Karissa Breen [00:00:10]:
What’s up, everyone? It’s KB and I’m on the ground here in New York City for Commvault SHIFT 2025. This is the place where cyber recovery, AI and real world resilience aren’t just buzzwords. They really are the battleground this year. The message is really, really clear about that. Disruption is constant and attackers are faster and recovery has officially become the new front line of defence. I’m here talking to the people like Commvault who are actually building what’s next. The technologists, the operators, the executives who aren’t just reacting to the threat landscape, they are rewriting it. So stay with me.
Karissa Breen [00:00:50]:
We’re diving into the conversations that matter, the insights you won’t hear on the stage. This is KB on the go from Commvault Shift 2025. Let’s get into it. Joining me now in person is Danielle Sheer, Chief Trust Officer at Commvault. And today we’re discussing building trust by design. So, Danielle, thanks for joining me and welcome.
Danielle Sheer [00:01:18]:
I’m very excited to be here with you.
Karissa Breen [00:01:19]:
Okay, so let’s look at the term chief Trust Officer. Now, it’s a title that we haven’t seen much of lately. But when you think about trust in today’s cyber and tech environment, and you spoke a little bit about it before in our media briefing, what does this mean to you specifically?
Danielle Sheer [00:01:37]:
There are a lot of rules in a company that are designed to deliver credibility, that are designed to deliver product that works, that are designed to deliver a workforce that feels secure and confident in the work that they’re producing. So many aspects of what every single person shows up to work and does every day has a component of trust in it. But there’s no one leader thinking about how the organization is considered a trusted enterprise to its customers, to the industry community, to investors, to each other. And that is a question that can show up in almost every motion and action that a company goes through. A product deliverable. It’s kind of amazing to think that somebody should ask the question, can our customers trust it? Okay, can they trust what? Can they trust that it does what we say it’s going to do? Can we trust that when they plug their system into it, their ecosystem into it, they that it won’t cause any harm? Can we trust that it’s going to solve the problems that they have? Can we trust that it’s going to grow with them? Who’s asking those questions? Usually it’s not the developer who’s coded what we’ve asked them.
Karissa Breen [00:02:51]:
To code.
Danielle Sheer [00:02:51]:
It’s usually not the head of product who’s developed this product. It’s not the head of legal who’s written the terms. So the chief trust officer is this sort of emergence of a role that is taking various different groups of people that are all focused on really important things. Privacy, product, legal compliance, governance, investor relations, communications, and making it a cohesive operating system is what I would call it.
Karissa Breen [00:03:20]:
Do you think as well, the terms of trust is sort of thrown about a lot lately, like, oh, we engendered this trust that to the point where it can come across a little bit frivolous for people or there’s another breach that happens. So the term sort of trust, people become desensitized to it, perhaps.
Danielle Sheer [00:03:37]:
I think that’s what’s happened with the term AI, but I don’t think that’s happening with the word trust. Although just because you say it doesn’t mean you have it. So one of the things I was talking about with some of my colleagues as we were prepping for this, they asked me, why is this so important? And why is this something that isn’t just fluff, which is sort of what you’re asking right now. How do you make it something that’s got some gravitas, that has some substance, that’s meaningful? I’ll tell it to you this way. I have two daughters, 9 and 11. They are growing up with technology in a way I didn’t. They are growing up with social media, they’re growing up with AI. The hardest thing for them to learn how to do is going to be to build relationships with other humans, because technology has made it so easy for us not to talk to each other.
Danielle Sheer [00:04:24]:
But business is still all about relationships, relationships with other people. I’m buying your products because I trust you. When I get into a challenging situation like a cyber attack, you think that you’re calling an automated AI machine? Like, no, you need to talk to a human. And so somehow, in this world where everything is being reduced to something automated, something speedy, something, or technology can have a solution. There has to be a person on the team who is still thinking about, how are we going to develop relationships of trust?
Karissa Breen [00:04:55]:
Yeah, that’s a really interesting point. Because now everyone’s talking about, we got to leverage AI to beat our competitors. We have to leverage the tech to do the heavy lifting. So given your pedigree and your background, what do you think companies like Commvault can do to really engender that trust into customers and just to extend that a little bit?
Danielle Sheer [00:05:17]:
More.
Karissa Breen [00:05:17]:
Danielle, I think customers, from what I’m reading online, expecting a lot more from businesses nowadays.
