kras99 - stock.adobe.com

Commvault CEO: We're a data protection, not security, company

In this Q&A, Commvault CEO Sanjay Mirchandani talks about record revenue, the changing landscape of data protection and how Commvault is responding.

The growing threat of ransomware is making some data protection companies focus more deeply on security. However, Commvault, a vendor that's been around for more than 26 years, is resisting the trend.

Doubling down on data backup and data protection may be paying off. Earlier this year, Commvault acquired TrapX Security, a cyberdeception firm, to further bolster its data protection capabilities. At the end of May, Commvault reported its overall earnings of $769.6 million for fiscal 2022, which ended March 31, 2022. The earnings marked an increase of 6% from fiscal year 2021, and Sanjay Mirchandani, president and CEO of Commvault, called it the "best year in our history."

In this Q&A, Mirchandani, who has served as CEO since 2019, talked about the company's strategy for data protection, why TrapX was such an important acquisition and how protecting customer data is still a central mission at Commvault.

Commvault just ended its best year on record. What strategies did you use?

Sanjay MirchandaniSanjay Mirchandani

Sanjay Mirchandani: When I came in, Commvault had leveled out a little bit and I came in to really reshape that. I use the mantra of simplify, innovate, execute. And that's what we've been on for the last three years: simplifying our business operations model and user interfaces, and then just getting our execution right. That's the transition we've been in. We wanted to come back to what I hold to be responsible growth and profitable, although we've always been profitable.

How have you moved the company back to responsible growth?

Mirchandani: There are a few things: really making things granular, so I can add on things as part of a roadmap as I proceed; building a forgiving architecture because building what's forever doesn't work anymore; and choice or being able to work with the ecosystem.

When I came in, we put a lot more focus on those three [principles]. When I talk about innovation -- make things granular, make things easier to use, make things forgiving -- [it's] because no two days are the same for our customers. That's really helped us, and if I had to take that up a notch, out of it comes through with our internal manifesto of what we call the 'Power of And,' our ability to give our customers the best on-premises capabilities, coupled with our SaaS brand, Metallic.

Commvault has been around long enough to be thought of as a legacy backup vendor. Do you think that fits still, or have you broken out of that?

Mirchandani: The analogy I use is: Would you trust your money to a bank that just popped up around the corner? Or would you trust your money with Wells Fargo, Bank of America or Goldman Sachs? … Our 25-plus years hold us in very good standing. The fact that Metallic is part of the combo family gives it instant credibility. Because if there's one thing we're going to do, it's backup data. It gives us credibility; it gives the product credibility [and] customers feel safer.

How has the increase in ransomware attacks forced the data protection market to evolve?

Mirchandani: There is a lot of core technology -- AI, ML -- that we build into our ransomware protection, because that's core, that's something we came up with a while back. ... We have Metallic storage, an immutable copy of your data -- whatever you choose to have as your crown jewels -- in the cloud, locked up. … There's policy around how you can restore that data, because bad things can happen with inside actors. It doesn't always have to be an external attack. We want to have processes and policies to make sure that the restore happens in a sensible way.

We bought a company out of Israel, TrapX, [in Feb. 2022] that I think will change the game for our customers. What they do is threat deception, cyberdeception. I'm oversimplifying, but basically it manages decoys in your [production] environment. And when something weird happens with a decoy, it's a red flag and it's a very high-quality signal. And if somebody inside or outside [signals] that there's a potential threat, then maybe you don't want to back up that server in your quarantine, you stop it because you don't want to backup that data and then bring back ransomware at some point.

We think that data protection and data security are getting very gray inside of IT organizations, and the more we can help customers proactively on the data security side, the better their data protection.

Some of your competitors have shifted to a security plus data protection message. Is this the next step in data protection?

Mirchandani: I am a big believer that our job is to protect our customers. … That's why we bought TrapX -- because the implementation of that is a proactive capability that works with all the moats and the walls and the signals on the outside, it works with all that to get a good quality signal that says, 'This looks weird; the data is perhaps possibly corrupt or compromised.' … We can then make sure that whatever we are backing up, it's the clean version of it, data that hasn't been tainted.

Data has never been more valuable or more vulnerable.
Sanjay MirchandaniCEO, Commvault

So, am I a security company? No. I'm a data protection, data management company. … The most prevalent conversation in data protection is ransomware, and that is a cybersecurity issue but that does not automatically flip me to being a cybersecurity company.

Storage vendors are adding protection features such as immutable backups. How does this play with data protection overall?

Mirchandani: It depends on the implementation and on the design of what the storage vendors might want to do. I have storage capabilities inside my product. We built immutability into our backups through that. Because it's integrated, if you buy an appliance, you get storage as part of it. And you can also use third-party storage. So those features in and of themselves are useful, and if we can leverage it, we can integrate better for our customers with it.

But sometimes it's confusing to customers because it's a piecemeal solution. It's not a full solution. It's not a company. Immutability is over there. Backups over here. … I honestly believe that piecemeal solutions, esoteric solutions are being questioned by smart people.

Adam Armstrong is a TechTarget news writer covering file and block storage hardware, and private clouds. He previously worked at StorageReview.com.

Dig Deeper on Data backup and recovery software

Disaster Recovery
Storage
ITChannel
Close