Unlocking Data Protection Excellence: How AI and SaaS Solutions Secure Your Future– Infrastructure Matters Insider Edition

Unlocking Data Protection Excellence: How AI and SaaS Solutions Secure Your Future– Infrastructure Matters Insider Edition

In this episode of Infrastructure Matters – Insider Edition I am joined by Tom Broderick, Chief Strategy Officer at Commvault. We explore the leading edge technologies for Data Security and Protection with the impact of artificial intelligence, the shift to SaaS offerings, and the challenges of managing hybrid multi-cloud IT environments for protecting critical information assets. Tom gives his perspectives working with Commvault’s clients to provide the keys to unlocking data protection excellence with AI and SaaS solutions. We also look into the issue of increasing complexity and cybersecurity threats faced by organizations strategies for tackling.

Topics include:

  • Impact of AI on data protection: AI enhances data intelligence and simplifies operations, proactively protecting against cyber threats.
  • Shift to SaaS offerings: Organizations adopt SaaS models for data protection, providing cost savings and ease of implementation.
  • Challenges of hybrid multi-cloud IT: Complexity arises from diverse data environments, requiring flexible protection solutions.
  • Importance of cyber resilience: Evaluating vendors with unified platforms for secure and efficient data protection strategies.

You can watch the video of our conversation below, and be sure to visit our YouTube Channel and subscribe so you don’t miss an episode.

Listen to the audio here:

Or grab the audio on your streaming platform of choice here:


Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this webcast. The author does not hold any equity positions with any company mentioned in this webcast.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.


Camberley Bates: Hi, it’s Camberley Bates with Infrastructure Matters. I’m the Vice President of Data Infrastructure here and today I am joined by Tom Broderick, who is the chief strategy officer of Commvault. Welcome.

Tom Broderick: Thanks Camberley. Great to be here.

Camberley Bates: Let me do a little bit of introduction. I think this is our fifth recording that we’ve done or maybe a little bit more here. And what we talk about at Infrastructure Matters is all about technology that is supporting the application delivery. So that is everything from chips to servers to software to… here it is. We’re going to get into one of the issues I love to talk about data protection and cybersecurity and all that kind of stuff. It’s very, very noisy. But before I get started, I want to introduce Tom. He is a really great guy from back east.

A little bit of background. He leads Commvault’s strategy support readiness teams. That includes the support side, so including strategy and support. Oh my god, I don’t know how he does it because I’d fall apart completely. He’s been very involved with their business model transition from a more traditional software company to very much so a cloud first data protection leader. Got over 30 years of experience with probably some big companies like Puppet and MEMC, as we all know, in the far end east. And you’re going to find him, I believe they’re in the northeast with his wife and children. One of the kind of interesting things in his resume that’s like, I’m going to do a little twist here, is that before he started protecting data, he was protecting our eyes When he was running, he was with the company doing product development with a company called UEX, I think is what it was. So you went from eyes to data and now it’s all eyes are on data, there we go. Okay. It’s all connected, right?

Tom Broderick: Protection all the way across the spectrum.

Camberley Bates: There we go. Okay. So our topic for today is what is impacting our ability to protect the data assets? And we’ve had so much noise. Data is our oil, new oil well. Well actually not the new oil, I can’t say oil. You have to say energy. But there’s some shifts that are happening in the protection space. It’s beyond even cybersecurity and they’re impacting management, how we protect things, et cetera. And we’re going to get into those. These areas include artificial intelligence. I think we’re banging on everybody’s head, generative AI kind of stuff. We’re also shifting to SaaS offerings. We’ve also have this huge complexity of the landscape that everybody’s been hearing about and doing actually, which is the hybrid multi-cloud IT. Which is on and off premises and how we do that.

So what we’re going to do is break each of these down, especially as Tom’s been dealing with these things with the company and the direction where Commvault is going to. So first of all, one of the first things we talked about, I guess when we kicked it off saying we’re going to do this podcast was how does AI factor into the conversation of data protection? I’ve got lots of answers, but going to throw it over to you because I’ve talked too much already.

Tom Broderick: That’s quite right, Camberley. How does it not factor into it, right? It factors. I think since folks discovered open AI and ChatGPT six months ago, it’s been quite a rollercoaster out there and kind of an awakening, if you will. Obviously, AI’s been around for a while and in fact, Commvault’s used AI in our own technology for several years now. But I think what’s coming of light is the real value and impact that AI can have. The minute that you say to a large language model like write a 10-page term paper on some subject and it does it in 30 seconds, it kind of blows you away. And then you start playing that forward in terms of how AI could impact our lives going forward. And then impact the area of data where we play. It can be pretty massive. And you mentioned several things, you mentioned mentioned hybrid cloud complexity. You mentioned security, cybersecurity. You mentioned the different kind of consumption models of SaaS and software.

