In this segment from RSAC 2026, theCUBE Research’s Christophe Bertrand sits down with Commvault’s Anna Griffin, chief market officer, and Vidya Shankaran, field chief technology officer for security, to discuss the company's evolution into its next phase: the convergence of cyber resiliency and AI. The conversation explores how the rush to adopt AI has stalled many enterprise deployments due to expanding attack surfaces, compliance gaps and unchecked data risks. Griffin and Shankaran unpack the dual challenge of ensuring "resilience for AI" by protecting the entire data stack, while leveraging "AI for resilience" through responsible, human-in-the-loop governance. They also introduce "Res Ops," a continuous, operations-integrated approach to security and recovery that breaks down organizational silos and shifts the industry away from reactive, waterfall defense strategies.
The discussion also highlights the critical role of ecosystem partnerships – spanning integrations with Microsoft, CrowdStrike, Okta and Satori – in combating SecOps alert fatigue and securing unstructured data against emerging AI prompt vulnerabilities. Shankaran details how Commvault is positioning itself as the central "system of record for resilience," ensuring a unified platform that reduces vendor sprawl and operational headaches. Additionally, Griffin shares insights into Commvault's partnership with TIME to recognize the "CISO of the Year," underscoring how operational resilience and the security leaders who drive it are now fundamental competitive advantages for the modern enterprise. Ultimately, the interview provides a roadmap for achieving a continuous standard of clean, verified data recovery in the age of AI.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Register for RSAC 2026 Conference
Please fill out the information below. You will receive an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC 2026 Conference.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Sign in to gain access to RSAC 2026 Conference
Please sign in with LinkedIn to continue to RSAC 2026 Conference. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Anna Griffin & Vidya Shankaran, Commvault
At RSAC 2026 Christophe Bertrand of theCUBE Research hosts a focused conversation with Vidya Shankaran of Commvault, field chief technology officer security, and Anna Griffin of Commvault, chief market officer. Shankaran and Griffin present expertise in security market strategy and platform engineering. They discuss cyber resilience, resilience operations, Res Ops, platform unification and artificial intelligence, AI risk.
The segment explores Commvault’s evolution from traditional backup to a unified resilience platform, covering Satori integration ecosystem partnerships and the operational challenges of protecting AI data pipelines and vector stores. Griffin explains that Commvault’s platform helps de-risk AI projects by governing classifying and protecting data across the AI stack. They highlight Satori integration and ecosystem collaboration as essential for platform unification and automation. Shankaran emphasizes Res Ops as an operational discipline that merges people process and technology to enable continuous micro-recovery and resilience. Bertrand frames these developments as part of Commvault’s transformation and underscores the importance of automation and ecosystem integration for operational resilience.
This discussion provides practical insights for security leaders data protection professionals and infrastructure teams seeking strategies for AI risk management operational resilience and unified resilience platforms.
In this segment from RSAC 2026, theCUBE Research’s Christophe Bertrand sits down with Commvault’s Anna Griffin, chief market officer, and Vidya Shankaran, field chief technology officer for security, to discuss the company's evolution into its next phase: the convergence of cyber resiliency and AI. The conversation explores how the rush to adopt AI has stalled many enterprise deployments due to expanding attack surfaces, compliance gaps and unchecked data risks. Griffin and Shankaran unpack the dual challenge of ensuring "resilience for AI" by protecting the ...Read more
exploreKeep Exploring
How would you describe Commvault's transformation in recent years, and what phase is the company currently in?add
Why is Commvault relevant to customers right now, and what has changed to make it important?add
How does Commvault approach AI resilience and responsible AI, including protecting the AI stack (from source data to vector databases and analytics) and keeping humans in the loop?add
How does Satori complement your existing data protection and risk-analysis capabilities, particularly in addressing risks in structured versus unstructured data and preventing exposure via AI prompts?add
>> Welcome back to RSAC 2026 in San Francisco. I'm Christophe Bertrand, Principal Analyst with theCUBE Research. I am joined for this segment by two wonderful ladies, the yin and the yang of Commvault. We have Vidya Shankaran, your Field CTO for Security. So-
Vidya Shankaran
>> Thank you.
Christophe Bertrand
>> Very much apropos for this event, but we'll talk about that.
Vidya Shankaran
>> Sure.
Christophe Bertrand
>> And Anna Griffin, CMO. But it's chief market officer. So what does that mean?
Anna Griffin
>> That is correct. Chief market officer. It's a little different than chief marketing officer. I think it's important in any company in a strategic position and on the make to make sure that they're focusing on the market and not the ing, which is all the activities that take a strategic idea to market. So at Commvault, we're very much focused on the market and the role that not only we play, but where it's going and how it's going to benefit and our customers to be more competitive.
