Rubrik and Microsoft partner to secure hybrid clouds in a zero-trust world

The growing ransomware epidemic has exposed the grim reality that many organizations fail to secure their hybrid cloud infrastructures against bad actors who move between cloud platforms in search of backed up data. Unprotected hybrid cloud infrastructures leave valuable data and applications, including Microsoft 365, vulnerable to ransomware and a wide range of cyber attacks. During this week’s Microsoft Insights event, Rubrik and Microsoft provided examples of how their collaboration stops ransomware attacks and attempted breaches.

Successful zero-trust cloud management

It is difficult to achieve hybrid cloud security at the infrastructure and platform level at scale. At a minimum, any zero trust cloud management system or platform should be designed on top of a strong authentication, authorization, and accounting (AAA) framework or model for cybersecurity. AAA is essential for any zero-trust hybrid cloud security platform to be successful. It will also need federated authentication and support for multi-factor authentication (MFA) with single sign-on (SSO). There should also be role-based access controls that are granular and detailed to define the least privileged access and support for Identity Access Management (IAM). Add to that the need for built-in usage activity audit logs, and the framework emerges for what a true zero-trust hybrid cloud management system looks like.

Rubrik’s zero-trust architecture is designed to excel in each of the key areas and has proven to be reliable in Microsoft Azure deployments. In August, Microsoft took a stake in Rubrik accelerate the company’s ongoing efforts to defend Microsoft Azure customers against ransomware attacks and repeated attempts to breach Azure platforms and exfiltrate data. By investing, Microsoft has committed to share go-to-market activities and co-engineering projects to deliver integrated zero-trust data protection solutions based on Microsoft Azure. During this week’s Ignite 2021 conference, product demos show how tightly integrated Rubrik and Microsoft 365, Azure and other products are.

Rubrik’s ongoing co-development with Microsoft is delivering solid results, as seen in the Ignite presentation today. Rubrik can scale to protect any amount of Azure VMs, managed disks in hybrid cloud configurations, secure Microsoft Exchange, OneDrive, SharePoint, and Teams. The following diagram explains how Rubrik and Microsoft integrated the infrastructure to fill the gaps created by hybrid cloud configurations.

Above: Rubrik and Microsoft’s level of integration across all platforms to recover from a ransomware attack, the scales have become based on native Azure APIs.

The more secure the cloud data, the easier it is to recover

Rubrik writes data to Azure in an encrypted state using a customer-vendor key, and encrypts data in-flight and at rest. The Rubrik platform does this to protect data from attackers and malicious administrators by requiring both the Rubrik authorization and the organization’s encryption key to unlock the data. Additionally, to protect data stored in Azure, Rubrik requires that anyone attempting to access any location has a secure key from Azure Key Vault. A big plus for the Rubrik and Azure partnership is the way these workflows cover hybrid cloud configurations whether or not all clouds are running Microsoft Azure.

What is remarkable about the advances demonstrated today by Microsoft and Rubrik are the following key points regarding their Zero Trust architecture, DataGuardian, and the core set of technologies upon which integration into the Azure architecture is based. :

  • Their Immutable Data Platform Stops Ransomware Attempts – The data managed by Rubrik is never available in read / write for the client. This is true even during a restore or live mount operation. In addition, since the data cannot be overwritten, even infected data subsequently ingested by Rubrik cannot infect other existing files or folders.
  • Declarative policy engine adapts well to Azure deployments – Rubrik enables administrators to abstract the low-end tasks needed to create and maintain data protection to focus on adding value at a more strategic level across the organization.
  • A Threat Engine that Works – As Rubrik collects metadata from each backup snapshot, we take advantage of machine learning to create a complete perspective of what’s going on with the workload. The Deep Neural Network (DNN) is trained to identify trends in all samples and rank new data based on their similarities without requiring human intervention. The result is that Rubrik detects anomalies, analyzes the threat, and helps speed recovery with just a few clicks.
  • Secure API-based architecture – Having an API driven architecture means that every action in the Rubrik user interface (UI) has a corresponding API that is documented and available for use.

All of these factors combine to streamline the recovery process in the event of a ransomware attack. The following graphic shared today on Microsoft Ignite shows how:

    Rubrik's ongoing co-development with Microsoft is yielding solid results, as their unique approach to SAML-based identity management combined with their adherence to the Zero Trust Security NIST standard proves effective in thwarting ransomware attacks.

Above: Rubrik’s ongoing co-development with Microsoft is yielding solid results as their unique approach to SAML-based identity management combined with their adherence to the Zero Trust Security NIST standard proves effective in thwarting attacks of ransomware.

Hybrid cloud setups require abstract thinking

Securing hybrid cloud setups is like enrolling in a graduate program in computer science or math. It’s a challenge, it requires the ability to see abstract concepts and integrate them – and to evolve everything and provide solid and correct answers simultaneously. Rubrik and Microsoft show they solved the immediate challenges of a hybrid cloud setup. Moving on to a more chaotic world, CIOs and Information Security Officers (CISOs) face legacy applications and platforms that do not perform well by security and IT standards. business today.


VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member

Source link

Previous Belgian Supreme Court rules that the data protection authority can impose administrative fines even when the personal data of a data subject has not been processed | Alston & Bird
Next Custom Wager Skis features hand painted maps

No Comment

Leave a reply

Your email address will not be published. Required fields are marked *