Q&A: Rubrik Co-Founder On Preparing For Ransomware And The Rise Of Data Security Posture Management

Attacks targeting critical data and services continue to rise. Ransomware attacks have surged this year – with cloud SaaS services like Microsoft 365 being a common target for cybercriminals. 

For this reason, it’s critical organizations have a robust data backup solution in place for their cloud services. Arvind Nithrakashyap is the Co-founder and CTO at Rubrik, a data security vendor that helps organizations to stay secure against cyberattacks, malicious insiders, and operational disruptions. 

Expert Insights recently connected with Nithrakashyap to bring you his expert perspectives on the state of the cloud threat landscape, recommendations for CISOs, and what he expects to see as the top data security trends in 2025 and beyond.

Q. What are the biggest challenges facing organizations in the cloud backup space today and how are threats evolving?

According to the recent Rubrik Zero Labs report, 94% of IT and security leaders reported their organization experienced a significant cyberattack last year. During these incidents, attackers attempted to remove backup and recovery options from defenders. External organizations that reported a successful attack observed that their attackers tried to affect the backups in 96% of these attacks and were at least partially successful in 74% of those attempts. 

With ransomware group tactics rapidly evolving, security leaders will never be able to fully pin down risk—or completely eliminate it—but they can get a handle on the most impactful levers and take distinct actions to change the risk calculus in their favor. Preparation is key and leaders can get ahead of evolving threats by increasing data visibility, especially across hybrid environments, while also having a comprehensive understanding of where their sensitive data is, who has access to it, and how it is being secured. 

Preparing for a contested recovery will also alleviate the pressure against a threat. This includes ensuring that backups are fully immutable and available, automating as much of the recovery process as possible, and testing recovery outcomes across hybrid environments. Lastly, they should be prepared to find ways to unify different teams before, during, and after an attack. 

Having a recoverable backup in place can be one of the most significant components when an organization is faced with a ransomware event. 

Q. How does the Rubrik Microsoft 365 Protection platform help teams address these challenges, and how do you differentiate the platform in this competitive space?

While security leaders can’t control when, where, or how the next cyber strike is coming—or completely prevent it—they can take distinct actions to control the risk and subsequent impacts. Rubrik Microsoft 365 Protection enables customers to: 

• Withstand cyber-attacks: Isolate backups with an air gap, secure admin privileges, and protect against hackers manipulating retention policies, while allowing users to discover and classify sensitive data in Microsoft 365 and retain data encryption control. 
• Automate data protection: Users can assess sensitive data exposure risk before and after attacks. This ensures classified data is where it should be while supporting business requirements for GDPR and other regulations using delegated privileges and Role-Based Access Control (RBAC). The platform also features a unified dashboard to eliminate manual job scheduling, check compliance, and handle recovery tasks.  
• Quickly recover: Rubrik enables organizations to find and restore data fast and ensures that files are still retrievable 90 days and beyond without relying on eDiscovery and Litigation Hold. Users can browse point-in-time snapshots, restore data from inactive and active users, and recover individual files, emails, folders, shared mailboxes, or entire OneDrive sites.

Q. What are your top recommendations for CISOs in the process of looking for a cloud backup solution?

Without reliable, up-to-date visibility into the full spectrum of critical business data, organizations can easily be overwhelmed by the magnitude of their data footprint, in addition to not knowing where critical datasets are located, which datasets are still growing in size, and which datasets have aged out of use.

The lack of a single pane of glass to manage and monitor data protection activities can lead to gaps in visibility. Implementing a solution that offers instant data recovery and increased data visibility, especially across hybrid environments, helps security leaders understand the entire data journey, including where it resides and who has access to it.

Q. What trends do you expect to see in the cloud backup space in 2025?

In the new year, we will continue to see the rise of data security posture management (DSPM). This is an approach to data security that solves one of the most complex issues in modern cloud environments: knowing where all your data is and how it is secured. The use of AI in enterprise applications has made it critical for organizations to monitor what data is being sent into LLMs. DSPM provides clear visibility to address this and ensure that only safe, compliant data is used in GenAI applications. 

Q. In your view, what should organizations’ top cloud backup planning priorities be for 2025?

With the cloud’s continued expansion and as more enterprise organizations adopt AI, a holistic approach to data visibility will be more important than ever in order to combat vulnerabilities. In 2025, I believe organizations should focus on protecting data in the cloud, monitoring risk, and recovering data and applications in the event of an attack. This means going above and beyond app-native security tools and finding solutions tailor-made to not only prevent threats from reaching data in the cloud, but also recover swiftly against any threats. 

Further reading:

• Learn more about Rubrik
• Read our guide to Backup and Recovery Solutions for Microsoft 365.