AWS re:Invent 2025 | Poojan Kumar, Commvault

Clips
More from AWS re:Invent 2025

Poojan Kumar

Chief Production Innovation Officer

Commvault

play_circle_outline Introduction by Dave Vellante at re:Invent 2025, focusing on data resilience and cyber resilience.

play_circle_outline Commvault's ResOps Model and AWS Recognition: Achieving Cyber and Business Resiliency Competency in Modern Operations

play_circle_outline Discussion on the impact of AI on data change and operational resilience requirements.

play_circle_outline Introduction of synthetic recovery concept for minimizing data loss in cyber incidents.

Info
Transcript

Poojan Kumar, Commvault

Poojan Kumar

Chief Production Innovation Officer Commvault

In this AWS re:Invent segment, Poojan Kumar, chief product and innovation officer at Commvault, joins theCUBE’s Dave Vellante to discuss the evolving definition of resilience in the era of agentic AI. Kumar highlights Commvault’s significant recognition at the event, including achieving the AWS Resiliency Competency and winning the Global Storage Partner of the Year award. The conversation centers on "ResOps," an operational model that converges security, identity and recovery to ensure continuous business operations. Kumar explains why traditional disaster r... Read more

explore Keep Exploring

What is the current event and who is the host speaking about it? add

What was introduced at the SHIFT event in New York City, and what problem does the term ResOps aim to address in the context of AI and cyber resiliency? add

What are the key features and capabilities of Commvault's platform in the context of the increasing penetration of AI in enterprises? add

What is synthetic recovery and how does it enhance data recovery processes in Commvault's cyber resiliency approach? add

bolt Powered by CUBE AI

Poojan Kumar, Commvault

search

Dave Vellante

>> Hi everybody. Welcome back to the Venetian in Las Vegas. My name is Dave Vellante and you're watching theCUBE's live wall-to-wall coverage of re:Invent 2025. This is day four. I'm picking up for John Furrier, who's at the GSA, the Global Semiconductor Association Conference in San Jose. We have been going wall to wall all week, Amazon execs, the ecosystem. We're going to focus now on data and data resilience, cyber resilience. ResOps is the hot new term. Commvault is here. Poojan Kumar, who's the chief product officer, chief product and innovation officer. Coming off a Commvault shift a couple weeks ago in the big Apple, it's great to see you again. Thanks for coming on.

Poojan Kumar

>> Thank you, Dave. Happy to be here.

Dave Vellante

>> So, you guys made a big sort of splash at SHIFT in New York City. We were at the Marriott Marquee, big customer event. You introduced this term ResOps, which is this sort of operationalizing, cyber resiliency, business resiliency, because it's not a product. It's an operational model. So, from your perspective, what problem are you really trying to solve with Cloud Unity and ResOps, and why now in this AI era?

Poojan Kumar

>> Yeah. Firstly, I want to start off with the re:Invent is a good starting point where we achieved the resiliency competency, right, this week, which again is a big testament to the fact that AWS recognizing Commvault as having both the technical expertise in terms of getting organizations back in the event of cyber attacks. And also, coming to your point, the Commvault product being at a place where it essentially has all the things what are needed to essentially deliver ResOps. And if you think about what that is, it starts with data security as number one, right? Number two is more about identity resilience. And last, it's about cyber recovery. So, if you look at the Commvault Unity platform and what we announced at SHIFT, it basically goes and addresses all of these things. And all of these things are essentially needed in the event for organizations to come back and have continuous business in the case of any disruptions. So, that's one big thing that happened this week with AWS. And the second thing that happened while we are on that topic is, we also received for the first time the Global Storage Partner of the Year Award.

Dave Vellante

>> Oh, congratulations.

Poojan Kumar

>> Which again, yeah, it's big news, which again, is a testament to basically saying that AWS recognizes us for our leadership in terms of cloud native, in data protection and cyber resilience, right, for AWS workload. So these are two big things that happened this week.

Dave Vellante

>> I mean, it's classic AWS. The customers, a lot of times it's still misunderstood. AWS announced something, Amazon backup or something like that. It's like, well, backup is one thing. There's this other thing called recovery, and there's so much engineering that goes into these products. But I want to come back to sort of the theme that I want to hit on today, Poojan. Sanjay, in his keynote, he called this, he said it was the most consequential moment in our industry. So my question is, what's fundamentally different about resilience now in this AI agentic world? We rethought resilience during COVID. We said, "Oh, the disaster recovery, that doesn't take care of it." And then we sort of scrambled to shore that up, and then the AI herd round the world hits. So, what's different now?

