Rubrik: Securing data, the 21st century’s strategic asset

Few today would contradict the notion that COVID-19 has been a significant catalyst for digital innovation or that the value of data as an asset has never been higher. However, while ‘knowing’ is certainly an important part of enterprise transformation, actually putting together a plan and executing this new vision is far more difficult. Moreover, how can companies do so in a way that saves time, money and boosts security? The answer lies with Rubrik.

Founded in 2014 and based in Palo Alto, California, with offices in Europe and India, Rubrik is a cloud data management specialist that’s focused on bringing control back to customers, boosting their business’ resiliency, and promoting a secure yet agile operating style. 

When Jeffrey Phelan, Chief Technology Officer for Rubrik Federal, joined Rubrik in September 2020, he was already very familiar with the company from a customer perspective. Having briefed Rubrik’s technology to more than 450 different organisations just across the Department of Defence while still working at General Dynamics Information Technology, Phelan eventually reached out to Bipul Sinha, Rubrik’s CEO, to discuss how the company could continue to scale its business across the public sector. Recognising an opportunity that would allow him to combine his long-term focuses of digital transformation, infrastructure modernisation, and data protection strategies, Phelan decided to join and help realise Rubrik’s vision. He brought with him over a decade of cyber security industry experience, a passion for building resiliency across the entire organisation, and a practical mentality that prioritises the elimination of complexity.

“At the beginning, as the company started looking at managing the world's data, the founders really decided to build a proprietary hyperscale file system – which is now the industry’s only patented immutable file system - from the ground up,” Phelan explains. Featuring an “all-star cast” of leaders from high-profile tech companies like Google, Oracle, Nutanix, Cisco, ServiceNow, and Microsoft, among others, Rubrik is well-informed on the procedures necessary for managing, scaling, and securing data on a 24x7, global basis. Accounting for all of the nuances and challenges of managing data across different security, regional, and sovereign regulatory requirements is non-trivial, and as such, Phelan compares the company’s capabilities as being akin to telephone dial tone: “You pick up your phone, and you just expect the dial tone to be there. Well, in the same way, our customers expect their data to have the same reliability – to always be safe and immediately available.” The aforementioned hyperscale file system is a key enabler of this, as it allows data to be moved anywhere, whether in the cloud, in a data centre, or at the edge.  Also, he adds, “our file system is unique – it’s immutable; it was built so that someone couldn't come in and change, delete, or encrypt the data and hold it ransom.” 

The pandemic was a wake-up call for many organisations regarding the utility of migrating to the cloud. Capable of being faster, cheaper, and more agile than legacy data management solutions, it matched the challenging circumstances of the global crisis perfectly, and its appeal is unlikely to waver. However, when asked what advice he and Rubrik could offer to companies just beginning their cloud adoption journey, Phelan says, “It’s always harder than the consultant they've hired has told them it's going to be; it's messy because there's just so much data across so many parts of the organisation.” Every organisation we work with today has some documented modernisation strategy, and we see them focusing on (4) main transformation areas: Modernisation (reducing complexity and cost), Automation (both onsite and in the cloud), Security (Resiliency everywhere), and Harmonisation (One pane of glass). “Those four pillars are where we see the potential for active innovation and operational disruption,” he states. 
 

To assist these modernisation efforts, Rubrik favours a ‘crawl, walk, run’ strategy that helps customers understand exactly how much data they have, what systems and applications depend on that data, and what the organisation’s desired data protection is and data strategy end state looks like. From here, Rubrik works closely with customers to help modernise their infrastructures, reducing complexity and costs, and to take advantage of automation to drive security, compliance, and governance across their entire on-premises and hybrid cloud enterprise environments.  Often during this process, a company might not have good fidelity on how much data they really have, and they rarely have consistent data protection policies across hybrid clouds, meaning that budgets for cloud migration can quickly become more expensive than they anticipated.  “To prepare teams for this, we help customers dig a little deeper into what they really want to get out of their data, bearing in mind all of the data access, egress, and storage cost implications of managing and securing their data. We also sometimes get folks who are a little too ambitious: they pick the biggest, oldest, gnarliest system -and it's just too hard. Therefore, we frequently share lots of lessons learned, and we do plenty of hand-holding and provide candid counselling to help them through that.”

Another essential component of quality data management today is automation technologies, including machine learning and artificial intelligence (AI). Central to its implementation, however, is the resolution of a cultural challenge. “We have to meet customers where they are today, and then we have to help move them along that continuum,” states Phelan. “Part of what we do is to help operators understand what the ‘art of the possible is.’ Complexity is easy, but simple is hard.” He is conscious that anxiety about automation often conflates it with job losses, yet he counters that this isn’t the case. “There's a lot of tribal knowledge and tradecraft involved in the industry, and that’s going to remain intact. The difference is instead of them taking eight hours to run a task, maybe it could only take eight minutes.” Therefore, in Phelan’s view, automation should be considered an opportunity to upskill, increase efficiency, and reduce complexity. 

