In a wide-ranging talk with CIO&Leader, Balaji Rao, Area Vice President, India & SAARC, Commvault, shares his views on AI’s evolving role in business strategy and cyber defense.
Commvault, a global provider of data protection and recovery solutions, has been sharpening its focus on AI-driven offerings to meet the evolving needs of modern enterprises. The company acquired Clumio for $47 million—a strategic move that bolsters the Commvault Cloud platform and addresses underdeveloped market opportunities around Amazon S3 object storage workloads. This acquisition underscores Commvault’s commitment to helping organizations strengthen their data resilience, building on its long-standing expertise in collaboration with Microsoft Azure while expanding its reach within the broader cloud ecosystem.
In a recent interaction with CIO&Leader, Balaji Rao, Area Vice President, India & SAARC, Commvault, delved into how AI is reshaping business strategy and fortifying cyber defenses. “AI has moved past its support role in IT,” he remarked. “While it strengthens cyber defense, its real value lies in helping firms build resilience and create business value.” Rao also emphasized the importance of real-world simulations to rigorously test recovery plans, ensuring organizations can effectively safeguard critical information. Edited excerpts from the conversation follow.
CIO&Leader: How do you see AI evolving as a core component of business strategy beyond traditional IT operations, especially in the context of cybersecurity?
Balaji Rao: AI is evolving from a support role in IT to a key part of business strategy, transforming how organizations build resilience and create value. In cybersecurity, AI has shifted from a passive defense tool to an active, predictive system that accurately anticipates and neutralizes threats.
Companies are now integrating AI to improve operations, enhance resilience, build customer trust, and ensure long-term sustainability. But it’s important to recognize that AI is only as good as the data it’s trained on and the design of its models.
AI can produce errors, be manipulated, and must be carefully monitored. Moreover, it can potentially expose sensitive information or generate misleading, incorrect results. As such, AI demands rigorous oversight and precise management to ensure its responsible and secure use.
We see AI as a force that goes beyond reactive measures to redefine how organizations approach cybersecurity and data protection. The vision is to position AI as a technological enhancement and a fundamental architectural component of enterprise data protection and cybersecurity.
CIO&Leader: With AI increasingly disrupting traditional paradigms in cybersecurity, how do you envision enterprises balancing adopting AI-driven security solutions with the challenges posed by AI-enabled threats, particularly as they shift toward cloud-native environments?
Balaji Rao: Balancing AI-driven security with the challenges posed by AI-enabled threats requires a proactive, strategic approach. Enterprises must see AI as a key enabler of business resilience, leveraging its capabilities to overcome adversaries while addressing the unique challenges of cloud-native environments.
One way to address this is by incorporating an early-warning layer into the organization’s defense strategy that seamlessly integrates into their cloud-native environments while enabling real-time threat detection, monitoring, and prevention.
Additionally, enterprises must invest in robust governance frameworks that ensure AI’s ethical and responsible use. This includes fostering transparency through explainable AI, maintaining audibility, and implementing continuous testing to detect and remediate potential biases or flaws in AI models.
Collaborative efforts between enterprises, cloud providers, and cybersecurity vendors will be essential in developing shared intelligence that enhances resilience across the ecosystem. By striking the right balance between innovation and vigilance, enterprises can harness AI to secure their cloud-native environments while staying ahead of emerging threats.
CIO&Leader: Considering AI’s dual role in enhancing and challenging cybersecurity, how does Commvault approach the ethical challenges of AI and data governance to strengthen cyber resiliency?
Balaji Rao: We understand that AI is a powerful tool and a potential risk in the rapidly evolving cybersecurity landscape. As organizations use AI to protect digital assets, we focus on using AI effectively while upholding strong ethical standards and data governance practices.
Our strategy’s core is the commitment to responsible AI implementation that prioritizes transparency, privacy, and security. The company has implemented advanced AI algorithms that enhance cyber resiliency through intelligent threat detection, predictive analytics, and automated response mechanisms. These AI-powered tools can identify potential security breaches, analyze complex data patterns, and provide real-time insights that traditional security approaches might miss.
As such, data governance plays a critical role in our AI-driven data protection framework. With more organizations subjected to regulations, we have established stringent protocols to ensure that AI systems are developed and deployed with explicit safeguards against potential misuse or unintended consequences.
This includes partnering with industry leaders in data security posture management, implementing robust data anonymization techniques, developing clear consent mechanisms, and maintaining strict access controls that protect sensitive information.
CIO&Leader: While Commvault emphasizes its leadership in cyber resilience and data protection, constant disruptions from technological advancements like AI and unforeseen global events continue to emerge. How do you plan to address these challenges in the upcoming year by leveraging AI in your strategies?
Balaji Rao: Ransomware threats are evolving rapidly and are driven by AI and an evolving business landscape. We recognize that these disruptions are not temporary but the new normal. Our AI-driven approach combats ransomware by creating adaptive resilience mechanisms beyond conventional backup methods, delivering air gap protection, and keeping the data safe and resilient.
Business continuity is at the heart of our AI strategy. Our solutions, like Commvault Cleanroom Recovery, are designed to enable businesses to test their incident plans and recover from attacks quickly with a clean, uninfected copy of data, ensuring data integrity and availability. This approach transforms cyber resilience from a defensive posture into a business enabler, allowing organizations to maintain operations, protect critical assets, and safeguard customer trust, no matter the threat landscape.
In the event of a cyberattack, restoring a cloud application to a point before the attack helps minimize downtime and operational disruption. Hence, we launched Commvault Cloud Rewind, a capability that goes beyond traditional backup paradigms by offering an automated system that can inventory, backup, and restore an entire cloud application, along with all its dependencies. The significance of this kind of capability can’t be overstated, particularly for organizations that leverage public clouds to run their key applications.