Poojan Kumar

>> Yes. So, I think if you think about it, what's happening, AI is really penetrating an enterprise. And so, what that does is with agentic AI, the rate of change of data and the number of applications is just , right? And so, what essentially happens because of that is resiliency becomes very, very important. And what I mean by that is, now when you look at all of the data changing at very rapid pace, if you look at the platform that Commvault has built, number one, the sheer breadth of the number of data sources that Commvault can handle, that's number one. Number two, the speed at which the platform can essentially do backup and recovery is unparalleled to anything else. Number three, with the whole focus on resilience, it starts off by essentially building a platform that gives you observability on your data, right? And then, governance on your data. So, that's number three. Then number four is, with all, again, the AI agents and these are non-human agents in a lot of scenarios, you essentially also have to look at identities that are going and manipulating your data. So there, which is where identity resilience becomes very important. And that's another big thing that we are doing with identity resilience where we are essentially allowing you to basically look at what is changing from your identity perspective. And in the event of something bad happening, we're able to essentially go and recover your whole entire identity platform. We do that for right now and we'll in the future do for Okta. And then the last one is, after doing all of these things, in the event where you are hit by an attack, this is a scenario not like a disaster where in the case of a disaster, you can still trust your data. In the case of a cyber event, you have to have a zero trust approach, and that is where it starts mattering where you need to essentially go figure out which point do I need to go and recover, right? And that essentially requires you to be able to, if you think about it, how should I describe it? So, historically, you would essentially have a choice between, oh, can I go back in the future and I'm guaranteed as a clean copy? Or if I don't go back, but then I have a issue of data loss. If I go back too much in..."

Dave Vellante

>> Yeah, your RPO window.

Poojan Kumar

>> Exactly. But if I really don't want to lose data, then I have this issue where I might basically not be able to show, not sure that my data is still, that I can trust. But Commvault for the first time introduce this concept, which is a patent pending concept where we allow you to do in the situation of recovery, do a thing called synthetic recovery, where you can do a combination of these two things where we can go back in time automatically for you and take the data that is not infected, and essentially minimize your data loss. So, synthetic recovery is a concept that we introduced at SHIFT, which essentially is groundbreaking. And not only that, after that, we allow you to take this recovery in a clean room, right? Where essentially, and we automate this whole thing for you, where you can essentially go test it out in a clean room and even pave and repave the operating system if needed, and make sure everything is okay before you go and overwrite, right? So, all of these things together, right, is the cyber resiliency platform and basically part of ResOps.

Dave Vellante

>> So, that was an interesting piece of the announcement for sure. Make sure I understand it, this synthetic recovery. So, you go back to a point in time which you absolutely know is safe, and irrespective of how much data loss, bring that back up so that you can work on that data. Yes, you understand there's a window that's not current, that goes into a clean room. And then, what happens? This is where your patents come in. What magic and secret sauce are you applying there that you can share? The timeframe on that's a function of obviously how much data and maybe the complexity of that data. Walk us through that whole process.

Poojan Kumar

>> So, I think firstly it starts with our capabilities around threat scanning capabilities, right? Which again, also we talked about at SHIFT, which is essentially you're able to look at everything that's happening in your environment, right, and essentially with AI models and stuff like that, we are able to know what is changing, any encryption that's happening and so on and so forth, right? So, that's the underpinning of the technology. And then, what happens in the case of an event when you need to go back, the Commvault platform, the Unity platform knows exactly what has happened in the past. And so, we are able to automatically go in the past and take all the clean stuff for you where we know this is not infected and this is something we can get back. So there, you don't need to worry about data loss because we know that stuff is clean. And for what stuff that's infected, because of our capabilities around threat scan, those are the only elements where we go back in time where we are going to a clean copy. Now you take all of these things, right? And you're able to take that data and go into a completely clean environment, right, in what we call a clean room. And there is where you can essentially instantiate this data along with operating system where you can essentially, even get a new operating system because you might not trust that there's malicious code in the OS potentially, and take the data and marry it with a brand new operating system. And there, that's where you can essentially go and test it out. And all of this is automated, right? You're basically clicking a button and we are able to essentially go and do this for you, for your data set, in a separate clean room environment.

Dave Vellante

>> Okay. And the time that it takes to do that, again, is a function of how much data, the complexity of that data, how much it is infected.

Poojan Kumar

>> Of course. Of course.

Dave Vellante

>> And then you report on, okay, this is ultimately how much data that you're going to lose.

Poojan Kumar

>> Exactly. And when we do that, we basically tell you, when we do synthetic recovery, we tell you what percentage of the data that we actually could get for you, which was you didn't have data loss and what percentage you essentially were infected objects or files.

Dave Vellante

>> So, you're taking that process that largely was human driven before automating it, and then ultimately the human has to make the decision as to what to do about the data that's lost.

