In my previous blog post, I responded to a Gestalt IT article by Tim Carr that reviewed the typical stages of public cloud adoption in an enterprise. In particular, I focused on Rubrik solutions such as CloudOut, CloudOn, and Cloud Cluster, which provide customers with advanced data management capabilities for each phase of their cloud adoption journey.
Tim has followed up his article with a deeper look at how enterprises are approaching phase 2 and the important role that cloud data management plays in their journey. Three areas of emphasis that Tim highlights are security, management tool sprawl, and cloud lock-in. These are areas that Rubrik has thought hard and long about as part of its “clean sheet” approach to data protection and cloud data management.
While security should always be top of mind, it’s frequently an afterthought addressed in phase 2 or beyond in the cloud journey. But any time you consider sending data off-premises over the internet, there should be questions about securing data in transit and at rest. Rubrik provides an end-to-end solution beginning with data encrypted as it is being backed up to our Rubrik nodes. Each file is encrypted using client-side encryption prior to data being archived out to Amazon S3 or Azure Blob Storage.
Taking S3 as an example, Rubrik uses the encrypted multipart upload API to break the data into chunks. A new 256-bit symmetric AES key is then generated for each file, which is then envelope-encrypted using a 2048-bit RSA key provided by the customer. Once this is complete, we upload the data to S3 in its encrypted form. The data is encrypted while in flight using Transport Layer Security (TLS) version 1.2 protocol with certificates signed using the SHA-512 hash function. The combination of encryption in flight and at rest gives Rubrik customers peace of mind that their data is secure and protected wherever it lives.
Once the data is in public cloud storage, access is restricted to a specified set of authenticated users, and permitted actions are dictated using Role-Based Access Control (RBAC).
Management Tool Sprawl
Once you’ve moved some workload into the cloud or instantiated it in AWS or Azure, you need to think about how to properly protect and manage those workloads and the data they create. Each public cloud vendor has its own native tools that are tightly integrated with the platform but cannot manage your on-premises infrastructure or another public cloud. This means each environment requires its own tools and processes.
Rubrik addresses this issue through its Cloud Cluster capability. Cloud Cluster is a virtual version of the Rubrik Cloud Data Management system, instantiated using native public cloud resources that can protect cloud-native workloads running in AWS or Azure. By extending Rubrik into the public cloud, we provide customers with a common solution for managing both their on-premises and cloud data. Since the Rubrik software running in our Cloud Clusters is identical to what runs in our on-premises appliances, customers have access to the same APIs across both environments and can leverage the same processes.
In his article, Tim raises concerns over the potential risk of backing up your data to the same cloud provider that is hosting your instances and applications. Some of these risks are mitigated by the architecture of public cloud object stores such as S3 and Azure Blob Storage. These object stores are designed to replicate multiple copies across disparate data centers to guarantee high availability and durability.
However, customers may require redundancy across cloud providers or have other reasons for wanting some or all of their protected data from one cloud hosted in a different cloud or on-premises. That is why Rubrik has, since our early days, enabled data replication across cloud providers and on-premises infrastructures. This capability is a clear example of how Cloud Data Management is integral to our solution and not merely a bolt-on afterthought.
We at Rubrik are committed to relentless innovation on behalf of our customers and to making simplified Cloud Data Management a reality as they journey through the phases of cloud adoption. We invite you to hop onboard.