Rubrik Cloud Vault provides data recovery assurance against ransomware attacks for Microsoft Azure customers, even if they maintain a hybrid environment.
Data security provider Rubrik announced Rubrik Cloud Vault, a fully-managed, secure, and isolated cloud archival service built on Microsoft Azure that helps customers secure their data and defend against cyber-attacks. The new managed secure data service is the first product since Microsoft’s equity investment in Rubrik back in August.
The Cloud Vault is the “first instance of that partnership” to build zero-trust data protections for Microsoft Azure customers, says Vamshidhar Kommineni, a group product manager at Microsoft Azure Storage Engineering.
With ransomware attacks on the rise, organizations need to be able to securely back up their data, protect those backups from being tampered with corrupted, and to restore quickly as part of its data recovery efforts. Microsoft’s investment in Rubrik was intended to accelerate the company’s efforts to defend Microsoft Azure customers from ransomware attacks and attempts to exfiltrate data.
Protecting Data From Ransomware Attacks
With the Rubrik Cloud Vault, organizations can keep their data in a secured and isolated cloud location that is fully managed by Rubrik, says Vasu Murthy, vice-president of product at Rubrik. Because the vault is logically air-gapped from the customer’s production environment, attackers can’t reach the protected data even after compromising the customer environment. In addition to air-gapping the data, Rubrik Cloud Vault offers end-to-end data immutability to ensure data is not compromised, corrupted, or deleted; encryption so that the data remains private; and the ability to restrict access only to authorized users with multi-factor authentication and role-based controls, Murthy says.
Azure provides an immutable layer where the rules are set so that data cannot be changed or deleted, Murthy says. The service maintains “immutable and instantly recoverable copies” of data, and reduces the risk that the data could be modified, deleted, or encrypted during an attack. And organizations would be able to access the data to recover quickly in case of a ransomware attack.
The customer environment doesn’t store credentials to access the protected environment, so attackers can’t just jump from the customer environment to the managed one. A customer can be very sure that if they are compromised in a ransomware attack, there is no way for the environment containing the backed up data to also be compromised.
“For majority of our customers provisioning such an infrastructure that’s air gapped infrastructure takes a lot of work,” Murthy says.
Data Protection For Cloud and On-Prem
Rubrik is looking at three different data protection scenarios: protecting the data and assets natively in the cloud, protecting specific workloads dealing with specific data rules, and protecting the hybrid data environment involving on-premise data centers and Azure instances. The Rubrik Cloud Vault integrates with Microsoft technologies, including Azure Storage and Zero Trust Data Security, to provide organizations with a data protection and disaster recovery solution across all three scenarios, Murthy says.
Microsoft could technically have built a service within Azure to protect data from ransomware attacks instead of partnering with Rubrik, However, Rubrik Cloud Vault does more than what a native Azure tool would have been able to do because the service also addresses the other data protection scenarios other than just Azure environments, Kommineni says. The vault’s ransomware defense capability is “really about that hybrid scenario,” he says.
“A lot of our customers continue to keep some of their mission critical workloads on premises,” Kommineni says, noting reasons include compliance, data residency rules, and not wanting to spend the time to migrate or modernize legacy workloads. Rubrik Cloud Vault really shines for those on-premises environments because the service relies on a secure cloud storage back-end, Kommineni says. “We are the off-site backup for these orphaned data centers.”
Rubrik and Microsoft have been working together since 2016 and currently have “thousands” of shared customers on Azure for cloud-native data protection for assets within Azure, as well as hybrid data protections for assets from on-premise data centers and Azure, Kommineni says.
Microsoft is focused on building out a platform where partners can innovate, Kommineni says. While it’s possible to build out various security capabilities and data durability in-house, the partners “build this much nicer,” Kommineni says.
Rubrik Cloud Vault will be generally available on the Azure Marketplace in coming months, Rubrik said.
Source: www.darkreading.com