The Future of Commvault is Commvault Cloud

The Future of Commvault is Commvault Cloud

Chris EvansCloud, Commvault, Data Practice: Data Protection, Data Protection, Enterprise

Commvault Systems recently announced a pivot for the company, introducing Commvault Cloud, powered by Metallic AI.  Back in February 2021, we predicted Metallic would form the future of the Commvault business.  In this post, we look at the announcement of the new platform and discuss why Commvault and all data protection companies are headed towards the SaaS model.


Commvault Systems first announced Metallic at the Commvault GO event in October 2019.  Metallic is a software-as-a-service (SaaS) platform for data protection that initially targeted three categories of data – Core (virtual machines), SQL Server databases and cloud virtual instances), Office 365 (Exchange Online, SharePoint) and Endpoint (laptops and desktops).

In February 2021, we wrote an article highlighting how Metallic was clearly the future direction for the whole of Commvault as the data protection landscape started to evolve into cyber-security.  Metallic has been expanded and enhanced with a regular cadence, the details of which can be seen on the Metallic Release Notes web page.

Evolving Threats

Why were we sure that SaaS-based data protection was the future of the industry? 

Firstly, the diversification (and fragmentation) of enterprise IT has resulted in computing services being delivered across four main areas:

Four data locations, with a view on mobility
  • On-premises – the traditional core data centre, with closely located servers, networking, and storage capabilities.
  • Public cloud – one or more cloud computing environments that today could include IaaS and PaaS vendors, as well as bare metal and co-location services such as Equinix.
  • Edge – becoming increasingly important for businesses that have dispersed operations, either to collect data or to put computing and data closer to the end user.
  • SaaS – estimates range between 17,000 to 30,000 SaaS platforms in existence, many of which (for example, Salesforce) are used in operating a business, not just the IT component. 

From the time Commvault was founded as an enterprise software company in the late 1990s to the current day, we see a transformed technology landscape.  Data and applications not only exist across a broader ecosystem, but the interaction of those platforms is intertwined based on the best location to implement services.  Simply selling a data protection software tool is no longer enough to address all application backup requirements.

Second, the premise for which data protection is needed has expanded widely in scope.  Two decades ago, data protection (or even simple backup/restore) was used to recover from hardware and software failures, natural disasters (fire/flood) or user actions (either inadvertent errors or malicious deletion).  Today, ransomware has changed the threat landscape into one where the critical assets of a business (its data) are at risk every moment of every day.

A New World

Both diversification and ransomware have required a new dynamism in BC/DR processes.  Data protection solutions need to address the dispersed model of computing in which the customer may have no on-premises equipment and not want to maintain and operate any infrastructure.  A modern business could exist today using only SaaS applications, in which case data protection itself needs to be offered as SaaS.

The rapid evolution in ransomware threats means cyber-security software needs to be updated frequently with new threat awareness while potentially operating across dozens of locations.  For most enterprises, the administrative burden of maintaining this amount of infrastructure is untenable and so introduces significant risks for the business.

Ransomware also introduces the need for immutability and isolation between the primary copies of data and the protected point-in-time copies provided by the backup system.  If both copies sit within the same administrative domain, there’s a risk attackers could compromise primary and fallback copies of data, with no way to recover from a ransomware attack.


As we highlighted in a blog post from November 2022, data protection is changing.  IT organisations need to be more proactive with the way in which business data is identified, classified, protected, and recovered in the event of an attack or a “traditional” failure.  Aligned with the data protection process, IT teams need to monitor and identify potential threat actors within their network and react accordingly.  Even before that happens, networks and applications need to be reconstructed to implement zero trust, slowing down any potential attack and introducing many layers of defences between an attacker and data.

This holistic approach is not just one product but encompasses many tools, strategies, and processes.

Commvault Cloud

Now that we know what the process of data resiliency must entail, how does Commvault Cloud address these requirements?  The new SaaS platform brings together three critical features:

  • Data Security – Unified management and risk governance.
  • Advanced Intelligence – AI-driven threat detection and GenAI assistance.
  • Rapid & Reliable Recovery – Including new features – Cleanroom Recovery and Cloudburst Recovery

Starting with Data Security, Commvault Cloud delivers a single portal through which data protection on the four modern deployment models can be managed.  We hesitate to use the term “single pane of glass” because Commvault Cloud will include APIs.  Risk Governance enables data to be scanned for compliance, including (for example) identifying PII.  The first instantiation of a cloud portal was unveiled in June 2023 with the announcement of Commvault Cloud Command. 

Advanced Intelligence is a continuation of the AI-driven threat detection capabilities already in the Commvault platform.  The June announcement introduced Risk Analysis, Threat Scan, Auto Recovery and ThreatWise Advisor as new capabilities.  ThreatWise had previously been announced following the acquisition of TrapX.

With the announcement of Commvault Cloud as a SaaS platform, Commvault has introduced Arlie, a generative AI “co-pilot” that can generate code or perform real-time analysis of data protection levels. 

In addition to the existing capabilities for backup and recovery, Commvault has introduced two new features.  Cleanroom Recovery enables customers to test and validate the recovery process to gain confidence that, if required, backups are valid and will restore data back to production as expected.  Cloudburst Recovery implements the capability to restore data automatically into the public cloud for quick recovery into a ”green field” cloud environment. 


Underlying the Commvault Cloud platform is a further transition to Metallic as a core component of all Commvault solutions.  Over the last four years, Metallic has enabled Commvault to learn how to deliver SaaS and now provides the foundation onto which the additional features of Commvault Cloud can be built.  As we predicted, Metallic continues to be the future of how Commvault delivers data protection and data resiliency. The latest announcement emphasises that Metallic has become the engine of future Commvault data protection innovations.

The Architect’s View®

The IT industry is at a pivotal moment with respect to data protection and what we could term “data assurance”.  Modern business continuity processes now stretch backwards in time to the point before an incident occurs.  It is no longer enough simply to be able to recover after that incident.  Businesses need to minimise the threat of data loss, quickly identify any losses, and recover efficiently from them in the shortest possible time.

The process of protection and recovery is made more complex by the diversity of platforms and application deployment models.  This scenario can result in a series of complicated and risk-prone processes to protect data using many independent and essentially unconnected solutions. Data protection needs to be harmonised, not fragmented.

Commvault has made the next step on a journey that we believe will be the long-term destination for data assurance.  Data protection and data resiliency will be delivered as services because this is the only way to build in the dynamic and evolving set of requirements needed to beat the Darwinian problem of ransomware.

At this point in time, Commvault is in a relatively unique position, being able to deliver data protection on-premises, for the public cloud and for SaaS platforms as part of a distributed model.

Although all component pieces are available, Commvault has a long tail of heritage customers with existing backups and deployed infrastructure.  As we highlighted in this recent financial review, perpetual licence revenue is down but is still a significant income stream when combined with customer support (around 50% of total revenue in Q2 FY2024). 

Success for Commvault Cloud will, therefore, be measured by how well Commvault transitions existing customers away from perpetual licensing and support and onto the SaaS model. 

Commvault continues to execute well on a complete transformation of the business, which we believe will position the company as one of the leaders in data assurance for the next decade.

Copyright (c) 2007-2023 – Post #1bb4 – Brookend Ltd, first published on, do not reproduce without permissionCommvault is a Tracked Vendor by Architecting IT for data protection and storage systems. Commvault is and has previously been a customer of Architecting IT and Brookend Ltd.