The industry is talking about cyber resilience like it is a new brand of coffee, but it is really the evolution of disaster recovery for a world that is actively trying to destroy your data. We used to care about floods and fires. Now we care about a malicious actor lurking in Microsoft Entra ID for three months. Commvault is doing something important with their ResOps framework and the approach it takes is a vital change. It is about getting IT and security on the same page before the incident response call starts. Traditional disaster recovery is dead because it assumes your backup is clean. Cyber recovery assumes it might not be.
Recently, we had a chance to learn more about Commvault Unity and the ResOps approach to data protection during Tech Field Day Extra at RSAC 2026. Specifically, I wanted to touch on the way they handle identity and data recovery.
Identity Is the New Frontier
Identity is the pivot point for every modern attack. If you are still treating Active Directory like a “set and forget” utility, you are already behind. Attackers do not break in, they log in. They grab a token, escalate to a domain admin account, and then they own your enterprise. Resilience means having the ability to see that attack chain clearly. We need to be able to look at the timeline and say exactly when a malicious actor added themselves to a sensitive group. We need to roll back that specific change surgically instead of nuking the entire directory and losing hours of legitimate work. Commvault is extending protection to identity providers like Okta and Entra ID because they realize that identity is the new perimeter. If you lose your identity provider, you lose your ability to log into the systems you are trying to recover.
Standardizing the recovery flow for these identity systems is a massive win. Historically, recovering a complex Active Directory forest was a manual nightmare that required specific expertise and a lot of luck. Now, the goal is to make it look and function like recovering a standard system. This level of consistency creates a reliable path out of a crisis. It removes the friction that usually leads to mistakes during a high-pressure recovery event.
Real Recovery Instead of Guesswork
Traditional recovery is often a blunt instrument. You go back to yesterday’s backup and hope the malware was not already there. Commvault Synthetic Recovery is much smarter. It uses AI-driven anomaly detection and YARA rules to scan the backups. It identifies which files were hit by ransomware and which ones are still clean. Then it pulls the last known good version of every individual file from across your backup history to create one clean composite restore point. It is automated and surgical. It saves you from the guesswork that usually defines a midnight recovery session. You get an impact report telling you exactly what is being replaced and why. This level of transparency builds trust with the executive team because you can actually prove the data is clean before you flip the switch.
You cannot just restore a compromised environment back into production and cross your fingers. That is how you get reinfected in twenty minutes. You need a clean room, which is an isolated recovery environment. It is a sandbox where you can lift and shift your entire infrastructure to verify it works. You can run forensic tools on infected data without risking the live network. It is the final sanity check. Automated rebuilding of the operating system using a pristine image while layering the data on top is the gold standard here. If the application functions in the clean room, it will function in production.
AI Protection, Automatically
Then there is the generative AI explosion. Everyone wants to run retrieval augmented generation workflows with their internal data, but few people are thinking about the personally identifiable information leaking into the model. The Commvault integration with Satori acts like a checkpoint at the start and end of the pipeline. It redacts sensitive info before it even hits the large language model. If someone tries to feed a database of social security numbers into a prompt, the system blocks it and alerts the security operations center. This creates a self reinforcing loop. You find the leak, you patch the policy, and the security posture gets stronger over time.
Bringing IT All Together
The gap between IT operations and security teams has been too wide for too long. Resilience is not a feature you buy, it is a state of being you achieve through automated testing and deep data discovery. If you cannot recover your identity provider with the same confidence you recover a file share, your business is fragile. You have to have a solution that treats identity like a crucial part of the business, not just a secondary utility.
Synthetic recovery and clean room validation are not luxuries anymore. They are the baseline for maintaining business continuity. We have to stop thinking about backups as a digital insurance policy and start treating them as an active part of the security stack. The ability to surgically roll back an identity compromise or scrub an AI pipeline of sensitive data is what separates a minor incident from a company-ending disaster. Protect the identity, validate the data, and automate the recovery. Everything else is just noise.
If you’d like to learn more about Commvault Unity and all the aspects of data protection it encompasses, make sure you check out their website at https://www.commvault.com. If you want to watch the entire Commvault presentation from Tech Field Day Extra at RSAC 2026, you can find the videos on their presentation page here.