Well all of that, all of those elements in their own way add kind of operational challenges for organizations. And as organizations are constantly under pressure to reduce costs, do more with less, the age-old story in IT. Artificial intelligence is going to play a big role in the future in simplifying those operations within an organization across all those different parts of the landscape. So we know today data’s everywhere, on-prem, in the cloud, moving back and forth. How do you make sure that the right data is secure at the right time? And then even more importantly, how do you recover that data if something was to go wrong? And then how do you do it at massive machine scale, right? It is very difficult for humans to do that. And as artificial intelligence becomes even more mature and organizations can use it to offload those soul crushing elements of their operation that are very costly and slow, the more value that it will provide to organizations going forward. It’s exciting times ahead, I think.

Camberley Bates: Okay. So I picked up on two different things that you were talking about. One is how we are going to take advantage of AI to improve what we’re doing. So I can imagine us being able to… you talked about AI ops. Is it artificial intelligence operations? Well, some of it is, some it’s already programmed in. We’ve been doing a little bit of that. But it’s been difficult and it’s also, do we trust it? There’s that can I actually let it go and do its thing?

But in this area, maybe it’s AI enhancements to operations and in the areas that I can see it playing out or things that… And I talk about data and do you know where your kids are? Do you know where your data resides? Putting GPS into your kids phones or whatever. And you’re like, “Okay, so we’re going to put GPS into our data.” Because when we get attacked or when a company is attacked, the first thing to do is make sure you know where the data is and discover it. And making sure even before it gets attacked, it’s like where is the important pieces or where’s the not so important pieces and where am I exposed? Where I’m not exposed?

So AI can help us discover those locations. Better data management, better cataloging, which I know you guys are doing in some of those areas. That’s improving it as well as that. Maybe you could talk about maybe some of the areas you’re looking into from a strategic standpoint in terms of operational improvements that either this AI ops thing is helping us out with.

Tom Broderick: Well I mean, you’re exactly right. So where we’re been using AI and machine learning for years now in how we’re gathering data intelligence, right? About the most important data. Where is it? How is it being protected? Are you in compliance with regulations and government protocols and the like? But what does also your risk profile look like? Right? Do you have the right intelligence around the risk in your environment? And AI, I’m sure it will be used more and more to align that as well to other attributes. It’s like you need to figure out what is the most important data to be protected and apply the right policies to that data versus all of your data necessarily because that would be too expensive, if you will.

But really the recovery though is where I think the rubber really hits the road. I think after a cyber event, the average recovery is something like 17 to 20 days. Think about that. I mean, if it’s a data set that’s critical to your business and the operation of your business, or it’s something that’s not allowing you to generate revenue or deliver value to your customers as an organization, the cost of that can be astronomical. In fact, just on the cyber front, I think it was, McKinsey recently did a study that said that the cost to organizations will be around 10 and a half trillion dollars by 2025 due to cyber events in their operation. And that cost isn’t just paying the ransomware. It’s destruction of market cap. It’s not being able to drive revenue for an organization and lawsuits. You just add it all up and this is where they got to it.

Data protection and the automation and the AI driven automation of not just how you’re protecting, but also how you’re driving speed to recovery is going to be critical for organizations as we move forward. And AI isn’t just on the side of the good guys, right? AI is being used by bad actors. We know that that was one of the first, again, stories that came out when everybody seemed to learn about ChatGPT right in the beginning you apparently can use it to write malicious code, right? And if you play that forward again, down the maturity curve of artificial intelligence, you are going to need AI enabled protection mechanisms to protect yourselves against AI enabled bad actors.

Camberley Bates: Well that gets into the other piece of it is like you talk about some of the recovery pieces of it and faster recoverability. But the other piece of that is how can I move forward to move to the other level on if this is the protection side and this is the… or this is the protection side and this is the recovery side then move over to this level of protection. And yes, I’m going to encrypt my data over there. But can I detect and integrate with threat determination technologies that have been more the realm of the website people or the web people or the networking people, and start integrating those two tools together to get up front to where it is. To your end, I think that one of the interesting pieces of generative AI is them using it to craft emails.