Christophe Bertrand
>> Right, exactly. And also the partners, we talked to some of your partners earlier today, so definitely a very important topic. So I look at Commvault, I've known Commvault for many years. I think probably over 23 years or so on the vendor side and then on the analyst side for the past few years. And I can see that starting in surprisingly 2019 when Sanjay Mirchandani came on board as president and CEO, things changed. Actually they changed within six months. That was a piece I wrote at the time for ESG. And to me, we're in phase four of the transformation of Commvault.
Anna Griffin
>> We are.
Christophe Bertrand
>> Phase one was Sanjay coming on board. Phase two was when you really started getting serious about the cloud. And what that means is you moved, you change your portfolio, you evolve the portfolio and you start providing services in the cloud with a product that I will not rename the brand because I didn't like it, but you changed it, which is great, which brings me to the third phase, which is you coming on board, as you mentioned, chief market officer. And I think that's the finally Commvault waking up. Remaking a lot of changes. And I really mean it. I've told you so in the past, but the truth is we went from a sort of shy, almost defensive company publicly that then finally came out of its shell. Love the videos, love also the re-architecting and the re-engineering of the whole marketing process, but in a context of understanding all of the facets of marketing, which changes the dynamic. And then phase four, I think is maybe when we look back, something that may have started a year ago, two years ago, maybe it's starting today. It's this combination of cyber resiliency meets AI. We're no longer in backup and recovery. This is a thing of the past. Which brings me to this question to both of you. I'll start with you, Anna, which is, why are you relevant now to customers? What has changed? Why is Commvault so important?
Anna Griffin
>> Yeah. Well, everyone is chasing AI. It only takes half a second in RSA to see AI, AI, AI. And the biggest... It's on everyone's agenda, clearly. But the biggest barrier to AI success isn't the technology. It's the risk. And Commvault and our platform has never been better positioned to help with risk. So when you think about risk, you think about data spread absolutely any and everywhere. You think about the AI attack surface getting larger and running at an automated pace. You think of compliance and regulatory real requirements around this new world. And you also think about just identity. Who is touching the data? What access do they have? Humans, agents, automated workflows. It's a very risky proposition. And what we see happening is in the race for AI, a lot of deployments are stalled.
Christophe Bertrand
>> Right.
Anna Griffin
>> People may be getting there fast, but they're getting there dangerously.
Christophe Bertrand
>> Right.
Anna Griffin
>> And that ability to be able to de-risk and go back to the structure of your data and understanding it and how to make it safe and able to feed the systems is critical.
Christophe Bertrand
>> Right. Yeah. There's no AI without data and-
Vidya Shankaran
>> Absolutely. That is true.
Christophe Bertrand
>> Data govern protected and resilience. So Vidya, what I'd like to do is ask you the question, the same question, but with a slight twist. Why is Commvault so important now? But is it data protection for AI or AI for data protection?
Vidya Shankaran
>> That's a fantastic phrasing, I would say. It's both because there are two sides of the same coin. When it comes to resilience for AI, that's exactly to Anna's point, it's definitely fraught with risk. That is a large surface area of attack by malicious actors. So what that essentially means is more and more businesses as they continue to rely on AI for their decision making processes, would you leave it out there in the open? Definitely not. That also means that if that entire AI stack is inaccessible to the business, what does that mean for the business?
Christophe Bertrand
>> Right.
Vidya Shankaran
>> So definitely resilience for AI is one of the key core pillars within Commvault. We want to make sure that customers are protecting every layer of that AI stack, starting from the source data to Anna's point, building up, all the way up to the vector databases, the analytics layer. Those are such integral parts of that AI stack that needs to be protected.
Christophe Bertrand
>> Right.
Vidya Shankaran
>> On the flip side, there's also the AI for resilience piece.
Christophe Bertrand
>> Right.
Vidya Shankaran
>> Like you rightly mentioned, it's the other side of the same coin. And that's where responsible AI comes in. From within Commvault, the way we adopt and embed AI within our framework has been definitely more towards keeping human in the loop with a responsible AI stance.
Christophe Bertrand
>> Right. And you brought up resilience multiple times, which brings me to Res Ops. And I'd like to talk to you about that. You introduced this concept at your event SHIFT. I think it was in New York. And to me, it makes so much sense. Actually, I've just talked to another organization that is bringing up this notion of operational resilience in the context of security centers as well, operation center. So tell us more about this. Why did you introduce it and why is it relevant to our viewers? Why should they care about it more than the traditional ways of approaching resilience?