Danielle Sheer [00:05:23]:
Yeah, I think you took that in exactly the right direction. So, two parts. What can we do to create more trust with our customers? The second question was customers are expecting more from the businesses that they do business with. I agree on both parts. The first thing that we can do is events like these, we’re looking at each other, we’re having a conversation. It’s very different when you’re sitting on Zoom and you’re remote. We need to make significant efforts to show up, to be intentional to build these relationships. After this, I will follow up with you.
Danielle Sheer [00:05:56]:
I’ll send you a LinkedIn request in a month. I’m going to remember to send you a note. I’m going to remember to listen into your podcast because the relationship I develop with you, one of the foremost cybersecurity experts coming out of Australia, matters. It matters to Commvault that is ingrained in us at commvault as leaders and as all of our employees. The relationship we have with each other, the relations we have, customers, partners, industry, it’s what fuels it, what drives our business to your second point, which is customers are expecting more and more from businesses. You know, it’s hard to know what’s true out there. There is so much noise. We were in this press briefing earlier today and somebody made a comment which I thought was very smart, which is you’ve put out so much information, you have put out so many releases.
Danielle Sheer [00:06:39]:
Like what’s with the flurry of releases and what’s really behind all of this? It’s almost like it’s too much noise coming from every single company and more and louder wins. I actually don’t believe that customers are looking for what do I trust? What matters? Can you cut through the noise and give it to me straight? Can you tell me the end of the story first? Which is one of my favorite quotes. One of the things that we make sure to do with customers to build trust is when we hear about a cyber attack that might have affected more than 10 companies, we immediately research whether or not one or affected, but whether our customers could be affected and we get an alert out immediately. We’re not trying to sell them anything. There’s no service message related to Commvault, but we very much believe in a shared responsibility model when it comes to cybersecurity and cyber resilience. And so those are the relationships that we lean into. We heard about this. Do you need any help? Here’s A number to call.
Danielle Sheer [00:07:34]:
Right. I think what separates the businesses that have heritage, which is a word I’m loving right now, Commvault has been around a long time and that gives us deep heritage and the businesses that are born in the cloud and racing as fast as possible to build as fast as possible, almost without concern for security. By design, the difference between those two is our relationships with customers have spanned. We take that very seriously and we’re in it with them. When they experience a cyber attack and all of us will, there will be somebody who picks up the phone on the other line from Commvault and somebody they have known for years. You can’t replace that.
Karissa Breen [00:08:14]:
So, Danielle, zooming out just for a moment and you said, like, people want to be able to call someone. There’s nothing more annoying. You call a customer service and it’s like dial one. Oh, I didn’t understand you. And you go back into. It’s just, it’s cyclical.
Danielle Sheer [00:08:26]:
It’s the worst.
Karissa Breen [00:08:27]:
So do you envision that companies like Commvault, we will start to do things the old fashioned way? Old fashioned. Like you and I are sitting opposite each other, whereas we went through a whole cycle. Yes. Through Covid. Even before COVID everything’s done online. But now with a lot of this synthetic media that’s out there and people being bombarded by vendors and they’re getting annoyed, do you think it’s going to come back to how you and I are talking right now to engender that trust, really at that human to human.
Danielle Sheer [00:08:53]:
Level, a company that is facing a crisis? Yes. And so companies that are not investing in upskilling their employees and helping them develop relationships and sort of the arc of somebody’s career from learning until sort of becoming an expert at something, it will really separate the great companies from the companies that might not survive. It will be both, for sure. You know, there’s a lot that AI can offer us that, you know, obviously takes the place of a lot of laborious work that really doesn’t need to have a human involved that makes space for is the sort of work that only a human can do. It’s one of the things I say when I train my folks as they’re coming up in the world, when I notice that they have started to do the same thing over and over again and they’ve nailed it, they’ve got it, they’re trusted. I trust that when I give them something, they’re going to complete it and they’re going to do it really well. I Say to them, I want you to spend a week writing everything down, stream of consciousness. And then I want you to give 80% of that away.
Danielle Sheer [00:09:53]:
Teach somebody else, and they’ll turn around and say, danielle, what am I supposed to do? Well, you’re supposed to figure it out. That’s what it means to mature into a career. That’s what it means to grow into an expert. Figure out how to replace that 80% that you’re teaching the next generation. You can compare that to AI. Now, what we say to the team is, we’re going to find some AI tools that take away 80% of. Of the work that you were doing that. Now, a computer can do that, an AI algorithm can do that.
