The increasingly pervasive ransomware epidemic has exposed the grim reality that many organizations aren’t securing their hybrid cloud infrastructures from bad actors who traverse from one cloud platform to the next looking for backed-up data. Unprotected hybrid cloud infrastructures leave valuable data and applications, including Microsoft 365, vulnerable to ransomware and a wide range of cyberattacks. During this week’s Microsoft Insights event, Rubrik and Microsoft provided examples of how their collaboration is stopping ransomware attacks and breach attempts.
Succeeding at zero trust cloud management
Getting hybrid cloud security right at the infrastructure and platform level at scale is hard. At a minimum, any zero trust cloud management system or platform needs to be designed on top of strong authentication, authorization, and accounting (AAA) framework or model for cybersecurity. AAA is essential for any zero trust hybrid cloud security platform to succeed. It will also need federated authentication and support for multifactor authentication (MFA) with single sign-on (SSO). There also needs to be role-based access controls that are granular and detailed to define the least privileged access and support for identity access management (IAM). Add to this the need for build-in use activity audit logs, and the framework emerges of what a true zero trust hybrid cloud management system looks like.
Rubrik's zero trust architecture is designed to excel in each of the core areas and has proven itself reliable in Microsoft Azure deployments. In August, Microsoft made an equity investment in Rubrik to accelerate the company’s ongoing efforts to defend Microsoft Azure customers from ransomware attacks and repeated attempts to breach Azure platforms and exfiltrate data. In investing, Microsoft committed to sharing go-to-market activities and co-engineering projects to deliver integrated zero trust data protection solutions built on Microsoft Azure. During this week's Ignite 2021 conference, the product demonstrations show how tightly integrated Rubrik and Microsoft 365, Azure, and other products are.
Rubrik's ongoing co-development with Microsoft delivers solid results, as seen during the Ignite presentation today. Rubrik can scale up to protect any amount of Azure VMs, managed disks across hybrid cloud configurations, secure Microsoft Exchange, OneDrive, SharePoint, and Teams. The following diagram explains how Rubrik and Microsoft integrated infrastructure to close the gaps hybrid cloud configurations create.
What’s noteworthy about the advances Microsoft and Rubrik demonstrated today are the following key takeaways regarding their zero trust architecture, DataGuardian, and the core set of technologies is based on that continue to become more integrated into the Azure architecture:
- Their immutable data platform is shutting down ransomware attempts – Data managed by Rubrik is never available in a read/write state to the client. This is true even during a restore or Live Mount operation. Additionally, since data cannot be overwritten, even infected data later ingested by Rubrik cannot infect other existing files or folders.
- Declarative policy engine scales well in Azure deployments – Rubrik allows administrators to abstract low-end tasks required to build and maintain data protection to focus on adding value at a more strategic level across the organization.
- A threat engine that works – As Rubrik collects each backup snapshot’s metadata, we leverage machine learning to build out a full perspective of what is going on with the workload. The deep neural network (DNN) is trained to identify trends across all samples and classify new data by their similarities without requiring human input. The result is that Rubrik detects anomalies, analyzes the threat, and helps accelerate recovery with a few clicks.
- Secure API-first architecture – Having an API-Driven Architecture means that every action in the Rubrik user interface (UI) has a corresponding API that is documented and available for use.