So if I have information about how you speak, some of these guys are coming from overseas, they don’t always know how we talk or speak or the language being used. But if I have a generative AI to actually build language that is more attuned to whatever the people is, the likelihood of possibly me clicking on something raise increases. So now all of a sudden, as much as I might train my people not to click on something, that probability might be increasing with this capability that they have. Again, how do I get to the point that I’m upfront on where preventative happens in that work? And I know that’s work that you guys have been going and doing quite a bit of work in.

Tom Broderick: Yeah, it’s going to get fascinating as we go forward. And this is the old mantra is it’s if you get attacked, it’s when you get attacked.

Camberley Bates: Right.

Tom Broderick: But you’re right, I mean, some of the artificial intelligence, I mean, imagine right now you got a phone call from somebody that sounded just like your boss. Your boss was asking you to send a password or send a file to a place. Or even a video call, right? A person or something that looks like your boss is right in front of you asking you to do something. It’s fascinating. That’s always the weakest link, right? Is when it comes to security, it’s the humans at the end of the day, because it’s why is the phishing happening? Well in order to get access to some critical piece of information that maybe can use down the road or that could be sold in the black market to be used down the road to get into an environment.

So again, it comes back to then how are you protecting yourself, knowing you cant fortify a perfect wall? How do you protect yourself at the recovery point, right? That’s absolutely where to your other point is those integrations. Let’s say shifting left in the pool chain is so very important. It’s also a reason why at Commvault, last year, we acquired a company called TrapX, which is now known as ThreatWise in our portfolio. And what gives us is a capability to do advanced honey potting inside an organization.

So we set these traps and if a trap is kicked off, then we know, “Hey, there’s an issue here.” Right? And it’ll set off an alarm. And as we move forward, well maybe things you can do, especially with artificial intelligence is kick off an air gapped copy of your data immediately, proactively. Where you might have one already in place for some key information, based on policies that you have, right? So those are the sorts of things where you need to stay ahead on the protection side as the threats grow ever more sneaky, so to speak.

Camberley Bates: So let’s switch to the other topic. The other changes that we’ve seen. We’ve been shifting to having SaaS offerings, and this is changing the data protection environment, maybe not like AI is, I mean dramatically, but the SaaS is shifting. And one of the things I look at there is in this macroeconomic space where customers are looking for changing how they’re doing some of the business. I mean, you’ve been involved with this heavily with your company and your shift from traditional licensing to SaaS. Why is this shifting? Why is this shifting? Why is this attractive to customers? Where is this going? Why do we see this? How does this impact the overall business of the data protection space.

Tom Broderick: Yeah, great question. And it’s absolutely been part of our journey over the last, let’s say, four and a half years at Commvault. We recognize that… well first, you have to go back. When it comes to data protection, oftentimes the way that you look at what it is that you’re protecting, it’s by the workload that you’re protecting, right? Am I protecting of a virtual machine workload? Am I protecting a database? Am I protecting some other kind of application inside my environment files and objects or the like? Am I protecting a SaaS capability like O365 or Salesforce or all the new SaaS applications that are really replacing large swaths of what typically was on premise? I think in data protection we’re in the infrastructure world, infrastructure matters. And let’s say our space has been a little bit of a laggard compared to some other spaces, right?

What’s the HR tool of choice these days? It’s Workday. So you use Workday, which is a SaaS application. I don’t need to stand up a data center. I don’t need to power and cool it. I don’t need administrators in my environment. It just runs in the cloud. Well folks are starting to understand or recognize that data that aligns to that also needs to be protected and that when you read the fine print of the contracts, those application providers aren’t necessarily providing the kind of protection that you would want.

So when we recognized that at Commvault, this became a large growth opportunity for us moving forward. And sure enough, with our Metallic offering, it’s become a… Metallic just cleared a hundred million dollars in ARR a quarter ago, which is what we told the world in our earnings report. And it’s growing very, very quickly. IDC looks at the data protection space, or as they call it the DRP space, as on-prem and cloud. And the on-prem part of that space that they measure is the largest component of it today, but it’s not really growing.

Maybe it is growing 1% a year, but the cloud component is growing in the teens, right? So that’s the fast growth area that IDC is seeing. And that they project to be about a four billion market space by 2025. So it’s a fast-growing large part of the market, absolutely being driven by the workloads that are getting protected. It’s getting driven by the ease of implementation and use because like I said, when it’s running in the cloud, you don’t have a data center to worry about it. You don’t need to stand up storage systems, let’s say, in order to have your backup copies for recovery. It’s just done in the cloud.

