The menace of ransomware in recent times has cast the spotlight on data security as organizations look to protect their data from being held ransom and away from prying eyes.
Backup and recovery software providers have seized on this opportunity by bolstering their offerings to protect and recover data from ransomware attacks.
Rubrik, for example, has developed threat hunting capabilities that scan backups for traces of ransomware, as well as a cloud vault service that keeps air-gapped copies of data on Microsoft Azure to enable organizations to recover from cyber attacks.
Against this backdrop, suppliers such as Rubrik are increasingly positioning themselves as security technology suppliers even though their focus is largely limited to data security.
“Rubrik is a cyber security company,” said Bipul Sinha, CEO of Rubrik, during a recent interview with Computer Weekly. “We focus on data security for governments and businesses around the world to recover from ransomware and other data security threats.”
Elaborating, Sinha said that while the traditional cyber security players focus on prevention, detection and investigation of attacks from an infrastructure and cloud security perspective, “Rubrik is on the data security path, which is the other half of cyber security, from resilience and observability to recovery”.
“The combination of infrastructure security and data security is what every business needs to have full zero-trust security,” he said, referring to the concept of treating all users and data equally when applying security controls.
Tailwinds for growth
The focus on data security to address ransomware threats and the need to protect data on cloud and edge environments have been tailwinds for Rubrik and others such as Veeam in the backup and recovery software market.
Rubrik, for one, is seeing significant growth with almost 4,000 customers globally. Its annual recurring revenue is growing at over 100% while its customer retention rate stands at over 99%, Sinha claimed.
“Our customers are sticking with us to protect their data, whether the data lives in the enterprise or in SaaS [software-as-a-service] apps,” Sinha said. “We secure data everywhere and the vision of Rubrik is to protect a hybrid cloud environment across the world.”
The growth story is similar in Asia, particularly in Southeast Asia, which has been a hotbed for ransomware, said Kamal Brar, Rubrik’s vice-president and general manager for Asia-Pacific and Japan, noting that data protection regulations have also helped to spur its growth in the region.
“Companies now have to focus on data security and data protection whereas in the past, from a regulatory or governance standpoint, this was an area of weakness,” he said. “Even governments have now said it’s important to secure citizen data, including health-related information.”
About a third of Rubrik’s engineering investments are in Asia, which Brar said is “not just a critical part of our growth – it’s a critical part of the company’s success”.
As a testament to its confidence in its capabilities, Rubrik announced a $5m ransomware recovery guarantee late last year to assure its customers that their data would be recoverable, regardless of cyber incidents or natural disasters.
The warranty covers expenses related to data recovery and restoration should Rubrik be unable to recover data in the aftermath of a ransomware attack. Sinha said none of Rubrik’s customers have claimed against the warranty so far.
These days, Rubrik engages more with chief information security officers (CISOs) and chief risk officers to understand what sorts of capabilities they need in the future.
“We are now building products to serve that need because as ransomware becomes more pervasive with attacks going unchecked, customers have more regulatory requirements to do mass recovery,” Sinha said.
“Can you ensure that I understand the extent of my attack? Because when an attack happens, it could take a long time to recover systems that your business may not exist. And how do you ensure that bad content is not going to be part of the scope of the attack?
“These are the kinds of things we focus on, and we have the core engineering capabilities. We are working with our customers, particularly on the security side, to understand the rapidly evolving security landscape and building solutions for it.”