CIO Influence Interview with Anneka Gupta, Chief Product Officer at Rubrik

“AI, especially generative AI, has the power to enable cyber security and IT teams with the right information during an event to respond quickly leveraging the vast information and resources that are available.”

Hi Anneka, welcome to the CIO Influence Interview Series. Please tell us a little bit about your role at Rubrik. How did you arrive here at the company?

I’m currently the Chief Product Officer at Rubrik running the product management and design organization. I came to Rubrik after being the President of LiveRamp, a leading marketing technology company, and seeing the company from a pre-product market fit startup all the way through being a publicly -traded company.

I joined Rubrik about two and a half years ago.

What drew me to the company beyond the people and culture was the potential for the product. We were in the early phases of transforming the company and our business from modern data protection into a data security company. I was drawn to the product at Rubrik.

Rubrik since its inception built a foundational architecture – a single software layer for managing a time series of data across all places where data lives. Coming from the world of data, I saw how the strength of the platform, and the strength of Rubrik’s customer relationships could expand to new use cases such as security. The potential of Rubrik given the power of the product has made my journey at Rubrik thus far a dream job.

And, it feels like I’m just getting started.

How do you define “Cyber Recovery and protection” products at Rubrik?

What is your product roadmap for 2024?

Most organizations feel ill-equipped to ensure business continuity in the face of increasing cyber-attacks. In fact, 2 out of 3 organizations say that data growth is outpacing their ability to secure it.

At the same time, traditional cybersecurity products have been focused on how to keep attackers out of the systems not how to recover after someone has broken through your walls. Rubrik’s products solve for complete cyber resilience in the enterprise.

This is broken down into two areas: Cyber Recovery and Cyber Posture.

Cyber recovery and protection encompasses answering the question “How do I confidently recover after an attack.”

The challenges in cyber recovery which are different than recovering from a natural disaster or accidental deletion of data is in a cyber scenario you don’t know the scope of the attack, when the attack began, what the impact radius was, and what point to recover to to ensure you don’t reinfect your systems. The investigation to answer these questions can take weeks if not months and stand in the way of organizations getting back up and running quickly.

With Rubrik’s products, we can provide insights that answer these questions and shorten recovery times from weeks/months to hours and days. There is constant innovation we are driving in cyber recovery as we help provide insights that enable organizations to investigate and recover faster against emerging threats to the data and across a larger and larger footprint of data in enterprise, cloud, and SaaS applications.

The second pillar of cyber resilience is Cyber Posture – this helps answer the question “How do I prepare for an attack and prevent data exfiltration which is a key tactic in double extortion ransomware attacks?”

To better prepare, organizations need to be able to locate all of their sensitive data across their organization, figure out who has access to that data, should they have access and what are they actually doing with the data.

Rubrik acquired Laminar in August of this year to accelerate our ability to answer these types of questions and help organizations limit access to sensitive data and detect quickly if there is malicious activity happening on this data. Expect much more innovation in this pillar as this is a huge unsolved problem for every organization and therefore a large threat vector.

Rubrik is one of the leading vendors in the Zero Trust Data Security industry. What are the fundamental ingredients that go into building a strong cyber protection framework?

Organizations need a solution for cyber resilience across all of their data assets that live in the enterprise, cloud, and SaaS applications. Cyber resilience requires Cyber Recovery and Cyber Posture (see above for the definitions of these areas).

In order to successfully solve cyber resilience, there are a few key ingredients required:

1) Architecture,

2) AI and machine learning, and

3) Accelerated pace of innovation.

Let’s dive into each of these:

Architecture

In order to solve for complete cyber resilience, you need to have a single software layer that ingests data from any source whether that lives in the enterprise (e.g. on-premise), in public clouds, or in SaaS apps, and stores that data as a time series of both the metadata and data together. This is a unique architectural construct Rubrik designed from day 1 because we knew that access to data was fundamental for data protection but also for a myriad of other use cases that require access to the data. The time series is a critical component because it’s not just important to know the latest version of the data but actually understand how that data changes over time.

The combination of metadata and data is critical because the context of the data within the application matters to understanding fundamentally the structure and meaning behind that data.

AI and machine learning

The architectural foundation is what allows Rubrik to use AI and machine learning on top of the time series of data and metadata to detect anomalies in the data, surface insights that help shorten recovery times, and keep up with the latest patterns of attacks and emerging threats within the evolving cyber threat landscape.

Strong AI and machine learning are the only ways to take the vast troves of data that an organization has and surface actionable insights that reduce the surface area of attack and shorten times to recover.

Accelerated pace of innovation

Cyber threat actors never sleep. They leverage all the latest and greatest technologies and they are motivated and well funded. This means that any organization solving for data security must continuously innovate and innovate at an accelerated pace, month over month, year over year.

Cyber security is a cat-and-mouse game.

If you don’t innovate you die.

At Rubrik we constantly build new products (e.g. Ruby), partner with leading security vendors (e.g. ZScaler), and look for acquisition opportunities (e.g. Laminar) to change the game for security and IT.

Financial services organizations are the most targeted by cyber attackers. What kind of cybersecurity infrastructure would you recommend to the CIOs and CISOs of these companies?

CIOs and CISOs have to consider the interplay between people, processes, and technology to effectively combat cyber attackers and keep their organizations up and running no matter what threats come their way. It’s an incredibly challenging position to be in especially for organizations such as financial services that have super valuable data assets AND are highly regulated.

Despite the lightning pace of AI adoption, why are cybersecurity technology companies unable to stop and mediate attacks? How is Rubrik adapting to the paradigm shift?