Danielle Sheer [00:10:19]:
Agentic AI can do. What am I supposed to do? Figure it out is what you’re supposed to do. You know, make some friends. Who are our top 200 largest customers? Does anybody know any of the people who work there? Why not find out how you can help them? I mean, that has got to be something that’s valuable.
Karissa Breen [00:10:37]:
Okay, so you mentioned something before. How are these companies going to survive? So commvault earlier this year released a report. On average, it’s about 24 days for recovery for a company. The part that I’m curious about, and maybe you would shed some light on this, Danielle, would be people are not going to wait 24 days for a company to come back online. Why? Because now, as soon as a company has an issue, they go to Twitter X and all of a sudden, something that’s been offline for 15 minutes, people already complaining. The news has already got a hold of it. It’s already, you know, sprawled across social media. So what do you envision for the future of these companies? Like, I’m not going to wait around 24 days for old mate’s company to come back online.
Karissa Breen [00:11:17]:
What’s your view? Which probably dovetails nicely, the role that you’re doing here at Commvault.
Danielle Sheer [00:11:22]:
It is such an important question. So let’s take it and just make it super real. We’re entering the holiday season. If United Airlines is offline for 24 days, do you think anybody is booking United Airlines flight as soon as they come online, every single one of us is saying, yeah, let’s just wait until United figures out, like, what’s going on. But I’ll try any other airline because I’m worried that they might have that problem again. So it’s a really important issue. When I talk to our board of directors, I’m also on the board of directors of a public supply chain company. And when we talk to the management team there, the board of directors has one question and I asked it sort of earlier today.
Danielle Sheer [00:12:02]:
What are the three to five systems that can’t go down? If they go down, we are not in business. The first thing is, is your management team needs to be able to answer those questions. It’s our customer support portal. It’s our website which dovetails as our cash register. If that’s true for a lot of born in the cloud companies, whatever it is, what are the three to five systems that you cannot have offline or. We are not in business. We’re not getting passengers in the air. We’re not shipping clothes and gifts all over the world.
Danielle Sheer [00:12:29]:
Great. First you have to know it. That’s a really hard thing to do, right? Because there’s hundreds, maybe even thousands of systems and tools inside a company. First you have to know it. Number two, what happens if it goes down? Because none of us pretty much control any of those systems. Most of those systems are controlled by a third party. What do we do if it goes down? What’s the plan? That’s something that should be thought of now and that’s what Commvault thinks about all the time to help customers get back up and in business. It doesn’t mean that the breach is over with.
Danielle Sheer [00:12:58]:
It doesn’t mean that the after effects of an attack aren’t something that have to be dealt with, which takes a lot of time, way longer than 24 days. It means how can I make sure that I draw a box around that activity and I have a separate team getting us back in business and up and running. And what’s my failover? What’s my spare tire for my cash register? What’s my spare tire for my support portal? Those are questions we should be asking ourselves. And Commvault can help answer the questions for customers.
Karissa Breen [00:13:26]:
The other part that’s interesting to me with customers and you mentioned aviation, so I spoke to an executive recently about aviation. So going back to an airline, they go down, something can’t happen for an hour. They’re losing about a million bucks. That’s a lot of money to lose in 24 hour window. Not ideal as well. Because of the long tail impact of the trust on that airline failed. What if I need to go home and see my grandmother for the holiday season? I’m not going to trust them. How would you sort of define that? Long tail trust, that something happens, they can’t get back up and running, a breach, etc.
Karissa Breen [00:13:59]:
How long does that go on for? Until companies can start to see, well, now we’ve actually built back the trust, whether it’s a protracted amount of time, but when we’ve hit that point, even look at Equifax, I’m interviewed the size of Equifax, post breach. How would you look at that? And to decide our customers are trusting.
Danielle Sheer [00:14:16]:
Us Now, a breach is not a break in trust, although I’m not sure the rest of the world has caught up to that. You will not find a single company today that hasn’t been breached. If anybody’s goal is to say, I only want to do business with a company that hasn’t been breached, good luck. The goal is the trust is not broken by a breach. Trust is what happens after you’ve been breached, that it’s either broken or it’s strengthened. Most of our experience in the last 10 years has been trust is broken. Why? Because companies are not transparent about what’s happening. They aren’t quick enough to communicate.