Poojan Kumar

>> Absolutely.

Dave Vellante

>> How are we going to deal with that? But it essentially automates that entire cycle, which sometimes would take days or weeks.

Poojan Kumar

>> This is where continuous business matters, right? The whole object of cyber resilience is going and putting all these things together, is important because that essentially reduces the amount of time it's going to take for getting your business back, right? So, that's where the continuous business matters. But again, now add that on top of all of these things, we are also, to your point around how much time it takes is because we've also built a platform that's extremely fast and very efficient. So obviously, we'll do it at the fastest possible time.

Dave Vellante

>> So, correct me if I'm wrong, you're able to, I mean, I guess you could kind of do this manually before, but it's risky. Coming back, let's say you're 75% back. It's like I'll take Patrick Mahomes 75% over many QBs, right? You know what I'm saying? You come back, and maybe you're not a football fan, but an athlete that is hurt. Okay, well, you're still able to perform, maybe not at the same level, so your business can be at least partially up and running, which previously you'd really have to be careful about that.

Poojan Kumar

>> Absolutely. Again, see, again, some of these things are, if you do it manually, it takes a long time and it's very error-prone. Similar to our capabilities in the cloud, right? We introduced a capability again last year, I was talking to John Furrier about this whole capability around backtrack, same concept, but it's like you try to do it manually, it's going to take a long time. These are has to be one click, single click. I give you, obviously you ultimately make the final decision, but all of that complex stuff behind the scenes has to be automated for you.

Dave Vellante

>> And yeah, and you're right, humans make mistakes. I'd love to dig deeper into that, but I want to shift gears. So, you've got this sort of three, I remember you laid out at SHIFT, security, identity and recovery is sort of your three pillars or parts of the pyramid. I guess my question is, if you know well that the traditional backup is bespoke, one division has one backup, the edge stuff is another strategy, you got some different vendors in different parts of the company. So, you guys are putting forth a bold vision. Now, I have to buy into that vision. I have to buy into the strategic direction, first of all, and I think you guys did a good job of laying that out and what the strategy is. Okay, so check. Let's say I buy into that. But then I have to commit to a platform and basically say, "Okay, this is our cyber resilience platform going forward. We are going to, over time, standardize on this, and then commit going forward that we're going to add in whatever, new modules and innovations and hopefully you've got some flexible pricing for me if I make that kind of commitment." So, take me through the business case for doing that. I think that's what customers are going to have to think about, and what's the benefit of doing that? What are the risks of doing that? Why should I do that with Commvault?

Poojan Kumar

>> Firstly, I think the big catalyst for why you have to do this now is AI, right? Gone are the days where you could, as you very nicely described, you could basically operate in this siloed environment. In the world of AI, with the level of change that's happening and agentic AI, if you operate in these silos, you're never going to be in a situation where you're going to be able to recover in the event of a problem, right? And so, AI is the catalyst why our customers need to take a step back and say, "I actually need a single platform," which is what our Unity announcement has been. "I need to take a single platform that allows me to do this across the board. I cannot operate in silos anymore." So, that's the starting point. AI has been the big catalyst. But before that you're right, right? what's the forcing function? So, AI is the forcing function why customers absolutely need to do that. But now, with the Commvault platform, the way we have built the platform, the way the pricing structure is, we even announced that in shift, the cloud-based kind of pricing structure with integration with the marketplaces that we announced, it's consumption based, right? It's basically pay as you go. And Commvault is the most flexible, right, both in terms of the platform with Metallic, SaaS and the way we have software. And we even announced the Hyper Flex in talking to the cloud, so the separation of the control plane and data plane. So, all the flexibility exists. So, our customers love that flexibility and that flexibility is end to end, both in terms of the breadth of the workloads, both in terms of the comprehensiveness of the platform and in terms of the pricing, and in terms of picking and choosing what you need when you need it, right? So, all of the features also is not something like we're forcing somebody to take it day one. You essentially can pick and choose for which data sources, which applications you need these feature sets on the security side and for which you are willing to live without.

Dave Vellante

>> So, one of the questions I would have as a customer is, okay, I'm going to buy into a platform strategy. You've acquired a number of companies. Metallic, got you into the cloud piece, Satori, brought the governance. So, you've made these acquisitions. Are you cobbling together a bunch of bespoke acquisitions? What engineering have you done to integrate them? Convince me that it is a true platform that I can trust that is not going to end up with just a bunch of piece parts that don't work together.

Poojan Kumar

>> Absolutely. So, I think number one, I think if we look at Commvault's history, it's an engineering focused company, right? So, that's number one, that goes deep in our DNA, right? Which is where, again, this comes in. If you look at that acquisition that we made almost a year and a half ago, which is the Appranix acquisition, which is now the Cloud Rewind product, which is very .