Making the operator smarter

In early 2020, Rubrik announced its acquisition of Opas AI - a move that the company made in order to achieve the following benefits:

• Optimised cloud costs
• Outage predictions
• System breach detection
• Privacy issue notification
• Resource hotspot resolution

Opas AI’s ‘Causation Engine’ incorporates several statistical and machine learning (ML) models to build a more comprehensive understanding of applications. Going forwards, Rubrik anticipates shorter problem resolution cycles, which will, in turn, enable the increased availability of data across any cloud or data infrastructure.

It’s increasingly clear that companies will need every advantage they can get; at a time when instances of large-scale cybersecurity breaches are rarely out of the headlines, customers need to bolster their enterprise resiliency. Phelan states that Rubrik’s data security and ransomware recovery solutions are the tonic that’s required. “Most network security tools have what we refer to as ‘a priori’ or prior knowledge dependency. Basically, they need to know something about that threat, such as a signature, hash, IP address, domain, or behaviour.” However, the unfortunate reality is that circumventing these tools is as simple as creating a custom threat that isn’t recognisable a priori. With this weakness subsequently exposing critical backup infrastructure to attack, incidences of ransomware have increased. However, Rubrik has a solution to this problem. “I mentioned earlier the immutable aspect of our file system, and it's that capability that's really protecting organisations against these breaches,” says Phelan. “We're able to help customers recover very quickly and get them back online in minutes, hours, or days when historically they've been down for weeks and months.”

Partnering for success: Carahsoft

One of Rubrik’s key partners is Virginia-based IT hardware, software, and consultancy services provider Carahsoft. Specialising in supporting important US institutions at a federal, state, and local government level, the company delivers cybersecurity, multi-cloud, and DevSecOps solutions, as well as others in Big Data, AI, Open Source, CX, and more.

“What Carahsoft does for both Rubrik and the buyer is to help streamline the acquisition process. It has very sophisticated contracting, inside sales, and marketing groups that fully understand the buying cycle of different customers across the public sector,” says Phelan. “In many ways, they act a bit like a Rosetta Stone: Carahsoft understands all the latest and emerging acquisition policies and purchasing options clauses, and so, when we have to go compete for business, the company works hand in glove to help.

“It operates very quickly and understands the nuances and the subtleties that the Government requires to make a purchasing decision. Instead of an acquisition taking 18 months or longer, the Government can come in quickly, buy the latest technology, and then change its mind without penalty if requirements change later.” The historically slow acquisition process working against the fast iterations of technology has been, explains Phelan, a long-standing issue. Carahsoft is at the forefront of solving this problem.

According to Phelan, data protection has always been Rubrik’s “bread and butter,” but an ongoing attentiveness to organisations’ resiliency needs, particularly in light of the Colonial Pipeline ransomware attack in May 2021, has rapidly increased the market’s focus on Rubrik’s security and resiliency value. As such, Rubrik’s ransomware capabilities are fostering stronger bonds between historically disparate enterprise teams, particularly the network security teams and infrastructure teams. With reliability, resilience, and accessibility standing as common goals for both, Phelan anticipates that Rubrik will be increasingly included in security conversations to help reconcile what are sometimes competing priorities. “Our capability is really about providing a great rally point for CISOs, CIOs, management and the Board to find common ground. We can add resilience, and we can work to create what I would refer to as a ‘moving defence’ at the infrastructure level so that customers can adapt much more rapidly to attacks.”

Looking ahead, Phelan anticipates that continued migration of data from physical locations to the cloud will prompt stakeholders and regulators to demand that important information is meeting more stringent security requirements than is natively provided by commercial clouds, and as such, demand for a ‘single pane of glass’ to manage data globally will quickly become the norm.  

In fact, current trends suggest that operational change following COVID-19 is no longer an option. It’s the only option. The strategic value of data and the security required to safeguard it have become paramount in today’s world, and customers must choose their partners wisely. “Scientists and students at MIT, Stanford, and Carnegie Mellon are being asked to work on data, but perhaps they don’t have security clearances or access to secure environments,” Phelan ponders. “They may be our best and brightest, but invariably they haven't been asked to think about the security and ethical issues around data access.” As organisations begin to aggregate voluminous quantities of data, the understanding that our mission and corporate data has become an integral strategic asset is practically beyond dispute. Rubrik has the ability to manage, secure, and move it at high levels of both reliability and resiliency. As the world settles into the ‘new normal’ of operations, Rubrik’s ability to secure, manage, and move that data whenever and wherever it’s needed will give any customer the advantage it needs to succeed.