As AI matures over the next year and beyond, social engineering fueled by AI will reach such a tailwind that it will be very hard to stop cyberattacks from occurring — especially as approaches like Ransomware-as-a-Service become more accessible and easy to use, inviting more cybercriminals into the equation.

No amount of training will be able to prevent some of these tactics, so we will surely see an increase in cyberattacks.

At Rubrik, we are focused on helping customers realize that attacks will happen, and are helping them focus on building a defensive strategy with a cyber resilience mindset.

You are at AWS Re: invent 2023. Tell us about the upcoming offerings for AWS and how your platform integrates with Amazon S3.

Amazon S3 holds a treasure trove of unstructured data powering large-scale organizations. Given the trove of data sitting in S3, there are immense challenges to securing this data. One of the biggest challenges is being able to provide cyber recovery and cyber posture effectively given the massive scale of data – many organizations have 10s if not 100s of petabytes of data living in S3. Rubrik has developed a unique solution for S3 that provides cyber recovery and protection for S3 no matter the scale of data, enabling both immutability and airgap as well as granular and mass recovery options, as well as cyber posture to enable rapid scanning of S3 to locate sensitive data assets and alert on access changes to these assets.

We announced on Monday, Nov 27, that Rubrik provides additional data protection for Amazon S3, providing companies the ability to secure mission-critical data. Here are some additional features of our news:

• Rubrik has expanded its portfolio to allow customers further visibility into where sensitive Amazon S3 data lives and who has access to it, while also creating effective recovery plans.
• Rubrik’s new cyber resilience capabilities include air-gapped, immutable, access-controlled backups and rapid recovery at scale for organizations that have hundreds of petabytes of Amazon S3 data.
• The cyber posture features, which will help organizations understand where their data is stored and how it is secured, draw upon capabilities from Rubrik’s recent acquisition of Laminar, a leading data security posture management (DSPM) company.

The key benefits of this service include:

• Autonomously discover, classify, and provide context on all known and shadow Amazon S3 data, without that data leaving the customer’s environment.
• Assess the security posture of sensitive data against security policies and data compliance requirements.
• Continuously monitor sensitive data within Amazon S3 for risky user activity or leakage and provide early warning of emerging threats.
• Identify and remediate redundant Amazon S3 data to help reduce cloud costs.
• Rapidly recover the most recent clean copy using a range of recovery patterns, including object level and whole bucket.

Your take on AI’s role in improving the overall cyber recovery infrastructure for corporate and unstructured databases and data lakes:

AI has a huge role to play in cyber defense.

To dig into this further, let’s go through some of the biggest challenges that organizations face in their fight against attackers and how AI can help.

Lack of trained security talent 

A huge issue for organizations especially education, healthcare, and other industries is that trained cybersecurity talent is scarce and expensive and these organizations struggle to hire and retain best-in-class talent. AI, especially generative AI, has the power to enable cyber security and IT teams with the right information during an event to respond quickly leveraging the vast information and resources that are available. In fact, Rubrik launched Ruby, our AI companion for the Rubrik Security Cloud, to solve this specific issue. Ruby helps organizations investigate and explore incidents and guides them through a process for remediation without requiring prior expertise in cyber.

Incomplete & un-tested security playbooks

Another big challenge organizations face is keeping their cyber playbooks up to date and regularly testing their playbooks to ensure they can recover from a variety of different types of attacks on their systems. This challenge is compounded by the fact that data is super fragmented across the enterprise, cloud, and SaaS and the IT systems are constantly changing and evolving.

AI can help simulate scenarios at a much faster pace vs. a human manually having to come up with all various scenarios. Combine that with tools like Rubrik’s cyber recovery simulation capabilities and you can test out multiple scenarios with just the click of a few buttons and continuously test, learn, and improve recovery tactics.

Organization-wide security accountability

Today many people within organizations still feel like security is the responsibility of security teams. Nothing could be farther from the truth. Every single person within an organization has a role to play in defending against cyber threats especially since most threats start with compromised user credentials. Today most security training is stagnant, administered annually, and non-specific for the particular role of the employee.

AI has the opportunity to generate training content specific for various roles and deliver that content on an ongoing and interactive basis to ensure every employee is best equipped to be a protector of their organization. To do this without AI today, would require massive teams and massive dollars in specific content. AI makes it possible to apply adaptive learning techniques across organizations at scale.

What are your predictions for the Zero Trust Security marketplace for 2024?

My predictions for the Zero Trust Security marketplace are:

•  Huge acceleration in massive cyberattacks being publicized (in light of new SEC regulations for reporting material breaches within 4 days)
• The above will lead to a heightened awareness, focus, and budgets for cyber resilience initiatives coming from Boards and CEOs
• The focus will shift from encryption and data destruction to data exfiltration; and, the rate of data exfiltration will increase and be more publicized
• Generative AI will go from being a cool new tool to fight cyber attacks and become more mainstream adopted by IT and security organizations

Lighter notes:

Burn the midnight candle or soak in the sun?

Soak in the sun

Coffee, or Tea?

Coffee in the morning, tea the rest of the day

Your favorite Rubrik product marketing initiative that you want everyone to know about?

Ransomware Recovery W******* – we uniquely put our money where our mouth is!

The first memorable experience in your career as an IT  Product leader?

One thing you remember about your employee (s): so many of the people I have worked with and who have worked for me have gone on to do incredible things whether that’s starting companies, running product organizations themselves, starting podcasts, and more. The most rewarding part of the job is seeing the people I’ve worked with in the past go on to do bigger and better things!

Most useful app that you currently use:

Arc.net

It’s a new Chrome-based browser that helps me stay organized and focused and has solved the problem of having 100 tabs open at the same time for me 🙂

Thank you,  Anneka! That was fun and we hope to see you back on CIO Influence soon.