Dave Vellante

>> Clumio is another one.

Poojan Kumar

>> Yeah, yes. It's very well integrated. Appranix, Cloud Rewind, which is very well integrated in the platform. Satori is very recent, obviously, the things are being worked on. But the focus is essentially to give that single platform an integration. These are not point solutions, and all of these companies came with very deep technologies. And combine that depth with the breadth of Commvault, that is what our customers ultimately are getting. So, absolutely. We are very engineering focused and we basically go and put that first, and everything else is second.

Dave Vellante

>> So, this really is not incremental. It's not just better backup. It's really new thinking on resilience as an operating model. So, what does that mean to a CIO in concrete terms? How does it relate to DevSecOps? Take me through sort of your thinking on the operating model.

Poojan Kumar

>> Absolutely. I think we introduced a concept of cyber resilience two years ago at SHIFT, right? And so since then, it has essentially become the norm in our industry. And now, we're essentially taking a more comprehensive approach with ResOps. But I think the roles of, if you think about the CIO, the CSO and the chief trust officer, some of these things are essentially collapsing. More and more organizations are forcing these folks to kind of work together because only once they work together, they can essentially go and make sure that their organizations are going to be cyber resilient. So, that's what we are seeing more and more. Same thing, back in the day, you had a backup administrator, but now you have in the cloud world, you have more DevOps, SecOps, and stuff like that. So, those folks making sure that your data is being backed up and protected, all of those policies exist. And we provide the single pane of glass, the single policy across all your workloads. We do all of that for that audience. And then for the CISO, the CIO and the chief trust officer, giving the cyber resiliency platform. But all of these folks are working together. So, most of our customers, we have all of these stakeholders working together and buying into this vision.

Dave Vellante

>> One of the things I wanted to push a product person on, and so I'm glad you're here is you gave an example at SHIFT. It showed CrowdStrike, Commvault, ServiceNow, and AWS, which is what the world looks like. It's heterogeneous and it's complicated. And you had this flow and the handoffs and how you sort of recover through that, but there are of course seams through all those handoffs. So, how do you sort of protect against those seams, creating errors, becoming further risks? How do you automate all that? Is it a game of, we just got to do the hard integration work with those partners? If so, you got a long list of partners I'm sure to work with, but can you explain how you see that working?

Poojan Kumar

>> See, the thing is fundamentally, I think if you think about it, there's a control plane and a data plane ,right? There's separation in the control plane and the data plane. So, the data plane is where we have our, think about it, which is where we got the Storage Partner of the Year Award, but this is where we have our, essentially our file system, which is deduplication, compression, and all of those things. That's the hardcore technology. That remains the same. It's a data set that changes. And this is where you integrate with each of these workloads. But ultimately, it still goes and sits in our data plane. And control plane is where the other constant thing with the user sees, and it's also API driven, which is where you have the policies and everything, and you make sure you build the policies and then you're attaching it to the data source. So, the data connectors, we have to go and build. The policies essentially work across data, sources and the file system and the underlying substrate has been solid, rock solid from day one. That's how we make sure that all of these things can work without any issues fundamentally.

Dave Vellante

>> There's so many topics that we could cover because it's typical Commvault, is when you start peeling the onions, there's a lot of innovation that we could double click on. But I want to end on AWS. You guys can do immutable air-gapped copies in AWS. You've got post quantum crypto, you've got zero trust integrations that you talked about before.

Poojan Kumar

>> And Iceberg, we launched the Iceberg support for AWS. We are the only ones who support the Iceberg format.

Dave Vellante

>> Right, right. Well, that's another whole thing. It's funny, because everybody is so concerned about governance, and at the same time, they want open table formats, which create governance. It's a new governance territory for them. And so, you have these countervailing forces. But so, you're approaching that with an architecture. So, what does that architecture buy a customer in a worst case scenario?

Poojan Kumar

>> See, ultimately I think it buys a customer peace of mind in the sense that we know that we have the ability to essentially go and detect threats. And in the event of something happening, we have the ability to make sure that we can essentially get your business up and running as fast as possible, right, because of the architecture we have built and because of the cyber resiliency platform that we have built. That's ultimately what we strive to achieve, to make sure.

Dave Vellante

>> Appreciate you coming in to theCUBE at re:Invent. It's been a long week, and thanks for all the work you're doing and look forward to future conversations. Thank you.

Poojan Kumar

>> Thank you very much, Dave.

Dave Vellante

>> All right. And thank you for watching. This is Dave Vellante for theCUBE team here at re:Invent 2025, live from Las Vegas. We'll be right back right after this short break.