As global disruptions become more complex, we will continue to innovate with AI-powered tools that can detect zero-day threats, identify anomalies, and strengthen recovery processes.
CIO&Leader: Given AI’s disruptive impact on traditional cybersecurity models, how is Commvault balancing innovation in areas like AI and cloud services with the necessity of ensuring strict regulatory compliance?
Balaji Rao: We address the intersection of AI innovation and regulatory compliance through a multidimensional strategy prioritizing data protection and technological advancement. Our approach integrates advanced technologies with robust governance frameworks to meet evolving regulatory requirements like India’s DPDP Act.
As GenAI escalates cyber threat sophistication, we have deployed AI-driven tools for anomaly detection, automated remediation, and rapid recovery. For example, integrating AI-enhanced threat scans with leading SIEM and SOAR platforms enables faster risk identification and containment, ensuring that enterprises can stay ahead of malicious actors.
Additionally, our cloud services address compliance imperatives by ensuring secure, encrypted storage of Personally Identifiable Information (PII). For instance, our cloud services provide automated evidence collection and risk management features, which empower organizations to adhere to stringent requirements while maintaining operational agility. These features align with regulations that demand localized data storage, retention, and governance.
Resilience and recoverability are core to our strategy. Solutions like immutable storage and AI-driven backup scanning act as early warning systems against potential breaches, ensuring regulatory adherence and enabling swift operational restoration after cybersecurity incidents.
CIO&Leader: With the rise of AI-enabled cyber threats and more companies adopting long-term hybrid and remote work models, what new challenges do you see emerging in securing data across distributed teams, and how is Commvault leveraging AI to address these issues?
Balaji Rao: The shift to hybrid and remote work models has increased the complexity of securing data across a distributed workforce. AI-enabled threats, including phishing attacks, deepfakes, and AI-generated malware, have enhanced these vulnerabilities. Cyber criminals use GenAI to automate and scale attacks, making traditional security measures insufficient.
Commvault Cloud effectively tackles these challenges by combining security, AI, and recovery to enable faster threat detection, accelerated response, and clean data recovery. AI capabilities like anomaly detection and automated recovery enhance defenses against sophisticated threats.
At the same time, features such as Cleanroom Recovery offer a secure, isolated environment for testing recovery plans and conducting forensic analysis, ensuring business continuity without costly duplicate infrastructure.
Commvault also integrates tools like “Arlie”—our AI-Copilot—which consolidates data insights and delivers actionable intelligence to mitigate threats in real-time. This comprehensive approach ensures resilience against evolving threats in complex, distributed cloud environments.
CIO&Leader: What emerging tech trends are you looking forward to in 2025?
Balaji Rao: In 2025, GenAI models could open doors to novel attack vectors, particularly in social engineering and data manipulation. Analysis is a powerful use for AI that hasn’t received much attention. The data we share, data stolen, and data sold by brokers are examples of data that, with analysis, would create vectors of attack that will look legitimate. Vigilance and robust defenses will be crucial to protect against these sophisticated, AI-enabled threats.
In response, CISOs will need to adopt a more autonomous defense posture to protect against increasingly sophisticated AI-powered cyberattacks. These attacks will range from manipulating real-time social media data to launching personalized, hard-to-detect phishing attempts that can easily fool employees and ultimately penetrate company defenses.
Organizations must level up employee training to combat these threats and leverage AI to counter AI-driven tactics. CISOs can lead the charge by fostering a strong security culture, continuously educating employees, and implementing rapid anomaly and threat detection capabilities to mature their cyber resilience strategies. This proactive approach will help organizations transform potential disruptions into minor hiccups rather than prolonged crises.
We need a clear pivot towards ‘right of bang’ thinking, shifting focus to what happens after an inevitable breach (the ‘bang’), aiming to build resilience in the center of business operations. This shift acknowledges that cyber threats are not solely issues for IT departments but entire businesses. Ultimately, the business goal should be to become cyber mature and defined by a robust recovery plan, awareness at all levels of the organization, and a strategic emphasis on resilience.
While we’re seeing many organizations beginning to think this way, they often miss one vital step: testing their recovery plans. A plan isn’t effective until you’ve tried and tested it to ensure it works for your business. With varying international regulatory standards, businesses must create frameworks adaptable to multiple compliance landscapes. Establishing agile compliance practices could differentiate leaders in the cybersecurity space.
CIO&Leader: What is Commvault’s roadmap for 2025?
Balaji Rao: Our roadmap for the coming year focuses on advancing cyber resilience, driving innovation, and strengthening our presence in India. A key priority is expanding Cloud and SaaS offerings to deliver scalable, secure solutions tailored to Indian enterprises in sectors like BFSI, healthcare, public sector, and manufacturing, where data compliance and security are crucial.
We plan to drive innovation in AI and automation to further streamline data management workflows and improve cyber resilience. This includes the continued development of solutions like Cleanroom Recovery and Cloud Rewind, which are pivotal in enabling end-to-end recovery for organizations in case of unforeseen events.
We are also expanding our presence in India by investing in local talent and resources. Our new facility in Coimbatore will focus on delivering tailored solutions for our Indian and Global customers around cloud-native application recovery, AI-driven data management, and regulatory compliance while building expertise in cloud engineering and cybersecurity.
Customer experience remains central to our vision. Through tailored, industry-specific solutions and strategic partnerships, we will continue to enable business continuity and help enterprises protect and manage their evolving digital infrastructures.