Rubrik Back-Up is MVP in Microsoft Environments, but Skepticism Surrounds its Burgeoning Security Portfolio

Following the OCT24 Technology Spending Intentions Survey (TSIS), ETR conducted a follow-up study to investigate the growth and proliferation of Rubrik’s capabilities within data security posture management. With data in hand, ETR assembled a panel of IT leaders with purview into backup and recovery and information security to dig deeper into the data and discuss their impressions of Rubrik.

Across industry verticals, these panelists appreciate Rubrik's efficiency and ease-of-use, particularly for Microsoft 365 environments. However, they have concerns about Rubrik’s scalability within large enterprises, where its architectural rigidity and lack of integration with enterprise security tools like Zscaler may limit its impact.

Panelists are exploring how Rubrik might evolve beyond core backup functionality into zero trust data security and hybrid cloud management, though some are skeptical of its ability to compete with established vendors like Veeam and Commvault. Rubrik’s proactive support of Red Hat OpenShift has potential; robust AI governance within backup and security will be key. Read on to learn more about regulatory and data security concerns, “Backup-as-a-Service,” DLP and PII detection, and the security implications of backup operator access to client data during recovery.

Technology Leaders Panel:

• Senior VP & Principal Storage Architect – large financial services enterprise
• Cybersecurity Manager – large energy enterprise
• Senior Director of IT Enterprise Architecture – large tech enterprise
• CISO & VP of IT Infrastructure – large industrials/tech enterprise

Vendors mentioned: AWS, Broadcom (VMware), Cohesity, Commvault, Druva, IBM (Red Hat OpenShift), Microsoft (Azure, Copilot, Office 365, SharePoint), Nutanix, Okta, Open AI (ChatGPT), OwnBackup, Rubrik, Salesforce, Veritas, Veeam, Zscaler

Key Takeaways

• Cost-Effectiveness. Rubrik is widely regarded for its favorable pricing compared to competitors like Druva, Commvault, and OwnBackup, particularly in the Microsoft 365 backup space. The combination of affordability and ease-of-use makes it especially attractive for SMB enterprises.
• Scalability Challenges in Larger Enterprises. While Rubrik's architecture is simple and efficient for smaller organizations, panelists have struggled to scale effectively in large enterprises. Issues like the reliance on ‘Briks’ for additional functionality and architectural rigidity inflate costs and limit flexibility, making it less suitable for complex, enterprise-wide deployments.
• Granular Recovery Features and Risks. Rubrik excels in providing granular data recovery, particularly for Microsoft 365 workloads. However, concerns persist about data access risks during recovery, including backup operator visibility into sensitive metadata, which raises compliance and governance challenges in regulated industries. • Integration Shortcomings and Security Limitations. The lack of integration with key security platforms like Okta and Zscaler and a proprietary approach to features like MFA present barriers to adoption in security-conscious enterprises. Panelists were skeptical of Rubrik's ability to evolve into a credible player in data security posture management.
• Future Growth Hinges on BaaS and AI. Panelists identified Backup-as-a-Service as a critical opportunity for Rubrik, especially as IT teams face pressure to minimize administrative overhead. The integration of generative AI into backup management could further simplify infrastructure needs and broaden its appeal across industries transitioning to cloud environments.
• Skepticism Around Innovation and New Initiatives. While Rubrik is making moves to support Red Hat OpenShift and improve security through AI-driven governance, panelists expressed concerns about the effectiveness of these initiatives. The company’s reliance on acquisitions rather than organic innovation adds to uncertainty about its long-term ability to compete with more established players in the enterprise backup and security markets.

Panel Highlights

The Senior Vice President and Principal Storage Architect for a large financial services enterprise, an early adopter, introduced Rubrik through an enterprise RFP process, ultimately piloting it in a production environment. “We compared Rubrik to many other options. It ended up as one of the finalists.” The Cybersecurity Manager for a large energy enterprise uses Rubrik as backup for the company's Microsoft 365 environment; they previously considered Druva and OwnBackup, but Rubrik’s pricing is favorable. “I believe we're spending about $15,000 in total per year, which shockingly was half of the price for the competitors in the same silo.”

The Senior Director of IT Enterprise Architecture for a large technology enterprise, operating in a highly regulated industry, remains in evaluation mode. “We’re looking to see if Rubrik can find PII or policy violations of certain types of data that shouldn't have been backed up.” As they attempt to consolidate legacy vendors, of particular concern is backing up data from SaaS services; this executive introduced the notion of “Backup-as-a-Service.” “We don't want to be hiring people to do that stuff for us anymore. IT is going to continue to be pressured not to hire administrators, so Backup-as-a-Service, so I just don't have to deal with these ransomware situations.” They are also considering Microsoft’s own backup feature. The CISO and Vice President of IT Infrastructure for a large industrials tech enterprise, overseeing significant IT integration challenges, has chosen to consolidate onto Rubrik across his organization. “We've eliminated probably five other [on-premises] backup systems. Now we're thinking about extending that out to the cloud, to our AWS environment and also to our Microsoft Office 365 environment.”

ETR Data: Rubrik holds the highest shared Net Score within the Storage sector among all 1034 Microsoft Cloud customers in the OCT24 TSIS, highlighting the alignment mentioned by our panelists. In the shared accounts analysis pictured above, Rubrik’s Net Score is 53.7%, higher than its overall Net Score in the Storage sector (51%). Not pictured, Rubrik also outperforms within the Information Security among Microsoft Cloud customers. Shared Net Score is 45%, trailing Wiz, which is once again greater than the vendor’s Information Security sector Net Score of 38%.

