Inside Commvault SHIFT 2025: The Future of Cyber Resilience and Automated Recovery

At its flagship annual event, Commvault SHIFT 2025, in New York, Commvault unveiled a slate of transformative innovations designed to redefine enterprise data resilience. Against a backdrop of growing ransomware sophistication—where nearly all attacks now target backup systems—Commvault positioned its Cloud Unity platform, alongside AI-powered capabilities like Synthetic Recovery, Threat Scan Advanced, and Cleanroom automation, as the future of clean, complete, and automated recovery.

I had the opportunity to sit down with Vidya Shankaran, Field CTO for Cloud, Security, and Emerging Technologies at Commvault, for a wide-ranging discussion on an array of themes. Vidya dived-deep into the latest Commvault announcements, shared insights on how cloud and AI are driving enterprise transformation, and highlighted the emerging challenges organizations face in securing hybrid, multi-cloud, and AI-driven environments.

Cloud Transformation: From Lift-and-Shift to Purposeful Strategy

“The shift is striking,” Shankaran said. “Cloud transformation has matured from a lift-and-shift mentality into a much more purposeful journey. Five years ago, enterprises largely migrated workloads without tailoring. Now they make strategic decisions on application refactoring or rebuilding, often embedding AI-centric design.”

She noted that the natural elasticity of the Cloud and ephemeral resources are now central to transformation strategies. “Organizations are not just moving workloads—they are rethinking them to take advantage of cloud’s scalability while ensuring resilience is built-in from day one.”

Hybrid and multi-cloud adoption, particularly in India, has become the norm, but it brings complexity. “Hybrid environments create fractured approaches. Many rely on siloed or native cloud protection tools, each with its own management plane. This fragments the cyber resilience narrative,” Shankaran noted. Unified platforms like Cloud Unity address this by providing a single dashboard across on-prem, cloud, and SaaS workloads. “It’s about seeing everything in one place, orchestrating recoveries holistically, and ensuring not just speed but clean, trustworthy data restoration.”

The AI Imperative and Protecting Modern Workloads

AI workloads introduce new challenges for enterprise resilience.

“It is not just data at rest anymore,” Shankaran said. “You have vector databases, trained models, and underlying infrastructure. If any of these elements are compromised, you can’t simply retrain models—the business doesn’t have the luxury of time.”

Commvault addresses this by enabling point-in-time recovery of data and AI workloads. “We protect the delta—the changes that matter most—so that organizations can get back to business almost immediately without losing critical intelligence.”

The company’s acquisition of Israeli cybersecurity start-up specializing in data security and access control, Satori Cyber, enhances real-time access governance. “Structured data governance combined with our existing unstructured data capabilities gives what I call a ‘Data Trust Resilience’ layer. Organizations can control who has access to what, and when, while ensuring sensitive data, like SSNs, is masked when necessary,” Shankaran explained.

Transforming Recovery: Threat Scan, Synthetic Recovery, and Cleanroom Automation

Recovery is no longer a passive exercise; it has become a strategic, AI-driven process. Shankaran elaborated:

“Threat Scan Advanced allows enterprises to detect suspicious files, newly encrypted assets, and evolving Indicators of Compromise across backup datasets. It’s about identifying contamination before you even start recovery. That’s the first step to clean recoveries.”

Synthetic Recovery is where the company believes it is breaking new ground. “Traditionally, recovery was a manual time machine—you would sift through backups, manually select clean points in time, and then validate them before returning data to production. Synthetic Recovery automates that entire process. Using AI, we synthesize clean data from multiple points in time, remove threats automatically, and get businesses back online faster. It’s a game changer.”

Cleanroom Recovery complements this by creating isolated, pre-configured environments where recovered data can be validated before production deployment. “We automate the build-out of cleanrooms with precise configurations, reducing manual errors and expediting decision-making during crises,” she said.

Identity and Data Governance: A Bedrock for Resilience

Identity security is often overlooked but vital.

“Identity is one of the most overlooked aspects of cyber resilience,” Shankaran emphasized. “It’s not just about human users—non-human identities in hybrid environments, AI systems, and service accounts are exploited all the time. Being able to roll back to a clean point in time for identities is just as critical as for data.”

This focus ties directly into emerging threats in AI. AI’s expansion has introduced new attack surfaces through deepfakes and automated identity spoofing, creating significant risk. Many organizations still rely on legacy identity synchronization with limited rollback.

