Simple Storage Service (S3) is where many modern applications and AI systems store their data by default. Databases, SaaS platforms, and custom workloads send backups and exports to object storage because it is easy and widely supported. The problem is that protection is rarely consistent. Buckets are set up by different teams, accounts are managed separately, and retention or immutability depends on decisions made long ago. These gaps tend to surface during audits, security incidents, or rushed recoveries, when teams realize they are unsure which data is actually protected.
Commvault is addressing this with Commvault Cloud Unified Data Vault. Instead of adding protection to S3 data after it is stored, the service provides a Commvault-managed, S3-compatible endpoint. Data written there is protected immediately under centralized, policy-driven controls within Commvault’s resilience platform.
The difference is not about replacing S3, but about removing fragmentation.
Vir Choksi, Principal Product Marketing Manager at Commvault, told ChannelE2E, “Native S3 immutability and lifecycle features are storage-level controls that must be configured and managed bucket by bucket and account by account. While they are useful, they do not provide centralized governance, air-gapped protection, or integrated recovery workflows across environments, and they rely on consistent configuration and ongoing oversight by customers.”
Not just another S3 control
Unified Data Vault takes a more direct approach. “It is a Commvault-managed S3-compatible service that applies immutability, encryption, retention, and governance automatically at the moment data is written, within a unified, air-gapped resilience platform,” Choksi explains. “Rather than relying on fragmented storage configurations, Unified Data Vault brings S3-written data, often created outside traditional backup workflows, under centralized, policy-driven cyber resilience.”
That matters because a lot of S3 data never passes through traditional backup tools. Application exports, AI training data, and SaaS snapshots tend to land directly in object storage. Unified Data Vault is designed to catch that data at the point of creation and apply protection consistently, without agents or custom scripts.
What actually changes during recovery
The real test of any protection model is what happens during an incident. Today, recovery often starts with discovery: figuring out which buckets are trustworthy, whether immutability was applied correctly, and how to coordinate restores across regions and accounts. Unified Data Vault is meant to remove that uncertainty.
“Unified Data Vault simplifies and accelerates recovery because data is already stored in a governed, immutable, air-gapped environment managed by Commvault,” Choksi says. “Teams don’t need to first assess whether policies were correctly applied, identify which buckets are trustworthy, or coordinate manual recovery steps across accounts and regions.”
Because protection is enforced as data is written, teams can rely on known-good copies during an incident instead of validating data under pressure. “This makes recovery workflows more predictable and reduces operational complexity and human error during high-pressure situations,” Choksi adds.
A clearer model for partners and MSPs
There is also a practical shift for partners and MSPs. Protecting S3 data today often involves custom lifecycle rules, scripts, or bolt-on tooling that is hard to standardize across customers. Unified Data Vault replaces that with a service delivered through Commvault Cloud.
“For partners and MSPs, Unified Data Vault replaces fragmented, custom-built S3 protection approaches with a standardized, policy-driven service,” Choksi says. “This reduces the need to manage scripts, agents, or bespoke lifecycle configurations across cloud and on-prem environments.”
The result is a more consistent service model. Partners can bring S3-native applications and AI data into the same governance and recovery framework they already use for traditional workloads, while customers retain flexibility to use their own storage where needed.
Unified Data Vault is currently available through early access, with general availability planned for spring 2026. The timing reflects a broader reality: S3 is no longer just cheap storage. It is where the critical application state and AI data live. As that data becomes more regulated and more targeted, resilience cannot depend on scattered bucket settings and manual oversight.
By enforcing protection at the moment data is written, Unified Data Vault shifts resilience from a cleanup task to a default behavior. That change, more than any single feature, is what will matter as object storage continues to anchor modern workloads.