Danielle Sheer [00:14:53]:
You know, I remember reading regulatory releases and sometimes just blog releases for companies that went through a breach six months earlier, and I was a customer. You mentioned Experian or Equifax. That doesn’t make me feel like trust has been strengthened. It makes me feel like trust has been broken. It took you six months to tell me that something was wrong that affected me. Instead, use a breach to strengthen trust. Reach out right away, as soon as you know something has happened. Tell the world we’re all victims of what’s happening.
Danielle Sheer [00:15:28]:
It’s a shared responsibility model. Tell as much as you can as soon as you can, and be honest about the fact that you might not have all the information. So, you know, there have been a series of. I mean, there’s been so many breaches since the beginning of this year. Some of them were vendors of commvaults, like many companies. And when that happens, the first thing we do is we notify our customers we are aware that this has happened.
Karissa Breen [00:15:50]:
We.
Danielle Sheer [00:15:50]:
We are not yet aware that any customer was impacted. But you can be sure that the second we are aware of it, we’re gonna let you know. And, you know, on the other side, you’ve got a customer. And we’ve had customers tell us they breathe a sigh of relief because we have gotten them to expect that we will communicate with them, that we will be transparent with them. We’re not hiding the puck. We’ll tell you exactly what we know, when we know it, and we will keep you updated. And it’s what Keeps our customers very loyal to our brand.
Karissa Breen [00:16:17]:
So a fair few years ago, Norsk Hydro, who are a Norwegian company, had a breach. The interesting thing about this breach is their actual stock price went up. Most companies go down post breach because of how they handled it. So that was a while ago. But given all over the world, there’s breach happening there, Franz. And even on a media level we can’t even kick up. But the same sort of, I guess, displacement of the trust seems to be there that there’s company after company having these breaches and yet we still haven’t sort of figured it out. Do you have any insight then on that?
Danielle Sheer [00:16:46]:
I think that 80% of the time people want to rush to cover it up because it takes a while to figure out what happened. It takes a while to sort of reverse engineer to get to the root cause of a breach. But I also think there’s been a lot of collateral damage as a result of that instinct to just wait until we are certain before we speak. You know, back to the importance of relationships. There are a number of Long term Commvault customers here with us today at shift. And you know, in some ways it’s a bit like a reunion with a lot of our long term Commvault employees. That relationship matters. And so, you know, if a situation, and when a situation happens where we need to notify customers about something or a customer needs to notify us about something, we’re not picking up the phone and talking to somebody that you don’t know for the first time.
Danielle Sheer [00:17:39]:
And I think maybe that’s the answer. I think the answer is know your business, know your customers, know who you work with, make the effort. It’s a lot easier to pick up the phone and have a conversation with somebody that you know and you have worked to build trust with over years than it is to say, hey, can I speak to wherever your company owns security? I have something I need to tell them. Oh, that’s a tough, that’s a tough message to deliver.
Karissa Breen [00:18:02]:
You’ve got a legal background, don’t you?
Danielle Sheer [00:18:04]:
I do.
Karissa Breen [00:18:04]:
So do you think it’s hard when people are delivering to the media, to their customers? Like you said, they want to cover it up or they can’t talk because there’s general counsel advising them. And then the person. And I’ve seen this happen when they’ve given updates to the media about the breach. They might not be the right person or we can’t answer that because of legal counsel. How does that sort of impede a lot on building that trust back. Because there’s a lot of. You have to step carefully.
Danielle Sheer [00:18:28]:
It’s a very good question. I’m a very different type of lawyer. I think there is one very majority idea, which is if you just hold your cards close to your vest, then in the event of a litigation later, we won’t end up hurting ourselves. We don’t believe that at Commvault, and that comes from the top. That comes from our board of directors and our CEO. We believe in transparency. We believe in always trying to do the right thing. We believe that we’re not always going to get it right.
Danielle Sheer [00:19:00]:
But we don’t believe the standard is to be perfect. We believe the standard is to try and in everything that we do, that that’s what leads us. So you’ll never find me or any member of our legal team or our privacy team or compliance team say, you can’t say that. We don’t want you to be transparent about that. That’s not what our culture is. Our culture is share information as soon as it’s credible and as soon as possible.
Karissa Breen [00:19:25]:
So then, Danielle, if you were to zoom out and look forward, is this sort of approach what we are going to see? Yes, within commvault, but in other vendors or other companies as well as someone who works in media. And then there’s a breach. And then like, no, we can’t say anything to you because general counsel or, you know, I’ve gone back and back again after. Not just vendors but actual large enterprises. They don’t want to talk. Then there’s this stigma in the industry. It’s like, we got to share and we got to do these things. But then no one really wants to share at the end of the day.
