RSAC 2026 drew the security industry’s full attention to Moscone Center last week, and the conversations that mattered most weren’t about detection — they were about recovery. Against that backdrop, Commvault presented ResOps Powered by Commvault Cloud Unity at Tech Field Day Extra at RSAC 2026, crystallizing where enterprise cybersecurity strategy needs to go next. What Commvault delivered wasn’t a product pitch; it was a framework shift — from reactive recovery to continuous, measurable resilience operations. And anchoring that shift was a concrete, consequential announcement: the expansion of Commvault’s Identity Resilience portfolio to include Okta, alongside its existing support for Microsoft Active Directory and Entra ID.

The Rise of ResOps

Commvault’s articulation of Resilience Operations — ResOps — represents a fundamental rethinking of how organizations prepare for and survive cyberattacks. ResOps isn’t disaster recovery rebranded; it’s the convergence of people, processes, and technology into a continuous, proactive discipline structured around the NIST framework stages: Identify, Protect, Detect, Respond, Recover. Where traditional disaster recovery (DR) treats recovery as an endpoint, ResOps treats resilience as an ongoing operational posture.

The threat environment demands exactly this. Threats move at speeds that legacy operations simply cannot match — breach-to-lateral-movement can occur in as little as 43 minutes, a timeline that renders manual, siloed responses irrelevant. Silos kill response time: backup teams, SecOps, and identity admins all need a single source of truth to mount a coherent defense and recovery. ResOps bridges those silos through unified visibility, automated runbooks, and anomaly detection feeding directly into recovery workflows. Commvault isn’t inventing this concept out of whole cloth — the company is codifying patterns it observed across thousands of customer engagements, translating operational reality into a structured methodology that business leaders can fund and measure.

Identity: The Enterprise Control Plane You Can’t Afford to Lose

Identity sits at the center of every IT system in the modern enterprise. Before any application launches, any service starts, any API call executes, or any user logs in — identity must authenticate and authorize. Active Directory has underpinned Windows environments for a quarter century. Entra ID extends that authority into hybrid and cloud environments. And Okta has become the identity provider of record for thousands of enterprises managing SaaS sprawl, cloud workloads, and increasingly, AI-driven automation.

When identity fails — whether through ransomware encryption, administrative misconfiguration, or a targeted credential attack — everything built on top of it fails with it. Users can’t authenticate. Services can’t start. Applications can’t communicate. The business stops. This isn’t hypothetical: in 2024 alone, 107 billion identity records were exposed globally, and 57% of cyberattacks began with a compromised identity. The rapid growth of non-human, agentic, and API-based identities has dramatically expanded the attack surface, while hybrid cloud adoption, SaaS sprawl, and AI-enabled automation have elevated identity providers to mission-critical infrastructure.

Protecting compute, storage, and network infrastructure while leaving the identity store unprotected is like reinforcing the walls of a building while leaving the foundation unguarded. Attackers understand this. Commvault’s Identity Resilience capability is the direct response — bringing the same automated, policy-driven protection and point-in-time recovery capabilities that organizations rely on for data to the identity layer itself.

Commvault’s new support for Okta delivers automated, policy-driven protection and granular, point-in-time recovery for critical Okta objects and configurations, enabling organizations to recover from misconfigurations, operational disruptions, and identity-driven cyberattacks without starting from nothing. Alongside existing support for Active Directory and Entra ID, this creates a unified identity resilience posture that spans on-premises, hybrid, and cloud-native identity environments — the full topology of how enterprises actually operate today.

What Implementors Need to Know

Deploying identity resilience isn’t a plug-and-play exercise. Organizations need to inventory and map identity dependencies before they can protect them, understanding which applications, services, and automated workflows depend on which identity objects, and in what order recovery must proceed. A misconfigured recovery sequence can restore identity infrastructure while leaving dependent systems stranded. Testing recovery plans against realistic attack scenarios, not just hardware failures, is essential; Commvault’s ResOps model explicitly incorporates this through measurable readiness assessments.

Implementors should also account for the proliferation of non-human identities which frequently lack the governance controls applied to human users and represent the fastest-growing segment of identity attack surface.

Why This Matters: The Imperative for CISOs, CIOs, and IT Leaders

The era of treating cybersecurity as a prevention problem is over. Attackers will get in. The question every board-level leader must now answer is can their organization continue operating — and recover completely — when an attack succeeds. Security teams face constant threats but often lack a clear view of their resilience — they invest heavily in protection tools while leaving their actual recovery readiness untested and unmeasured.

Commvault’s ResOps framework, anchored by its expanding identity resilience capabilities, gives CISOs a language and a platform for turning resilience from an aspiration into a measurable operational discipline. For CIOs and IT leaders, the message is equally direct: identity is not just another application workload. It is the foundation on which every other system depends, and it demands the same protection, testing, and recovery architecture you would apply to any other mission-critical infrastructure.

Commvault has spent three decades in enterprise data protection. Its move into identity resilience and the broader ResOps discipline reflects a clear-eyed understanding of where attacks concentrate and where recovery must begin. Organizations evaluating their cyber resilience strategy should put Commvault on their short list — and start the identity conversation today.