Analysis: Commvault Systems, Inc. announces Q1 FY2026 financial results

Analysis: Commvault Systems, Inc. announces Q1 FY2026 financial results

Chris EvansAnalysis, Commvault Systems, Inc., Data Practice: Data Protection, Data Protection

Commvault Systems, Inc. has announced financial results for the first quarter of FY2026, the period ending 30th June 2025.  Total revenue rose 25.5% to $282 million, compared to Q1 FY2025.  Subscription revenue was up 46.5%, mirrored by the reduction in Perpetual Licence revenue, which was down 46.6%.  Commvault continues to show that the subscription (and SaaS) model is increasingly the preferred solution for customers.

Background

Commvault Systems, Inc. has published financial data for Q1 FY2026 (the period ending 30 June 2025) on 29th July 2025.  For the quarter, revenue increased 25.5% compared to Q1 FY2025 at $282 million.  Within this figure, Subscriptions rose 46.5%, balancing the reduction in perpetual licences (which fell 46.6%).  Within Subscriptions revenue, the SaaS contribution rose 65.9%, representing the fastest-growing segment for the business.

We present the data as four graphs, labelled Figures 1 to 4.

Growth

As we’ve reported in previous quarters, SaaS revenue and Subscriptions overall continue to be a growth area for Commvault.  The company is rapidly transforming away from perpetual licensing to a more flexible model based on subscription revenue, which we see fuelling growth.  The trend is most notable in Figure 3, which shows the quarterly change since FY2016.

Acquisitions

To drive the growth in revenue, Commvault has acquired several businesses to build out the portfolio of solutions under Commvault Cloud.  These include TrapX, Appranix, Clumio and most recently Satori Cyber Ltd.  The logic here is obvious; it is quicker to acquire than build, in a market where gaining the lead in SaaS is the key to success. 

The reason for this is simple.  Data protection is a “sticky” business, where customers are implicitly locked into their platform of choice.  Moving from one supplier to another is perfectly possible, but backups and archive data have a long tail and are not portable.  This results in the need to run multiple platforms for many months or years, with the added complication of tracking which application was managed by each vendor at any moment in time.

So, Commvault is expanding its reach and TAM by buying and integrating solutions into the Commvault Cloud.  The SaaS consumption model is perfect for this approach, as Commvault manages all the integrations behind the scenes.  Initially, that integration process may be with string and sealing wax, but over time, Commvault’s R&D team can streamline the products to create a consistent look and feel.  As a side benefit, acquisition also brings new customers. 

The Architect’s View®

Commvault continues its reinvention.  The success of this process validates the SaaS model for data protection and business continuity.  As we highlighted in the Q3 FY2025 analysis, we see four future opportunities for the company (and competitors).

  1. Proactively mitigate attacks before they occur.
  2. Detect and respond to attacks as they occur.
  3. Provide timely recovery in the event a ransomware attack or other incident happens.
  4. Provide forensic diagnostics to address the root cause of any data loss scenario.

In this list, we believe that Commvault has focused heavily on points 2 and 3.  These are traditional data protection strengths and a model of the backup business over the last four decades or more.

Points 1 and 4 perhaps need more development, because prevention is infinitely better than cure.  The challenge for Commvault (and all data protection vendors) is to build solutions that further integrate into the core of applications and infrastructure.  Ransomware (and malicious attack) mitigation and protection means zero-trust networking and much greater co-operation between SIEM/SOAR platforms and the data protection environment.

In previous presentations, Commvault has discussed integration with networking & security monitoring platforms, but more from an incidental perspective than a strategic one.  Of course, it becomes a challenge to decide where the “locus of control” should exist for data and network protection.  Should data protection systems simply provide data to SIEM/SOAR platforms, or should it be the other way around?

As we look forward to 2026, we expect to see greater emphasis on detection and prevention from data protection vendors.  This means addressing networking security (zero trust) and credentials management.  Should this be achieved with acquisitions?  For once, this could be an area where partnerships are better, but we wait to see how Commvault will address the challenge.


Copyright (c) 2007-2025 – Post #21c1 – Brookend Limited, first published on https://www.architecting.it/blog, do not reproduce without permission.