So now with your O365, as we see it, O365 is a massive consumer of data protection now from Metallic’s perspective. And I think it’s that SaaS simplicity that is really driving a lot of organizations. And it’s not just the small and mid-market, but also enterprise are seeing that, “Hey, you know what, that SaaS consumption model aligns to the way I consume O365. So because of that alignment now, it just makes sense. It makes sense that that’s what I’m going to use.” And for us…

Camberley Bates: I see…Go ahead.

Tom Broderick: I’m sorry. For us, it puts us in this, I think a very unique space now where we’re delivering software and SaaS, and for the most part it’s a very common platform.

Camberley Bates: Well do you think that’s one of the important things to look at as well, is most companies, or at least the enterprise companies, are going to remain with very strong presence on premise.

Tom Broderick: Absolutely.

Camberley Bates: Some of the major apps they’re not going to transfer over. I mean, there are companies moving everything over, but there’s many of them, I think the number is 80% or something, they’re going to keep on premise. And then what we’ve seen, this has been going on for 10 years now, any major application that comes on board now, it’s been a long time since we’ve had a major new application that’s upset or brought up and new stuff but its major applications are being brought on as SaaS. So as you said, Workday was one of the latest ones that’s taken off. Everything from Office 365 to your CRM system, your marketing system, your HR system, et cetera, are all SaaS based. And so protecting that data becomes critical. And as you said, it’s often overlooked whether it’s protected until something happens.

Tom Broderick: That’s right. They’ve become…

Camberley Bates: Yeah.

Tom Broderick: Sorry, they’ve become the new mission-critical applications, right?

Camberley Bates: Yes.

Tom Broderick: And they don’t always protect the data in a way that makes it recoverable as well, right? So people do overlook it.

Camberley Bates: Yeah, they’re overlook it.

Tom Broderick: I think it’s something that’s now coming to the forefront.

Camberley Bates: Yeah. So I’ll shift to one more topic before we wrap up this one up. And this is kind of related to a bit of what we’re talking and that is when we’re… and for our perspective, we deal with the ITN users just like you do. A little bit differently, we’re not selling them any software. We’re advising them on what they should be looking at. What options they might have. It has been, it’s not ironic to you it’s, but since actually we probably hit about the COVID time because cybersecurity got so big and hit so hard. Almost all of them are now looking at changing or doing some change or reevaluating what they’re doing.

And that reevaluation is both is for a lot of different reasons. It’s because cybersecurity, which is primarily what’s driving the re-look, but it’s also because they’re hybrid IT. They are recognizing and they’ve built separate cloud teams, separate on-prem teams. Some of those teams are now coming together. So they are working more as a team to look at that entire thing. And we’re talking the big companies, your Fortune 100 companies that we deal with are looking at all options. They’re looking at backup as a service in the cloud. They’re looking at cloud backup, which is not managed service, but a cloud backup. And they’re looking at how they’re do they’re doing on-prem.

If you could talk about, I think… and one of the things we get into is really talking about how to evaluate and look at the vendors, especially in this macroeconomic time because we’re under a lot of… the inflation is under control maybe for a while, but we’re still getting hit by the increasing interest rates, et cetera, that are going on. So that kind of thing of looking at how solid long-term kind of thing. So that evaluation process, maybe take us through what Commvault is doing with our clients in terms of evaluation process and what are you trying to talk about that are thrivers for that, especially from a strategist standpoint.

Tom Broderick: Yeah, I think it is very interesting what’s happening. In fact, one of the macroeconomic elements that may impact at some point is that idea of commercial real estate going through a bit of a bubble. As companies like downsize their physical presence and what they do. So you’re absolutely right, the idea of hybrid is only expanding and it’s expanding very quickly between on-prem, in the cloud, edge and where all the data is and how it’s moving and I don’t think… the other thing too is that oftentimes there are organizations that have decided, “Hey, I’m going to move this to the cloud.” But then they discover, “Whoa, this is really expensive. It’s actually better for me to move it back.” Right? And they actually move back. So there’s this idea that organizations don’t want to… are they making a decision for the next 10 years? Or do they not know the right decisions? They need that flexibility, right?

