RSAC 2026 is in the books, and Commvault once again reinforces its vision of cyber resilience by announcing features and integrations around the concept of Resilience Operations (ResOps). In fact, organizations should not treat security, data protection, and recovery as isolated domains. Instead, they should be integrated into a single operational model that helps companies identify, respond to, and prevent cyber incidents and, when necessary, recover from them.
Commvault’s ResOps approach focuses on how different teams and personas within an organization collaborate to build cyber resilience. From security teams and IT operations to platform engineers and compliance officers, resilience is no longer the responsibility of a single department. At RSAC 2026, this message became even clearer: resilience is not just about restoring data, but about ensuring that businesses can continue operating during and after an attack.
In this article, I’ll walk through some of the announcements and insights shared around Commvault’s approach, focusing on the expansion of the ecosystem, the integration of capabilities to classify and govern data, and improvements in threat prevention and recovery.
Strengthening Identity Resilience with Okta and CloudSEK
One of the announcements presented at RSAC 2026 focuses on the integration with Okta, expanding Commvault’s approach to identity resilience. Identity systems are often among the first targets in cyberattacks, but issues can also arise from operational mistakes or configuration errors. In these situations, having the ability to quickly recover identity data and restore access becomes critical.
With the new integration, Commvault extends its protection capabilities to Okta objects through policy-driven backups, ensuring that identity configurations and critical objects can be securely stored, including in air-gapped environments. This provides an additional layer of protection against attacks targeting identity infrastructure.
Another important aspect is the ability to restore access precisely and quickly: instead of performing broad or disruptive recovery actions, organizations can restore specific identity components, helping reduce downtime and limit the impact. This integration also reinforces Commvault’s vision of providing a single platform to protect identity systems across multiple providers, including Active Directory, Microsoft Entra ID, and now Okta. By centralizing protection and recovery capabilities, organizations can manage identity resilience more consistently across hybrid and cloud environments.
Commvault is also expanding its ecosystem by integrating with CloudSEK, which helps detect credential exposure across external sources. This allows organizations to identify compromised credentials earlier and take preventive actions before attackers can exploit them. Finally, the platform introduces automated response and rollback capabilities.
Classify and Govern Structured and AI data
Another important area highlighted during RSAC 2026 is the ability to better classify and govern both structured data and AI-related data. As organizations increasingly adopt AI and data-driven applications, visibility into how data is stored, accessed, and used becomes critical for both security and compliance. With Commvault Cloud Data and AI Security, organizations can discover, classify, and assess their data environments to gain deeper visibility into potential risks.
Once data is classified, organizations can leverage a reporting and action layer focused on posture management, similar to a Data Security Posture Management (DSPM) approach. This allows teams to continuously monitor th
e state of their data environments and take corrective actions when misconfigurations or exposure risks are detected.
Going further, Commvault integrates Satori to enhance data access governance: this helps organizations control and monitor how data is accessed across different environments and workloads by humans, automated processes, or Agentic AI. With proper guardrails, organizations can control real-time access to structured data and monitor how it is used by applications, AI models, and generative AI systems.
In addition, the platform provides reporting capabilities on data access and usage, helping organizations address privacy and compliance requirements while maintaining visibility into how sensitive information is “used” across the organization.
Advancing Threat Detection and Recovery
Another important topic discussed at RSAC 2026 is the risks during incident recovery to reintroduce threats (reinfection). Restoring systems without validating data in a controlled environment (clean room) can lead organizations to bring back compromised data or malware. To support this, Commvault introduced new Threat Scan Modes designed for advanced threat hunting. These include Hyper Threat Hunting and Deep Inspection, which leverage AI-driven analysis to identify suspicious patterns, even within encrypted datasets.
Finally, the integration with Microsoft Sentinel, particularly with the Sentinel Data Lake, enables the use of broader AI-driven threat intelligence insights. In this way, Commvault signals can become visible to Security Operations Center (SOC) teams, combining threat scans with risk analysis to provide a more complete security context. The introduction of a Copilot Investigation Agent helps security teams analyze incidents and determine the appropriate recovery actions more efficiently.
To conclude, it will also be interesting to take a closer look at what emerged during the sessions at Tech Field Day Extra at RSAC 2026 (Commvault’s recorded session here: https://techfieldday.com/event/rsac2026/), and don’t forget to check the official wrap-up post on the official site blog section: https://www.commvault.com/blogs/six-things-you-might-have-missed-at-rsac.
Stay tuned for upcoming posts about Commvault and ResOps.