Karissa Breen [00:19:51]:
So I don’t know whether that commentary is attributed to virtue signaling because it’s the right thing to say. So I’m then curious to just maybe get your thoughts on what are we going to see now, given the AI and all the things that people want to talk to a human. They want to hold these companies accountable in terms of customer loyalty, etc. I’m keen to sort of bring it all together.
Danielle Sheer [00:20:14]:
You will see the way I’m talking now. You will see more and more. I didn’t create this. You know, one of our most important partners is Microsoft. They are like this too. They will disclose early and often. They will give as much information as is credible and as soon as possible. I think that what we have arrived at is a period in time where for, let’s say, 10 years, I don’t want to go too much farther back.
Danielle Sheer [00:20:39]:
You have a number of people who have been through some very serious and very public breaches. This is a pool of CISOs and deputy CISOs and cybersecurity experts and that have truly lived through the fire. And we need them all leading cybersecurity at enterprises and governments. They’re not going to pay lip service because they lived it. They’re going to tell you exactly what’s happening and exactly how to fix it and exactly how we’re going to get back up and running. Those CISOs, they are driving this sort of discourse because they know it’s necessary for us to not just protect our businesses, but, you know, so much of our critical infrastructure all over the world is dependent on technology that may not have been built with security by design.
Karissa Breen [00:21:24]:
And lastly, do you have any final thoughts or closing comments you’d like to leave our audience with today?
Danielle Sheer [00:21:29]:
I think you’ve asked some very good questions. Trust could be one of those words that is just fluffy and not real. You have to make it real. Trust has to become an operating system. You need to design it deliberately, you need to deliver it with predictability, you need to test it. You need to get everybody on board with, you know, the sorts of questions that need to be asked. And it’s not, is AI secure? That’s not the question. The question is, is it behaving the way we intended? Who’s got oversight of it? And you have to ask those questions of a group of leaders around the table that run privacy and product and governance and legal and communications, because every single one of them are stakeholders in this question.
Danielle Sheer [00:22:16]:
And all of them have responsibility for the technology that we are ever so quickly developing and putting into the hands of people who are relying on it to keep their businesses up and running. So I expect that we will see many more chief trust officers at companies. And I think it is such a critical role, the more and faster technology is developed, we have to keep pace with developing relationships and asking ourselves real practical questions.
Karissa Breen [00:22:47]:
Joining me now in person is Avi Boru, Senior Director, Cloud Engineering Network and Telecom at Lennar Corp. And today we’re discussing how to keep the business running. So, Avi, thanks for joining me and welcome.
Avi Boru [00:22:58]:
Thanks, Karissa, for having me. Really appreciate it.
Karissa Breen [00:23:00]:
Okay, so Avi, I saw you present before with the CEO of Commvault, Sanjay, and one of the things that stood out to me is you said our role given like your role day to day is we got to keep the business running. So I’M really keen to explore that. What does that mean to you?
Avi Boru [00:23:17]:
Sure. Firstly, just to give an overview of Lennar. Lennar is a home builder. They’re a Fortune 500 organization. They’re around like a $35 billion company. And majority of the things that Lennar does is build homes in the United States. And as part of home building, one of the challenging things in this industry of home building is it’s very data intensive, which is we deal with a lot of data and the related platforms need to be scalable. And also TB has to be resilient for any kind of like business capabilities that we’re building.
Avi Boru [00:23:55]:
And in the age of now, AI, protecting this data has become even more necessity for us. And that’s where we’ve been working through around our modernization journey at Lennar is how can we build a lot of these digital experiences for our customers who leverage all these applications and digital experiences with the underpinning of the platforms like cloud, data network and ERP platforms that we run on. So keeping the business running is. I mean, our business does want to innovate, they want to release new features and everything, but they would appreciate more for us to just keep the business running, which is not having any disruption to our customers or to the related business capabilities, which all ties back to resiliency and having that data protected. And these are classified and data having accessible to our customers. And that creates lots of challenges. Specifically in my role where I’m focused on managing hybrid platforms both in data centers and multi cloud environments, the solutions I need to build to create that resilient digital foundation for business becomes very complex and becomes very fragmented. And it equally creates a challenge of operations and upskilling my engineers.
