Rubrik Is The ‘Only’ Provider Of Zero Trust Data Security: CEO Bipul Sinha

The company, which helps enable businesses to recover after a ransomware attack, said it has reached $500 million in annual recurring revenue and added the former CEO of Palo Alto Networks to its board.

Rubrik co-founder and CEO Bipul Sinha

Even with the industry-wide effort by cybersecurity vendors to offer products that help enable a “zero trust” security posture for businesses, Rubrik co-founder and CEO Bipul Sinha contends that his company stands alone in offering data security built on zero trust principles.

Whatever you think of that claim, there’s no disputing that Rubrik has caught hold of something big on its quest to help businesses recover from ransomware and other threats to data.

As evidence of this, the company on Wednesday disclosed that it has now crossed $500 million in annual recurring revenue (ARR) for its software subscriptions. That’s up from $400 million in ARR as of late August, and puts privately held Rubrik in the same ballpark as some of the industry’s publicly traded firms, such as SentinelOne.

In a bid to add even more cybersecurity firepower, Rubrik also announced Wednesday that it has added the former CEO of security giant Palo Alto Networks, Mark McLaughlin, to its board.

Without a doubt, Rubrik now has the “scale and momentum” to go public when the timing is better, Sinha said in an interview with CRN. In the meantime, the company will keep pursuing aggressive growth through channel partners, with the channel continuing to drive 100 percent of the company sales, he said.

Rubrik’s advantage, according to Sinha, is that “from day one” the company was committed to an architecture for its data protection software built on zero trust, involving steeper requirements for user access to data and greater control for organizations.

As a result, “we are the only zero trust data security platform,” Sinha said. “And that’s what is driving our demand, because that’s what businesses need. They need to have a platform where you can only interact with the platform with full authentication.”

By contrast, he said, “the classic backup and recovery architecture is a ‘full trust’ architecture.”

What follows is an edited portion of CRN’s interview with Sinha.

As you’ve said before, Rubrik is aiming to be seen as a cybersecurity company at this point. Where are you focused within cybersecurity?

What we are seeing is that the classic infrastructure security, around prevention and detection of attack, is not 100 percent. So every business is thinking about cyber resiliency. And resiliency means, how do I continue to operate, even [amid] attacks such as ransomware? How do I keep going even when there is a significant attack? How do I create a resilient business? And that’s the Rubrik business. That’s [our] approach with cybersecurity, because what we are saying is, data is the most important asset of any organization. And if your data is secure, your business is secure. So if we can make your data available always, you can reconstitute your business and keep going. And that’s what is driving our growth. We just crossed half a billion in ARR. It is driven by the business’ need for cyber resiliency.

Can you say what your ARR was at this point a year ago?

I can’t comment on the number as of last year, but we are growing about 100 percent year-over-year.

What would you point to as one of the key moves you’ve made, that’s enabled Rubrik to get to this level?

Rubrik from day one took the decision of building a new software [platform] based on zero trust principles. So we are the only zero trust data security platform. And that’s what is driving our demand, because that’s what businesses need. They need to have a platform where you can only interact with the platform with full authentication.

So you’re not enabling customers to do zero trust in general — what you’re doing is protecting their data on your own platform in a zero trust fashion?

Yes. And if you think about it, that is the right posture — because if the business’ most critical asset is protected in a zero trust framework, that means the business is safe. We are not throwing it to the customer.

When we started Rubrik, what we saw was that classic cybersecurity was not helping with data. They were trying to prevent and detect problems, and backup and recovery was built for natural disaster, or human error. It was not built for cyberattacks and cyber disasters. And what we did was we took these two separate concepts and combined them into a single platform with zero trust principles. And that was the decision we took nine years ago.

That’s well before zero trust was the big buzzword in security — you feel like what you had back then lines up with how people are defining zero trust today?

Exactly. Because what zero trust means is that you assume that breach has happened and everything else is compromised. That’s what we assumed. The classic backup and recovery architecture is a “full trust” architecture, which assumes that if you can get to the backup software, that means you are trusted. In our case, we created a brand new architecture, which assumes that a breach has happened and everything else is compromised.

With the growth that you’ve seen at Rubrik, you’re now on par with some publicly traded cybersecurity vendors. How are you viewing the IPO option at this point?

In the cybersecurity industry there are a few “platform companies” that [offer a wide range] of capabilities. Palo Alto Networks is one of them, CrowdStrike is another one, DataDog is another one. And Rubrik is one of those class of companies that is driving a platform strategy. Our Rubrik security cloud drives multiple capabilities. So when you have a platform company with multiple applications and capabilities across a wide swath of solutions, then you get this effect of high growth, high scale. We want to build a long-term, long-lasting cybersecurity company. We’re creating this whole data security category, where we want to be the leader and consolidator of this space. Obviously, at some point we want to be a public company. We are watching the market and when the time is right, we’ll be a public company. We definitely have the scale and momentum [to complete an IPO].

What’s your message to channel partners right now about the opportunities with Rubrik?

From the early days of the company, we made the decision that Rubrik is a channel go-to-market company, and we do all our business with our channel partners. It is really our technology plus the services component that they add — that’s what does the magic for our customers. Our technology and our platform allows our partners to have a strategic dialogue with the customer.

Is there anything you want to do more of with partners in 2023?

We announced a feature called Rubrik Cyber Recovery that allows our customers to simulate ransomware recovery, cyberattack recovery — and assign a percentage of [likelihood of] success. And as they periodically do this, they can see how it has trended. It allows our partners to have a real conversation of how they can help their customers become cyber resilient.

Besides ransomware, are there other data security threats that you see as particularly concerning to customers right now?

Insider attack is becoming a huge vector. And insider threats [are about] going after the data. [In some cases] an insider goes and deletes the data, or corrupts the data. The thing is that, when you have a critical asset on which the business runs, then all sorts of threat vectors emerge out of it. Our goal is to comprehensively protect the data.