Rubrik is simple and efficient, making it attractive to small to midsized organizations. “The big plus is that you set it, and you just spend the money,” says one VP. “You're basically adding to the cluster, or clusters, as it will show, and that's all you care about.” However, its scalability and architecture may present challenges to the enterprise, where this executive has struggled to adopt Rubrik effectively at scale. “It was clearly visible from the paperwork and architectural conversation that it can't work for us efficiently. It still works; it's still a good product. We're just not the right company.” They also expressed concerns about the way Rubrik directly reads backup data. “If I need this person or this department’s mail files, sure, it can do that. But to us it's a deficiency, because Rubrik is actually reading the data. If Rubrik is reading the data, a backup operator is reaching the data.” Additionally, while Rubrik’s policy-driven cluster management ensures consistency at scale, its strictly predefined parameters may limit speed and flexibility during emergency recoveries.

Another senior director raised questions about security in the context of emerging AI governance—particularly criticizing Rubrik’s DLP implementation for failing to adequately address nuanced cases, like detecting partial Social Security numbers—and voiced broader concerns about Rubrik’s innovation and integration as the company moves toward an IPO. “My worry is they're going to go IPO and they're going to lose their innovation capability. But again, nobody else does Copilot right now—as I mentioned, the other company does ChatGPT—so it really depends on them, on their architecture, and how they integrate these software companies that they're buying.” They suggested that Rubrik favor acquisitions in this space over organic development. “We will be looking at best-of-breed; to dislodge Zscaler, when it comes to those security tools, it's going to be tough for Rubrik.” While they appreciated Rubrik’s better backup granularity compared to Microsoft 365’s own service, this executive found OwnBackup to offer a more intuitive user interface and overall stronger user experience— and for enterprise backup, no particular benefit to warrant switching from Commvault.

ETR Data: With an expanding portfolio of offerings, customers indicate net-positive plans on future usage of Rubrik products. In the OCT24 TSIS follow-up Rubrik drill down, an aggregate 40% of respondents indicated plans to add at least one Rubrik product in the next 12 months, whereas only 23% of respondents have plans to stop using at least one Rubrik product. Data Threat Analytics is expected to be the area of highest growth, while Data Protection will remain most used (by 71% of respondents).

However, another CISO finds Rubrik particularly helpful for on-premises backups. “We've eliminated other products for on-premises like Druva, Commvault, Veritas, and Legato. We're basically down to Rubrik for all on-premises, and Veeam for our cloud-based backups.” They appreciate Rubrik’s ability to perform detailed, granular restores—from SharePoint files to virtual machines—though security is a top priority. “Because we are in the defense industry, and there are newer Department of Defense compliances that we have to meet. A good product, a solid product, but we don't know if it's going to be our one and only enterprise-wide product.”

Rubrik’s ambition to expand from backup and recovery into zero trust data security faces obstacles. “I agree with the previous statement,” says one CISO, “That there was some concern with the backup operator having access to the data. When you recover something, you can actually go into the metadata and look at the subjects of the email, and if you're going to the CEO's e-mail and recovering something, you can read his subject lines. I could potentially violate some non-disclosure agreements, because if you get a subject line, you pretty much know what the e-mail is about.” Rubrik’s all-in-one philosophy and lack of integration may limit its competitiveness, as most executives expect interoperability with other security platforms, like Okta. “Do you want backup product to dictate to you what MFA you going to be using? In my world, this is unheard of.” Attempts to introduce safeguards, such as alert systems or access tracking, are hindered by limitations in Rubrik’s architecture. As a result, “I kind of have it locked down to me and one backup tech. At the moment, we're just going to be staying with its core usage, because and it’s still the least expensive for its core product.” One CISO, however, is curious to compare Rubrik’s zero trust offerings to their existing Veeam for cloud-based backups. “I want to learn more about what they have to offer, and see how that integrates in with Microsoft Office 365. We'll do a bake off and see how it compares.”

Broadcom’s pending acquisition of VMware has many organizations apprehensive about potential price increases and is prompting them to explore virtualization alternatives from Red Hat OpenShift, Nutanix, and Microsoft. Rubrik has proactively moved to support Red Hat’s OpenShift, though these executives would be hesitant to adopt without a broader POC. “We are using Red Hat for our CRM system,” says one cybersecurity manager, “But I don't think we would consider Rubrik for that.” While their VMware administrator is exploring alternatives, the organization would need to evaluate new virtualization backup solutions comprehensively across the entire infrastructure. Another VP points to the sheer scale and timeline of any migration away from VMware, although, “If [Rubrik] can do good work for supporting virtualization and security around virtualization, great. But so far this is a totally new, long-awaited, and long-delayed feature.”

Broadly, our panelists emphasize that that integration capabilities will be critical to Rubrik adoption. “A lot of it’s going to have to do with integration, and how well it works with Office 365.” As IT budgets come under pressure, they imagine a future of unified backup solutions and Backup-as-a-Service offerings. “I also think generative AI has to be included in there. I can have an English major to the prompting, and less and less require some experts to do the infrastructure.” Ever-evolving Microsoft licensing will push more enterprises to Azure. “As Microsoft's persistent licensing for 2016 and 2019 are no longer viable, suddenly Azure is going to be the way they want to go. A lot of people are going to end up spending a lot more money, and they're going to be looking for ways to cut down on their budgets to absorb that,” says one executive. “With that move to the cloud,” adds another cybersecurity manager, “It's going to end up needing backup. And since you can't just back up to another location on your footprint, things like Rubrik are going to become more and more important.”