Avi Boru [00:25:24]:
So I think that that’s a critical part of keeping the business running is knowing the multifaceted platform we have and the complex scenarios we have and the modernization journey that we’re going through, how can we still keep the business running? That’s where commvault has been instrumental for us in unifying the fragmented capabilities that we have in building resiliency in data center and multi cloud environments.
Karissa Breen [00:25:52]:
So when people think about keeping the business running, it sounds rudimentary, it sounds basic, but it’s not basic. It’s hard because we’re seeing all these breaches. We’re seeing an IT outage of Australian. We’ve seen a lot of that happening in our part of the world as well. I live here in the US nowadays, so it’s just more that too many people are maybe looking at this too, like we’re focusing on AI. That’s where our attention needs to be. Or innovating, like you mentioned. But it’s almost like people are forgetting about just doing the basics.
Karissa Breen [00:26:21]:
Keep the business running. No business, no money. Then there’s no longevity in that. So then AI and innovation doesn’t really matter at that point, does it?
Avi Boru [00:26:29]:
It does. I think the challenge with keeping the business running is it naturally points back to some of the functions that technology needs to support, which is resiliency. But then resiliency is such a broad term, and everybody thinks resiliency is just backup and restore. But then that’s not just it. Resiliency is more about how fastly can you recover. Backups and restores doesn’t alone help you recover from an outage and get the business running again. There is a lot of configurations that you’ll have to do which underpins the whole backup of the data and how that data can be accessible to a customer through a digital platform. So that underpinning has to happen with either manual Playbooks or some kind of automated or some automated capabilities.
Avi Boru [00:27:25]:
So it’s always overlooked that keeping the business running is not as simple as it sounds because of a lot of underpinnings that happen with the underlying technology and infrastructure platforms.
Karissa Breen [00:27:37]:
So before you came to your interview today, I was just interviewing Danielle Shear, Chief trust Officer at commvault, and we were talking a lot about people’s onus now towards companies to have that continuous business. So can you talk through how fast can you recover? So because nowadays, like something happens and already people are online, they’re complaining, they’re not trusting the company as a result of it. So what does that then mean to you? Do you have any sort of tangible sort of numbers on what that looks like? How fast are we talking? Minutes, seconds, hours?
Avi Boru [00:28:11]:
I think it depends on the ability of the system and the application and the experience that we are providing to the customer. We measure it in three specific ways, which is rto, the recovery time objective, and then rpo, which is the recovery point objective, which is how fast can we recover the whole platform, irrespective of it being few applications or few data stores or few configurations, how can we make the whole system accessible for our customers? And we measure that through recovery time objectives. And we, from an operational standpoint, we do measure how fast are we actually recovering, which is meantime to restore or mttr. So these kind of like two metrics that we track helps us, one, strengthen our operational practices on what we are recovering, how we are recovering and how fast are we able to recover and what do we have to do to improve that MTTR metric, while the recovery time objective helps with setting that standards and expectations with our business and our customers when there is an outage and how fast we can recover for them without giving them the overhead of the technical details that they don’t need to understand. So Right now at ATL&R, our recovery time objectives have been significantly improved over the last couple of years as part of our modernization journey because one of the big takeaways for us when we do modernization is moving into the cloud and cloud does give us the elasticity and the scalability that we need so we can auto scale most of our capabilities, recover our data and automate our configurations to be able to meet our recovery time objectives.
Karissa Breen [00:30:02]:
So sort of focus in you said Pegle’s version of resiliency is about backup and recovery. What do you think people sort of overlook then when it comes to resiliency? So you mentioned before like how fast people can come back online, et cetera. But is there anything more nuanced perhaps that you’re sort of seeing given your role?
Avi Boru [00:30:19]:
I think the whole perception of resiliency is not changing. It was very operational centric perspective, just backup and recover or restore. But then today when you hear Sanjay mentioning around resiliency operations or Res ops, it’s a really cool term. But then the interesting aspect about that is how can we build a culture or an operating model around Resiliency is no longer just configuration, it’s the way of working, it’s the way we build these systems and it’s almost like a living component in our day to day production environments on how we run applications and how we manage our data and how we make customers consume the capabilities. And the other interesting aspect around resiliency is can we leverage any kind of AI capabilities or build AI capabilities which can identify what data is there, who is able to access the data and how is the data changing? If you can do that then we are enabling AI to be able to identify anomalies, probably trigger actions on our behalf and even further extend it to do some of the rudimentary like day to day operational task of backup and restore. And if you can automate this workflow then that’s what we’re talking about. Res Ops is I know where my data is, I know what’s changing in my data. I’m able to predict what an anomaly is going to be and how to trigger an action against that anomaly.
