comes in from two perspectives. First is the introduction of a new chatbot assistant dubbed Arlie (Autonomous Resilience) that is based on generative AI (currently, Azure OpenAI Service, though it is possible for other models to be supported in the future). Using plain language commands and questions, users can engage with Arlie to generate reports, obtain customized recommendations to improve cyber-resilience and other actionable insights, and to generate code (such as that required for integration with third-party security tools). The objective is streamlined, more intuitive, and less technical user engagement – very important for time-constrained IT operations teams.
For example, Tim Zonca, Commvault’s VP of portfolio marketing, demonstrated on stage at Shift the ability to ask Arlie for all failed Salesforce backups over the preceding 24 hours and to initiate a recovery validation for a critical infrastructure cluster. Users could also ask for best practices for setting up an immutable, isolated storage system based on the specifics of their environment.
Second is the ability to use AI to accelerate and increase the accuracy of threat detection – useful in combatting zero day and AI-driven malware threats. It is relevant to note that, in addition to analyzing the backup data for anomalies that could indicate malicious behavior, Commvault has a vantage point into who has access controls that can support identification of vulnerabilities and threats on the production side.
As an industry, we need to be careful about what we categorize as AI. There is a difference between machine learning (ML) and the generative AI we are seeing that can create recommendations and even create actions. By and large, data protection vendors have already been using ML to detect anomalies in the backup environment that could indicate a ransomware attack. What Commvault is leaning into with this announcement is using AI to do things like look for AI-driven polymorphic malware that changes and evolves, and to do things like execute intelligent backup scheduling and load balancing. It is very early days in this space when it comes to solution development, and even earlier in terms of customer adoption of these kinds of technologies. But I absolutely see potential there — for Commvault and for others in the data resiliency sphere. Commvault’s focus on a cloud-like operating model whether on-premises or in the cloud is interesting because it could potentially allow a really streamlined, natural way for the user to interact with AI.
Rounding out the announcements is the new add-on Cloudburst Recovery service, which Commvault launched in collaboration with Microsoft. The service initiates an isolated control plane that is built and hosted in Metallic, from which customers can fail over into an Isolated Recovery Environment. The important use cases are recovery testing, which there is tremendous pressure on IT operations to do, to ensure recovery from cyberattacks. And to be able to scan for threats to validate that malicious files have been eradicated before failing back over into production, and other post-attack forensics purposes. It can be very expensive and complex to stand up the infrastructure required for these purposes, and the Cleanroom Recovery service is tackling that.
Conclusion and What Is Ahead
Commvault Shift clearly demonstrates the vendor’s move toward facilitating more proactive, streamlined, and intelligent data management and security that includes data categorization and scanning for compliance and security purposes. Folding Metallic in will provide the deployment flexibility required as customers seem to meet legal and business data privacy requirements. Meanwhile, its broad workload and recovery target support facilitates what the vendor describes as “any to any portability” that is needed to validate recoverability and the ability to meet recovery time objectives. The market is crowded, but Commvault has a well-established business on-premises, a growing SaaS business that will further benefit from the new consolidated control plane, and a host of complementary umbrella Intelligent Data Services capabilities, including data governance, eDiscovery and compliance, and file storage optimization, to tap.
In addition to the product updates, Commvault also provided at Shift an update on work it has been doing with security-related partners including security information and event management (SIEM); security orchestration, automation, and response (SOAR); and endpoint and network detection and response solution providers. Arlie represents a significant opportunity to streamline management not only of Commvault’s various solutions but also those of partners’ as well – helping customers to navigate the ever-growing complexities of combatting increasingly sophisticated cyberattacks with a security toolchain that is also increasingly complex.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Commvault Grows Q2 2024 Revenue Fueled by Metallic SaaS Growth
Commvault Reports Q1 2024 Flat Revenues but SaaS Backup Is Catching On
Cyber-Detection and Recovery Drive Commvault’s Portfolio Strategy
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.