Anna Griffin
>> Yeah. I think the industry for a long time has been siloed. And while we get incrementally better, that idea of bringing people and processes, but also the technology together. It reminds me so much of, I spent a little time in my earlier career in DevOps. And you think of going from a very waterfall process. And I think a lot of security and recovery was, okay, and then at the very end, we will now do the recovery. And when you can bring resilience and operations together, you can keep things the same way you do in DevOps. You keep it continuous.
Christophe Bertrand
>> Right. Right.
Anna Griffin
>> You take backups that had traditionally been static, if you will, and you make them very active. And so you're constantly looking at what data you have, how it's classified, who has access, how is it protected? And you're constantly scanning and looking at threats and changes in that policy assignment or access. And then you're recovering constantly micro recoveries, not just recovering at the very end. So then you're feeding back your data safely into-
Christophe Bertrand
>> Right. Right.
Anna Griffin
>> Not systems where you're not going to have this big problem at the end of a waterfall-
Christophe Bertrand
>> Right.
Anna Griffin
>> Like process.
Christophe Bertrand
>> And let's talk about that. Actually, Vidya, I'd like to ask you, how do you operationalize this? Because this is surgical recoveries potentially, but really there's a broader conversation here.
Vidya Shankaran
>> 100%.
Christophe Bertrand
>> So how do you make Res Ops something that is embedded in operations?
Vidya Shankaran
>> That's a fantastic point there because again, back to Anna's comment, right? Because this is definitely the coming together of the people, process, and technology elements of it. And a lot of times what happens is there are these inherent fractures within organizations and this serves as a driving catalyst to bring those, I would say, fractured components together, to think of the cyber resilience as a business problem. It's not a technology problem alone. So solving for the processes that needs to be embedded, the way you're going to structure, plan for it ahead of time, make sure that you're weaving in the best practice recommendations all the way from the top to the bottom, which includes not just the architecture elements, but also planning, preparation, and testing to build the muscle memory around all of that. That is where Res Ops has a significant role to play.
Christophe Bertrand
>> Right. So let's talk about how this is truly a market influencing move from your part. As I said, Commvault is not the shy company it used to be. You're doing other things. I mean, obviously Res Ops is a big deal, but Anna, you've also made some interesting announcements around TIME and CISO of the Year. So what message are you really trying to convey to the market?
Anna Griffin
>> Yeah. I love this program and I've always loved the brand TIME. They, particularly the past couple of years, talk about a brand that's been able to reinvent itself and bring itself back into cultural zeitgeist. And what I love is they've been doing a lot of that through recognizing people and trends. They have their TIME100 list and they have their TIME technology and data list of the top 50 leaders. And working with TIME, we were discussing why not the CISO. So we are going to make the 51st person on their list this year a CISO. And why? Because it is a job that is often thankless and recognized for the actual contribution that they make to a business. So many other functions get the credit for-
Vidya Shankaran
>> Yes. That is correct.
Anna Griffin
>> Strategic advantage and advancement and innovation. But man, keeping your business up and running and safe and guarded. And that is a competitive advantage. Just as much as a new technology innovation is a competitive advantage. And it's time they get a little bit of recognition they deserve.
Christophe Bertrand
>> Absolutely. And I would argue the CISO is probably the second most important person after the CEO. I mean-
Anna Griffin
>> Absolutely.
Christophe Bertrand
>> Maybe in competition, the CFO, TBD. CISOs would agree with that. Well, let's talk a little bit Vidya about your partnerships and Microsoft. While we spoke with NetApp earlier today, you also, I'm looking at the list, CrowdStrike, Okta, CloudSEK. I mean, the list of logos is very long. So tell me more about the partnerships.
Vidya Shankaran
>> The partnerships are definitely, I would say, are secret sauce. Not so secret, but still a secret sauce because that's the strength of what the customers benefit from as they consume Commvault as a solution, because it's the strength of the ecosystem partnership that truly bodes well for them from a 360 degree visibility point of view or contextualization of alerts and notifications. Because the reason why we are actively integrating with the ecosystem players, especially the large players, primarily because when you look at the ground reality of how teams function, especially on the SecOps side of the house, alert fatigue is a real risk. It's a real concern because what happens over time is you tend to kind of gloss over some alerts. You're like, okay, this is a plain vanilla one, but that is exactly what the malicious actor is hoping you would do because as resources slim down, you are running out of more hands and legs to help you with scaling of those operations. Those partnerships definitely help us with the contextualization.
Christophe Bertrand
>> So is the play to be the platform at the center of this sort of connective tissue?