Avi Boru [00:31:55]:
Which means I’m Preventing incidents even before them happening. So that’s the kind of like resiliency operations or res ops I see is changing and LENR is also adopting. And the more importantly than not, the cultural change is giving that confidence to business that they can just focus on building innovative solutions because the underlying platforms have been matured with their azops that they are stable and resilient.
Karissa Breen [00:32:25]:
Okay, so following that a little bit more about AI now as we’re seeing a lot in the market companies to have that competitive advantage, you need to leverage AI to do that to take of their competitors. Vendors are doing it, businesses like yours are doing it. But then how do you balance that with then resiliency? Resiliency isn’t one of these things that people like isn’t super sexy at the AI is. Right. So do you find given the nature of your work, it’s something that gets a little bit relegated? Like people forget about it perhaps because it’s not super sexy. Oh, but the AI thing over here is cooler. Right? So how do you find that equilibrium in making sure yes, we’re innovating because we need to stay ahead of our competitors because that’s what our customers want and are expecting. But hey, we can’t throw the baby out with the bathwater and completely forget about resiliency because nothing’s working.
Karissa Breen [00:33:07]:
Then we have a bigger problem. True.
Avi Boru [00:33:10]:
I think we started to approach on how resiliency is done a bit differently, which is we started to approach in a way learning from our business. The way our business delivers is they build solutions for our customer and they’re focused on innovation. So the AI capabilities they’re building is to how to enrich that customer experience for the business solutions. It’s going to be an equally similar model that we’re trying to adopt which is how can we transform our infrastructure or cloud operations with a platform as product approach and how can we make resiliency a future capability that can be coupled with AI, which is if I want to know, hey, what’s happening in the platform? Is my platform stable? If something happens now, how fast can I recover? These are kind of like the conversational capabilities that I was hearing today from Pranay, also mentioning that they’re releasing conversational AI capabilities with mcps, which means my teams can now move with a platform product approach which is just interacting with the resiliency capabilities of AI and no longer building the underpinning automation of how resiliency needs to be maintained. So that’s where AI capabilities you can see equally can be built and Consumed both on the platform layer and at the business solutions layer also. Which is why resilience, AI capabilities and resiliency is a very interesting and fascinating for most of the platform teams. Because now, because we can also use AI, AI is not just for business solutions and customers, but my platform teams can now use AI to instead of me putting a support ticket for a Commonwealth support team, I can actually interact with their AI capability and I can extend their AI capability probably to automate my backup and restore activities. And if I have any kind of complex custom configurations to completely restore my platform, I can leverage Commvault’s MCP and AI capabilities to actually do that.
Avi Boru [00:35:19]:
So which means it’s not just business solutions. Even the platform teams and the platform solutions have a big role to play on what kind of AI capabilities they’re using from providers like Commvault and what they’re doing in extending those capabilities for their own platform solutions.
Karissa Breen [00:35:36]:
So is it a fair assumption then to say because of that, like mcp, et cetera, in turn is going to increase the velocity in day to day operations?
Avi Boru [00:35:44]:
It does increase velocity significantly. It reduces a lot of operational overhead. I no longer need to have no tabletop exercises, no playbooks, no runbooks, no probably few times over a year we do some resiliency exercises. We don’t have to do it because resiliency is now more continuous with the AI capabilities. So it’s always happening. It’s a live aspect of a production system.
Karissa Breen [00:36:11]:
So a lot of people that I interview on this podcast talk a lot about like practice the plan and do these things and make sure you’re doing the tabletop exercises, but you’re sort of saying it’s already embedded into the platform, for example, with Conva all. So does that mean that more broadly people don’t have to do as much of these sort of day to day tabletop exercises or you just focusing more on the platform?
Avi Boru [00:36:30]:
I think you’re maturing your practices in the way you do it because of the AI capabilities. Now helping with some of these, it depends on the kind of function that you’re trying to do. A tabletop exercise could probably be a conversation with the conversational AI interacting with the mcp, which probably understands what commons capability is, how our platform is configured, and then how do you want to orchestrate our whole resiliency plan. So the way we approach things, the way we mature our practices, is going to change, but the basics are not.
