At Commvault Shift 2026 in Mainz, CEO Sanjay Mirchandani and his team demonstrated why data backup alone is no longer sufficient.
At Commvault Shift 2026, over 400 IT professionals gathered in Mainz’s Hall 45. Amid AI-driven attacks, geopolitical upheavals, and the question of digital sovereignty, the conference painted a vivid picture of the situation. The numbers speak for themselves. While the event had 150 participants last year, this year there were over 400 guests. The market is listening.
Frank Dehne, Commvault’s Germany head, opened the day with a blunt assessment of the situation. Germany is no longer at the forefront of the world, the digital transformation is increasingly shaped by geopolitical factors, and children today naturally grow up with AI, just as they once did with calculators. The crucial factor is how well one is prepared for the course. His conclusion: Cyber resilience is no longer an option, but a necessity. The BSI speaks of a cyber-native Germany – but that is still wishful thinking, not a finding.
Commvault CEO Sanjay Mirchandani took the stage and illuminated the topic from a global perspective with American directness. “More agents than humans” – this concise formula describes the near future for him. AI agents take on tasks, act independently, and leave digital traces.
Mirchandani pointed to a business environment that was changing at a pace he described as truly unprecedented. The remark was no rhetorical flourish. It outlined the central argument of the entire event: that the proliferation of AI agents, fragmented data stores, and increasingly sophisticated attack vectors has rendered traditional approaches to resilience functionally obsolete.
Mirchandani made a point of distinguishing resilience from backup. The question organizations should be asking, he argued, is not whether data is being copied, but whether a business can actually recover. “Are you ready to recover?” he asked – a question less aimed at the technical audience in the room than at the boardrooms that set priorities and budgets. In Commvault’s understanding, resilience is an active state of operation, not an emergency plan gathering dust in a shared drive.
The Resilience Gap
CTO Darren Thomson built on this foundation. Executives, he said, are still asking questions that were relevant five years ago. In the meantime, the threat landscape has changed: Attack types are constantly changing, ransomware operators are now using AI to amplify their campaigns, and data poisoning – the corruption of datasets before or during recovery – has emerged as a standalone and underestimated vector. The Jaguar case, in which the company allegedly took seven months to recover from an attack, illustrated what Thomson called the cost of the resilience gap.
This gap, Thomson argued, lies between two teams that rarely work in sync: the CISO’s security function and the CIO’s business continuity function. Disaster recovery plans developed for physical incidents are increasingly known to criminal actors, who are incorporating them into their attack strategies. “Criminals know about DR plans,” Thomson said. The implication was direct: If adversaries have studied your playbook, the playbook must be changed.
Thomson referred to NIST 2.0 as a reference framework but emphasized that compliance and resilience are not the same. The cultural and procedural challenge – getting security teams and continuity teams to work toward common goals – is, in his view, as significant as any technical shortcoming. “Where was the plan?” he asked, referring to the long recovery times that characterize high-profile incidents. The answer is typically that the plan existed in isolation from the systems and teams needed to execute it under pressure.
ResOps: A Framework for Continuous Resilience
Commvault’s proposed answer is ResOps – a term that the company positions not as a product, but as an operational discipline. The framework describes a continuous cycle: discover, protect, recognize, restore, and recondition. Each phase is dependent on the others. Restoration without clean data, for example, carries the risk of reintroducing the very compromise a company is trying to escape.
Thomson outlined six components: resilience governance, which urges organizations to define their minimally viable business – the core functions that must withstand any incident; Recovery planning, including technical runbooks and dependency analysis; testing and chaos injection to verify readiness; measurement frameworks that go beyond traditional RPO and RTO metrics; identity-centric protection that covers who accessed what and when; and real-time anomaly detection for both data and access patterns.
The emphasis on identity is remarkable. Mirchandani described identity as the new game in the age of AI agents – the critical control point in an environment where non-human actors are increasingly surpassing human actors. Integrations with providers like CyberArk were mentioned as part of a zero-trust identity architecture that is integrated into the platform design.
Platform architecture: Scalability, simplicity, speed
The keynote moved into the technical realm and presented Commvault Cloud Unity as the architectural answer to the complexity of hybrid environments. The platform was designed to operate across multiple data centers and regions at the petabyte scale and is built around a single management interface—a deliberate decision given the fragmentation issue Mirchandani had previously identified. Data, the CEO had noted, is increasingly removed from its point of origin; therefore, the management layer must bridge this distance without increasing operational burden.
The Commvault Cloud Adaptive Fabric forms the foundation for core functions – discovery, backup, indexing, scanning, and recovery – with performance improvements for S3-based workloads being mentioned. Security is described as defense in depth across five layers: hardened operating systems, multi-layered security zones, zero-trust identity integration, source code-level encryption, and post-quantum cryptography from the ground up. The last point reflects the awareness that today’s encrypted data can now be collected and later decrypted when quantum capabilities become more advanced.
Strong partnerships
Particular attention was given to the new partnership with Stackit, the cloud brand of the Schwarz Group. Robin Hermann from Stackit made it clear that they want to become a European hyperscaler – sovereign, partner-oriented, and GDPR-compliant. Commvault now offers air-gapped storage on Stackit, meaning data storage that can be physically separated from the network. In line with this, Christian Kubik, Field Advisory Manager at Commvault, introduced the Geoshield concept: bundled sovereignty features where customers in cloud regions hold the keys themselves – a clear distinction from the classic SaaS model, where the provider controls everything.
Kubik emphasized the importance of partners for Commvault. HPE even appeared at the event as a Platinum Partner, and SVA, Bechtle, Computacenter, Hitachi, Fujitsu, and many others were also present.
Matthias Träger, Regional Sales Director Central Europe at Zerto, a subsidiary of HPE, emphasized the strong connection between HPE, Commvault, and Zerto, whose offerings complement each other to ensure continuous availability across platforms with AWS and Azure and to secure critical workloads. The new HPE StorOnce 5720 will soon be available as a comprehensive offering with Commvault to provide complete protection.
Customer panel
The customer panel in the afternoon provided a reality check. Daniel Rosgatterer from the Austrian IT security company Secutec has conducted over 200 ransomware negotiations and reported a dramatic escalation of the situation in the past six months. MFA systems are being bypassed, critical data is being stolen, and backups are being tested too infrequently, making them vulnerable to targeted destruction by attackers. His message: Anomaly detection is mandatory, hardware-based MFA is too – and this applies not only in the office but also at home.
Max Bachon from the LKA Hessen emphasized the importance of collaboration: Authorities alone could not handle it, international cooperation is essential. Participants from practice also spoke up: Lucas Nicholaus from the pharmacy service provider GFI explained how the mandatory electronic prescription requirement forces his organization to take emergency scenarios seriously. Mike Serke from KfW spoke of his company as the safest bank in the world and emphasized that one must not only comply with DORA but also test it regularly.
If Commvault Shift has shown anything, it is this: The question is no longer whether an attack will come, but when – and how well you are prepared to move on afterward. Resilience is not a catchphrase, but an operational necessity. And those who believe that a good backup is enough should heed the advice of Sanjay Mirchandani: “Are you ready to restore?” It’s a serious question.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de