8 min Security

Back-ups should be part of a modern layered security approach

Insight: Backup & Recovery

Back-ups should be part of a modern layered security approach

Rubrik has recently been increasingly asserting itself as a security vendor. The announcement in late 2022 of Cyber Recovery seemed like a good reason to talk to Anneka Gupta, Rubrik’s Chief Product Officer. What can we expect from Rubrik and more generally from backups in terms of security?

With the rise of ransomware, which encrypts and holds data hostage, backups have also taken on a completely different role. Previously, backups were mainly there to restore if a plane fell on your data center, or if the country flooded. They are still suitable for that, of course. In recent years, however, ransomware has added another dimension. Backup data, in fact, tells a story about ransomware. The key is to extract that story from that data. That’s what Rubrik wants to contribute to with the Rubrik Security Cloud.

Security Cloud is the product, backups the foundation

The Rubrik Security Cloud is basically the only product Rubrik offers. That is, every new customer purchases it, regardless of what exactly they purchase. In doing so, Rubrik has greatly simplified its offering in recent years. Virtually all the products and services that it used to talk about separately are now folded into the Security Cloud. Polaris is a good example of this. This SaaS platform received much attention when Rubrik launched it. This was warranted, we now know, as Polaris has now effectively become the Security Cloud. Another example is a component such as Data Risk Assessment & Anomaly Detection. You won’t find it in the menu of Rubrik’s website anymore. It is still part of its offering, however, only buried a little deeper into the platform as a whole.

Rubrik has organized everything it has to offer into three main themes: Resilience, Observability, Remediation. In this respect, too, the company now sounds like a security company. That’s why we ask Gupta, just to make sure, whether Rubrik remains serious about backups and related activities. That is certainly the case, she assures us. “We are definitely not running away from it, we see backups as a security product,” she states. “To build resilience, you need a copy of your data,” she continues.

Rubrik may have done a rebrand and now only talk about data security, but the company is still investing heavily in backups. The goal is to be able to offer more and more on top of the basics of backups to (SaaS) solutions that focus on data security. This is necessary, according to Gupta, because attackers are still getting into systems. So there are still holes in the defenses. Rubrik believes it can make a substantial contribution to closing those holes. “Trying to keep attackers out is not enough, it is also necessary to keep track of how data changes over time.” Along with investing in infrastructure security, organizations will also need to continue to invest in data security. At least that is Rubrik’s starting point.

Also read: Rubrik introduces Zero Labs, records €400 million annual revenue

Rubrik Cyber Recovery

One of the relatively new services (November 2022) is Rubrik Cyber Recovery. This new service is there to help organizations determine whether the playbooks it creates actually do what they are supposed to do. That, in fact, is quite a problem, Gupta points out. “Many organizations put playbooks together, but don’t have a good way to test them,” according to her. With Cyber Recovery, Rubrik brings together all the components that allow you to do that into a single solution.

Rubrik Cyber Recovery is not just about testing playbooks, though. Simulations are certainly part of it, but it is also designed to make it easier for organizations to take snapshots and set up a fully functional recovery environment. This environment can be in the cloud, or it can be in a sandbox in one’s own data center. According to Gupta, organizations sometimes take up to six weeks to set up such an environment. With Rubrik Cyber Recovery, they should be able to do it in just a few clicks.

The uniqueness of Rubrik Cyber Recovery is not so much in its individual components. What is particularly interesting is that Rubrik can offer them all in a single solution. Snapshots, setting up recovery environments, initiating a recovery and receiving reports afterwards, it’s all in there. Rubrik Cyber Recovery is not something an organization deploys once, by the way. The idea is that it happens on a regular basis.

Data Observability

If we had received a dollar for every pitched around observability, we would be very rich. Almost every vendor seems to want and be able to do something with it in one way or another. In itself, this is not so strange, because without observability you can’t focus your attention on the right way to protect and design your environment. Rubrik understands this as well. As such, Data Observability plays an important role for the company. This is also linked to Cyber Recovery, by the way. “You can run our observability offering on top of Cyber Recovery,” Gupta points out. With it, you can find exactly the data that an attacker has infected. It also allows you to get clarity on exactly which data needs what protection. That has traditionally been a tricky challenge as well.

Rubrik for Cyber Recovery did not yet have integrations with other security tools at the time of our conversation with Gupta. Data Observability, however, does, for example with SIEM and SOAR platforms. Those can be more effective if they have a better understanding of what is sensitive data and what is not via an observability tool. Ultimately, what Rubrik offers here is sort of a last line of defense, but that too can be very valuable if it can share meaningful data with other tools.

In addition, integrations between Rubrik and security tools also mean that Rubrik will be on the radar of more personas within organizations. Where it used to be only the IT department, they are now increasingly looking to serve security departments as well. As Gupta puts it: “Those departments already have a SIEM solution and we certainly don’t want to replace that. We want to be an additional resource for it. It is absolutely not our ambition to be the UI for everything.”

Getting SecOps and IT to talk to each other

The goal is to eventually push hard to set up integrations with other security tools within all three main pillars (Resilience, Observability, Remediation). In this way, Rubrik is also putting its money where its mouth is. For several years, it has been talking about bridging the gap between SecOps and IT.

It still happens that within organizations the IT and Security departments never talk to each other. Ideally, they should, because this provides more and better insights into the risk organizations face. At the end of the day, a lot of what we call security is about managing this risk. “You can be very proactive, but you can never be 100 percent sure that you can keep attackers out. What you can do is be sure you’ve done everything you can,” Gupta summarizes. To that end, integrations between different components within an organization are indispensable.

As indicated above, Rubrik knows its place when it comes to its cybersecurity ambitions. It knows very well where it can add value, we gather from Gupta’s words. Whether this also immediately means it is a security company, is up for debate, but not extremely relevant in our opinion. If nothing else, this stance ensures that backups and data in general receive attention in security discussion. The question around integrations that Rubrik asks itself is simple: “What can we do from a data perspective and how can we deploy that in a relevant way?”

Much more can be done, but not just yet

The value of back-ups in the broader cybersecurity discussion is quite clear. There are still major challenges in that area, so it makes sense that Rubrik doubles down on this. However, data in backups can be used for many other things as well. Training AI/ML models, for example. Are we going to see some of that in Rubrik’s product offering? When we raise this point, Gupta is clearly very excited about the possibilities outside of cybersecurity. However, she also indicates that this is not something that Rubrik focuses on now. “We are now addressing a problem in the here and now,” she indicates. That problem has Rubrik’s full attention.

So other applications will have to wait a while, but are definitely coming if it is up to Gupta. The reason for this is simple: “By doing that, we will help organizations get the full value out of all their data.” We haven’t seen the last new use-case for back-ups and back-up data yet. That’s an interesting perspective to end the conversation with. It indicates that a company like Rubrik (and with it backups) is becoming and will continue to become more and more relevant. From simply protecting data, it is increasingly about leveraging that data for other purposes within organizations.