The focus of enterprise data security is shifting. For years, much of the protection strategies centered on backups, ransomware recovery, and visibility into unstructured files. Now, with the rise of generative AI and vector databases, the focus is also shifting toward structured environments: relational databases, data warehouses, and repositories used to feed models, agents, and AI applications. In this context, Commvault has announced an expansion of its capabilities within Commvault Cloud to extend discovery, classification, and real-time access governance in these environments, leveraging technology integrated after the acquisition of Satori.
The most significant new development is that Commvault no longer views resilience solely as data recovery after an incident, but also as a combination of visibility, control, and proactive risk reduction over live and protected data. According to the company, these new features broaden its DSPM —data security posture management— approach beyond unstructured data, adding real-time access controls for structured databases, including vector databases used in AI applications.
This distinction matters because vector databases have become a common element in modern AI architectures, from RAG systems to internal assistants and semantic search engines. If an organization properly protects its backups but does not regulate who accesses the structured data or what might be exposed through models and semantic queries, the surface of risk remains open. Commvault emphasizes that access governance in these environments must be part of the same conversation as cyber recovery and sensitive data classification.
The company structures this expansion around three pillars. The first is AI-assisted classification, aimed at automatically identifying sensitive data and flagging environments with excessive access, overexposure, or longer-than-expected retention. The second is data access governance, which involves controlling and monitoring how structured data is accessed and used in real time. The third is integrating this visibility into cyber resilience and cyber recovery workflows, so organizations not only see the risk before an incident but also recover more effectively afterward.
The role of Satori is central to this development. Commvault completed its acquisition of the company in August 2025, with the goal of enhancing its platform with data security and AI governance capabilities for production, analytics, and cloud environments. Satori specializes in instant visibility, dynamic access policies, real-time monitoring, and controls over databases, warehouses, and data lakes—a natural fit for what Commvault aims to build within its resilience cloud.
From a technical perspective, what’s interesting is that Commvault is attempting to bridge two formerly separate worlds. On one side, classic data protection: backups, clean recovery, business continuity. On the other, granular governance of structured data access: who can see it, which sets contain sensitive information, how usage is audited, and what policies prevent leaks or abuse. Practically, this moves resilience closer to a production data security model, not just recovery.
The company also stresses the importance of unifying the risk view. Their message is that security and resilience teams need to detect sensitive data, policy violations, and unnecessary exposure across both active environments and backups, to prioritize remediation by impact. This aligns with a reality many organizations are already experiencing: data does not stay static in a single repository but moves across bases, backups, clouds, analytics environments, and AI services, making governance more complex with each transfer.
Furthermore, market factors are driving this accelerated integration. IDC, cited in the announcement, warns that data governance is becoming one of the critical gaps in enterprise AI deployment—especially in environments where models, warehouses, and vector databases can expose sensitive information without legacy tools being designed for this scenario. Commvault leverages this thesis to argue that the convergence between DSPM and cyber resilience is no longer optional.
Regarding availability, Commvault states that data access governance for real-time control of structured data access is already available via single sign-on from Commvault Cloud and as a commercial add-on for any Commvault Cloud package. Discoverability and classification features for structured data are expected to reach general availability by late summer 2026. This indicates that the full vision is being rolled out in phases, although access control features have already moved beyond the roadmap into immediate deployment.
For customers and security leaders, the core message is clear: data protection can no longer treat backups, operational databases, and AI layers as separate compartments. If sensitive data is in a warehouse, also replicated in backups, and consumable by models or generative applications, true resilience requires visibility and governance across the entire journey. That’s where Commvault aims to stand out: not just recovering quickly, but helping ensure data is less exposed when crisis strikes.
Frequently Asked Questions
What exactly has Commvault announced?
Commvault has enhanced its Cloud platform with capabilities for discovery, classification, and risk assessment of structured data, along with real-time access controls for databases, including vector databases used in AI.
What role does Satori play in this new offering?
Satori provides the technological foundation for access governance and security of structured data. Commvault acquired it in August 2025 to bolster its data security and AI governance platform for production, analytics, and cloud environments.
What features are already available, and what will come later?
Real-time access control over structured data is currently available via SSO from Commvault Cloud. Discovery and classification features for structured data are expected to be generally available by late summer 2026.
Why does Commvault mention vector databases?
Because AI applications increasingly use vector databases for semantic searches, RAG, and agents, which can expose sensitive data. Commvault explicitly includes these environments in its new access governance layer.
via: commvault