“With deepfakes, voice spoofing, or malicious prompts targeting LLMs, identity governance is critical. Satori Cyber capabilities allows us to mask sensitive outputs and enforce real-time access controls, complementing our unstructured data threat detection capabilities.”

Commvault’s acquisition of Satori Cyber enhances real-time data access governance, allowing dynamic masking and fine-grained control over sensitive data. This integration builds a “fabric of data trust,” critical when feeding AI systems like LLMs where data sensitivity and privacy are paramount.

Competitive Differentiation: Synthetic Recovery as a Game Changer

Synthetic Recovery stands out by radically shrinking time to clean recovery through the automatic synthesis of clean data across backup snapshots. Traditional solutions force lengthy, manual efforts to validate clean points in time.

“No other solution today offers automated, AI-driven synthesis of clean data across multiple points in time. It allows businesses to hit the ground running, focusing on clean recovery rather than just speed. In cyber contexts, RTO and RPO are no longer sufficient metrics; the question is, how fast can you reach clean data?”

“We offer automated, intelligent synthesis at scale,” Shankaran said. In today’s cyber context, where rapid access to clean data matters more than just “speed,” this capability redefines recovery expectations.

Emerging Markets: Leapfrogging with Unified Resilience

Shankaran noted that while cybersecurity awareness is rising, many organizations still operate in fragmented environments. “Emerging markets have an advantage—they can skip years of trial-and-error. With unified platforms like Cloud Unity, they can bypass clunky legacy processes and adopt modern, AI-enabled resilience directly.”

Industries like BFSI, healthcare, and retail are particularly motivated. “Cyberattacks target these sectors because of the stakes involved. Unified recovery not only protects individual enterprises but also maintains resilience across supply chains,” Shankaran said.

Shankaran noted, “Emerging markets have an unfair advantage by skipping legacy pain points and adopting mature, unified platforms directly.” This is especially true in BFSI sectors, but also gaining momentum among traditionally slower adopters aiming to strengthen cyber defenses. While hybrid investments create some friction, compelling business cases around cost, performance, and operational simplicity are driving a clear migration path toward unified resilience solutions.

The Convergence of Cloud, AI, Resilience, and Sovereignty

Shankaran summarized the SHIFT announcements as a testament to the intersection of cloud computing, AI, cyber resilience, and data sovereignty.

“Resilience must be embedded from design through consumption, not retrofitted or treated as an afterthought. Our platform equips customers with 360-degree visibility across assets and environments, emphasizes responsible AI use, and moves data protection closer to the customer’s AI environments rather than displacing data unnecessarily.”

Agentic AI capabilities inherit stringent role-based access controls and zero trust security, ensuring autonomous AI actions remain within defined ethical and security boundaries.

As per Shankaran, “Recovery is not just about bringing infrastructure back online—it’s about ensuring the data is clean, trusted, and ready for business continuity. Enterprises are starting to factor resilience into every IT decision, whether it’s selecting a database, deploying vector AI models, or designing cloud-native applications. The market will increasingly demand that solutions come with resilience built-in by design.”

Looking Ahead: Resilience as a Requirement

Shankaran sees cyber resilience shaping enterprise infrastructure and AI investments.

“Enterprises will demand that every new technology—from vector databases to cloud infrastructure—be inherently resilient with APIs and capabilities to support rapid restoration. Enterprises evaluating new AI workloads or cloud strategies will increasingly ask, ‘Is this resilient? Can it recover quickly and cleanly?’ Any solution that can’t meet these expectations will struggle. Resilience is no longer optional—it’s a requirement.”

In Conclusion:

Commvault SHIFT 2025 highlighted a fundamental evolution in enterprise resilience. By blending Cloud Unity’s unified platform with Synthetic Recovery, advanced threat detection, Cleanroom automation, and strategic capabilities like Satori Cyber’s governance, Commvault offers a comprehensive, AI-empowered path to clean, complete, and automated recovery that meets the demands of complex modern IT environments and evolving cyber threats.

As Shankaran succinctly put it: “Recovery is no longer just about bringing systems back online. It’s about restoring trust, operational continuity, and business confidence. That’s the new standard for resilience in the AI and cloud era.”

By Prabhu Ram, Head of the Industry Research Group at CyberMedia Research (CMR). He attended Commvault SHIFT 2025 in New York at the invitation of Commvault, with travel and accommodation provided by the company.