Vidya Shankaran
>> Absolutely.
Christophe Bertrand
>> Okay.
Vidya Shankaran
>> I couldn't have said it better myself. That's wonderful.
Christophe Bertrand
>> Great.
Anna Griffin
>> I'll call it the system of record for resilience. In any moment, in any era of innovation or movement, a system of record always comes to the rise. And it's always an answer to a very fragmented solution set that forces the rise of ERP, the rise of CRM, because too many fragmented solutions force a, we need one solid view. So that is part of the strength of a platform, but we are at an inflection point with AI that you're going to have to have a system of record for resilience.
Christophe Bertrand
>> Right. So could you then maybe explain how the Satori component comes into play in this context? Because that was definitely a big move. Okay. Vidya, go ahead.
Vidya Shankaran
>> Yeah. Satori is definitely a huge complimentary capability that I'm thankful that we actually went that direction because when you look at the risk exposure that organizations have, especially from a structured and unstructured data point of view, a lot of times structured data does not really get the right kind of attention. And that is where Satori has been able to help plug that gap because for unstructured data, we have risk analysis module from within Commvault's capabilities. That's something that we've had for a long time. But for unstructured where you have Satori-like capabilities, not just complimenting us, but also providing the layer of protection against AI prompts that could potentially expose a whole world of information to a person who's trying to solicit data out of that LLM, I think that beautifully brings together some of the core capabilities from data discovery, to risk analysis, to exposing what the customer does not know is actually out in the open. I think that strings it all together succinctly.
Christophe Bertrand
>> Right. And I think this is where the concept of operational resilience has become also very critical, right? So if we think about it, right? We went from backup recoveries, data management to cyber resilience, to now cyber resilience in the age of AI with AI being both an actor and a bad actor, a good actor, and an infrastructure you have to protect. So Anna, if you project yourself or you're two years, few years ahead, where does operational resilience land? Is it becoming the standard, the norm, the standard to achieve? Is it just one more checkbox? What's your take on that?
Anna Griffin
>> No, I think it is the standard. It is the way we're going to keep the business continuous. Everything that we're discussing is not only capabilities, but they have to be automated capabilities and they have to flow in a way that can hold operations together. So I believe with more automation, operational resilience is... It is the green light. You're going to have red lights and green lights and you have to have to know when you can move forward and when you have to pause.
Vidya Shankaran
>> Yeah.
Christophe Bertrand
>> Yeah. No resilience, no business, right?
Anna Griffin
>> Right.
Vidya Shankaran
>> Exactly. And to add to what Anna just mentioned, right? And to also your point, it is definitely a standard, but it's a continuous standard because it's not a point in time. It's something that you're going to watch for continuously on a go forward basis. It's not a slice in time, and that itself lends to the fact that an incident response plan or the very strategy is a living and breathing strategy. It doesn't stop just because you finished something yesterday. It's continuously iterative.
Christophe Bertrand
>> Yeah. I mean, I think very clearly operational resilience is the precursor and the prerequisite to enterprise resilience and just to be in business, as much as having good, clean data, resilient data is needed for AI to do anything with AI. Any closing thoughts for our viewers, Vidya?
Vidya Shankaran
>> Yeah. In fact, to your point on the clean verified data, that's where we are seeing a massive industry-wide shift towards a more standardized nomenclature, which is mean, time to clean, recovery because the focus is on the operative world, which is clean. And the more verified and trustworthy that data is, the better it is for the businesses to adopt and move forward with it.
Christophe Bertrand
>> And Anna, your closing thoughts.
Anna Griffin
>> Yeah. No, I'll leave you with a tagline from our booth that says, "Unified resilience hits harder." No, we have a wrestling theme booth, so.
Christophe Bertrand
>> Oh, yes.
Anna Griffin
>> But it's so true, like unified resilience. I know it sounds like a tagline, but you cannot do what we're talking about if you are managing seven or eight different platforms that have been stitched together with OEMs or strategic alliances, like you'll never get to the speed and automation required to work in these systems in a way, not to mention the cost and the sprawl and the operational headache. So unification, so important.
Christophe Bertrand
>> Absolutely. And I think it's a natural continuation of one of the themes a couple of years ago, Fight AI with AI, and I remember that from SHIFT. So-
Anna Griffin
>> Yes.
Christophe Bertrand
>> Vidya, Anna, thank you so much for joining us.
Anna Griffin
>> Thank you, Christophe.
Vidya Shankaran
>> Thank you for having us.
Christophe Bertrand
>> And to our viewers, stay tuned with more coverage from RSAC 2026 in San Francisco.
Christophe Bertrand