Karissa Breen [00:37:08]:
Going to go away because it’s continuous.
Avi Boru [00:37:09]:
It’s continuous, yes.
Karissa Breen [00:37:11]:
So how do People like yourself feel about relinquishing, I’m from a security background, relinquishing that control to have that just continuously there. Because a lot of the stuff that I used to do is we have to have a governance layer, make sure so and so is doing what they said they should be doing. Things do go wrong. It’s not always perfect. But how do you get to the point where you’re comfortable with this is happening in the background? You don’t have to kick it that much as before.
Avi Boru [00:37:35]:
I think most of the segregation of duties and the governance do not go away. How do you do it? How do you classify the data and how do you classify the responsibilities around this data? And what identities are you enabling to do? What kind of actions against this data still will be a governance layer which needs to be embedded into any kind of capability that we are building, either leveraging conversational AI capabilities or building any kind of agentic workflows backed by it. That needs to be the core aspect when we’re building solutions. People might think the governance aspect might slow them down in building these innovative capabilities. But then when you think from AI and system standpoint, it does need to understand what identity and what Persona it’s playing to take an action in its agentic workflow. So those kind of governance is needed even in the agentic workflows. So which is why governance is going to be key on how we manage this data and how we build resiliency towards this data, leveraging the AI capabilities.
Karissa Breen [00:38:43]:
And lastly, Avi, what do you think sort of moving forward? You’re at the conference here in the next couple of days. You’ve been talking about things that you’re doing with Commvault, et cetera. What do you think is going to happen next year when you come back again for this conference?
Avi Boru [00:38:56]:
I think AI capabilities are still very in the early phases. I think one of the biggest learnings for enterprises like us is one, how can we really change our operating model to leverage or build or extend the AI capabilities that either the platforms are providing or how we want to leverage it? So that’s going to be a big learning for us. And we would want to learn from the industry around how it’s maturing these capabilities. And I would like to see where the scales, the AI capabilities and how they are leveraging. But then the other big thing interested in is we are always looking for avoiding sprawl. There’s so many tools, so many solutions that we have across the ecosystem to do different operations. And the unity platform is something that’s interesting, which is how can we get a single pane of glass? Yes. If I have to build resiliency, why do I have to orchestrate against so many tools? Can I just have one consistent platform? And even if that platform doesn’t have the capability, can it help integrate with these other third party capabilities? And then how can I build AI capabilities or leverage AI capabilities in this one platform? Because one of the challenges for enterprises is we have to build resiliency at the pace of, of how business is moving and innovating.
Avi Boru [00:40:20]:
That’s a real challenge that we have. And having a sprawl of tools, having a sprawl of practices and having to upskill all my teams to know all these capabilities is a real world challenge. So a unified platform would help me simplify the upskilling of my engineers, simplify the practices, improve operational efficiency significantly.
Karissa Breen [00:40:44]:
Just lastly on that I’ve spoken a lot of people like yourself, client side as well, that are moving toward platformization, so it’s easier. But then also I’ve heard complaints in the industry of people saying, well, the interoperability isn’t there because not all these tools necessarily talk to each other. Yes, there are some tech stacks that do, but not everything. And if you’ve got 70 to 100 tools, which most companies of your caliber do, it’s very hard, then there’s going to be that gap. Where there’s a gap, it means that resiliency, there’s, there’s more risk there. So is that sort of, if you were to zoom out where companies are sort of moving towards to reduce that and also just logging in different platforms each day, That’s a lot to do.
Avi Boru [00:41:20]:
It is, I think the span of control and context switching is a real challenge in day to day operations because it slows us down, it slows down most of our engineers. But I think that’s where the partners play a big role, which is it’s always important to choose the right partners, at least for enterprises like us, which is, it’s not just the platform. You need a partner who’s going to take your feedback, who’s going to factor in your feature request to build a platform that can truly help us reduce operational overhead but still deliver business value. Because resiliency should be a de facto for our business and the easier the partners can make it for us, even if they don’t have the capabilities in the platform. Day one, can they work with us? Can they extend their platform with other providers that we are working with? So we have a unified platform, which supports external integrations, which they probably don’t have, or we could probably build capabilities as an extension to the partner platform. Right. So which is where it’s really important for us to choose the right partner, not just the platform.
Karissa Breen [00:42:35]:
And there you have it. This is KB on the go. Stay tuned for more.