So you might be a company that has 10,000 remote employees where all their data sits on O365 or in the SaaS applications that they’re using. Or you might be a manufacturing shop that still has a big IT data center where everything is there. We think about this as playing right into our core value of what it is that we deliver from a data protection perspective, because we do it all the ways, right? We will protect on-prem applications. We will protect cloud applications in any cloud. We’ll protect SaaS applications and we’ll do it in the consumption model that’s best for you as an organization.

Absolutely, IT collision is happening. You mentioned it between the on-prem and the cloud people, but there’s also the security folks too, right? And so now you’ve got this collision happening where I think the last thing that any organization wants, whether you’re talking about data protection or any other aspect of IT, is a super fragmented environment, right? You don’t want 10 different data protection technologies in your environment because that’s what you need in order to cover all the various ways that you’re consuming and delivering and housing data, right? Wouldn’t it be better to be able to consolidate that on to a single platform? And so as we look at this world that’s only becoming increasingly complex in this hybrid nature. What we deliver is a solution that gives a common experience to the user, but delivering data protection across all those different sorts of modes, so to speak.

Camberley Bates: And that’s been a really difficult thing for the IT for a couple different reasons. One, because they have historical systems. I mean, we know people that have still have a Solaris platform, god forbid, you know? And they do still have the iSeries, the old AS/400 sitting on platform. So it’s a separate kind of stuff. We have mainframes, we have the Unix systems, we have the Windows systems, we have all kinds of platforms that are sitting on there. And there’s different systems for all the… and the other piece of it is there’s so much code policy, programmatic systems that are in place that you don’t want to rip and put back in.

But then there’s this other thing is, I think as you mentioned, that the concept of IT collision, which is complexity issues that do we continue the complexity? And I’m thinking that maybe the issue of having to re-look at things in order to become more cyber resilient becomes a driving factor for saying, “Okay, so maybe having five different backup data protection software practices is not core. Is not the best in order to be cyber resilient.” And maybe it’s painful to clean out the closet, but maybe just maybe they’ll take, we’ll go that direction. So with that, I think we are probably been chatting a long time here. I haven’t looked at the clock yet, but I’m sure that we have been. And I want to say hey, thanks for joining. If you got any last comments for our people that tuned in here.

Tom Broderick: Well thanks Camberley, it’s been great. It’s been great to work with you. And I do think this last aspect of what we talked about it’s going to be critically important for organizations, as they reign in that complexity while the threats only get more intense as we go forward. So awesome. Thank you so much. I really appreciate being here.

Camberley Bates: Thanks Tom for joining. I really appreciate you joining us.

Author Information

Camberley brings over 25 years of executive experience leading sales and marketing teams at Fortune 500 firms. Before joining The Futurum Group, she led the Evaluator Group, an information technology analyst firm as Managing Director.

Her career has spanned all elements of sales and marketing including a 360-degree view of addressing challenges and delivering solutions was achieved from crossing the boundary of sales and channel engagement with large enterprise vendors and her own 100-person IT services firm.

Camberley has provided Global 250 startups with go-to-market strategies, creating a new market category “MAID” as Vice President of Marketing at COPAN and led a worldwide marketing team including channels as a VP at VERITAS. At GE Access, a $2B distribution company, she served as VP of a new division and succeeded in growing the company from $14 to $500 million and built a successful 100-person IT services firm. Camberley began her career at IBM in sales and management.

She holds a Bachelor of Science in International Business from California State University – Long Beach and executive certificates from Wellesley and Wharton School of Business.


Latest Insights:

Six Five's Diana Blass heads to Dell Tech World, for a journey inside The Dell AI Factory, where AI-innovation has transformed nearly every industry vertical.
Company’s Strength Across Clouds Delivers Record Quarterly Revenue
Keith Kirkpatrick and Daniel Newman with The Futurum Group, cover Adobe’s Q2 FY2024 earnings, and the products, segments, and approaches that have propelled the company to a record quarterly revenue figure.
Steven Dickens, VP and Practice Leader, discusses Broadcom's Q2 2024 performance, driven by strategic investments in AI and the successful integration of VMware.
Oracle, Microsoft, and OpenAI Collaborate to Extend Microsoft Azure AI Platform to OCI to Ensure OpenAI Can Scale Fast-growing Massive LLM Training Demands
The Futurum Group’s Ron Westfall and Steven Dickens explore why the collaboration with OpenAI to extend the Microsoft Azure AI platform to OCI validates that Oracle Gen2 AI infrastructure, underscored by RDMA-fueled innovation, can support and scale the most demanding LLM/GenAI workloads with immediacy.