As enterprises adopt Generative AI at scale, the recently-announced Rubrik Annapurna for Amazon Bedrock offers a fortified solution to help enterprises meet the technical and compliance demands of production-grade AI applications.
But the technical complexities of moving generative AI models from pilot to production are not insignificant. Rubrik’s solution aims to simplify this effort, leveraging a seamless integration with Amazon Bedrock to provide a security-first, scalable data pipeline that can connect enterprise data directly to AI models—without compromising governance, compliance, or data freshness.
This foundation is purpose-built to support Retrieval-Augmented Generation (RAG) workflows, a growing methodology in enterprise AI. RAG combines embeddings and retrieval mechanisms to bring contextually-relevant data into AI models. This, in turn, provides more accurate and context-aware responses.
Technical Architecture of Rubrik Annapurna
The technical foundation of Rubrik Annapurna for Amazon Bedrock will be designed to consist of several key components to streamline secure data processing:
1. Data Ingestion and API-First Architecture: Rubrik’s API-driven architecture helps secure access to all enterprise data across on-premises, cloud, and SaaS environments. This architecture is designed to dynamically adjust to handle data refreshes, permissions changes, and sensitive data requirements, all without disrupting data flows.
In this type of architecture, unified API endpoints can be configured to retrieve data from various sources (CRM, ERPs, and custom databases, etc.) to eliminate the need for separate APIs for each data source. This helps reduce latency and integration complexity.
2. Application-Aware Data Embeddings: Rubrik’s embedding engine creates data embeddings that recognize application-specific schemas, such as CRM or ERP structures. These embeddings can be customized to align with enterprise requirements, supporting RAG workflows where AI models retrieve and generate responses based on relevant enterprise data.
These data embeddings will be designed to be indexed within a vector database, allowing Amazon Bedrock to perform efficient, contextually accurate searches. This workflow aims to help support diverse AI applications, from customer support systems to sales insights.
3. Role-Based Access Control (RBAC) and Data Filtering: Rubrik enforces source-based RBAC, helping ensure that only users with the correct permissions can access specific data segments within generative AI applications. This approach aligns with Zero Trust principles, to reduce the risk of unauthorized data exposure.
Before data reaches Amazon Bedrock, Rubrik’s solution will be designed to apply policies that help filter out sensitive information. For instance, Rubrik aims to automatically exclude fields marked as personally identifiable information, protected health information, or financial data based on predefined policies. This can help ensure that generative AI outputs remain compliant with business requirements.
4. Amazon Bedrock Guardrails Integration: With Bedrock’s guardrails, the solution aims to allow enterprises to gain additional protection through prompt filtering, content moderation, and contextual grounding. This integration aims to provide a multi-layered approach to handling risks such as prompt injection, training data poisoning, and model drift, which can help ensure AI models can maintain a high level of reliability and security.
Addressing Compliance and Security Challenges in Generative AI
Rubrik Annapurna will be designed to address common security challenges unique to AI environments:
Prompt Injection Attacks: Rubrik’s filtering policies and Amazon Bedrock’s contextual checks will work together to help mitigate the risk of malicious prompts altering AI responses or leaking sensitive data. For example, Bedrock’s guardrails can prevent unauthorized queries that may otherwise bypass security layers.
Data Freshness and Compliance: Rubrik uses SLA domains to update data automatically at scheduled intervals. This aims to help ensure data freshness, maintaining relevancy and compliance without manual intervention. This level of automation is designed to help organizations adhere to regulatory requirements, such as GDPR’s “right to be forgotten,” without complex data management overhead.
Eliminating Shadow Datastores: Rubrik helps eliminate the need for duplicating data across multiple AI applications by centralizing data management. The solution is designed to minimize shadow datastores, to reduce data sprawl and lowering compliance risks by ensuring there’s a single source of truth.
Example Use Cases Enabled by Rubrik Annapurna
Let’s look at three use cases where Rubrik and Amazon Bedrock’s integrated capabilities can translate into real-world business benefits:
1. Secure Customer Support Automation
Data Flow: Customer support agents accessing data from Salesforce Service Cloud, Microsoft Teams conversations, and proprietary knowledge bases. Each source is filtered for sensitive information.
How it Works: When a customer support agent receives a query, the solution will be designed for Rubrik to pull relevant historical interactions and knowledge base entries. Amazon Bedrock to leverage this data in real-time, to provide customer support agents with accurate, AI-driven insights without risking data compliance.
2. Sales Intelligence with 360° Customer Insights
Data Flow: Sales teams need to securely access integrated data from CRM, email, and S3-stored call recordings. This aims to give sellers a comprehensive view of customer interactions.
How it Works: Rubrik’s embeddings are designed to enable context-aware queries within Bedrock, to allow sales reps to view aggregated, enriched insights for each customer. With RBAC controls, only authorized sales team members can access sensitive data, maintaining data security.
3. Dynamic Marketing Content Generation
Data Flow: Marketing teams pull data from presentations in OneDrive, customer feedback in knowledge bases, and voice-of-customer call recordings stored in S3.
How it Works: Rubrik’s solution will be designed to aggregate insights, help filter out sensitive data, and send this data to Bedrock for content creation. This allows marketing teams to generate high-quality, compliant content while leveraging real-time insights from customer interactions.
The Benefits of a Unified, Secure Data Foundation
Rubrik Annapurna is designed to provide enterprises with a solution that goes beyond traditional data access and governance by embedding security and compliance directly into the generative AI pipeline. This integration aims to provide:
Simplified Data Access and Compliance Management: With Rubrik, organizations can access a compliant, centralized data repository without needing to replicate or segregate data for each application. This reduces operational overhead and simplifies compliance tracking.
Pre-Embedded Security Controls: Rubrik’s native security features—including RBAC, sensitive data filtering, and role-based access controls—can help create a secure environment for AI applications to operate within. Amazon Bedrock’s additional guardrails extend this protection into the AI layer, safeguarding against data misuse and unintended data exposure.
Accelerated Time to Production: By eliminating the need for complex data pipelines, Rubrik can speed up generative AI projects, to allow enterprises to move from pilot to production with confidence. This streamlined workflow will be designed to provide a direct path to deploying scalable, reliable AI applications in real-world settings.
Learn More
To delve deeper into the architecture and benefits of Rubrik Annapurna for Amazon Bedrock, download our white paper, check out the demo, or visit the Rubrik Booth #1948 at AWS re:Invent.
SAFE HARBOR STATEMENT
Any unreleased services or features referenced in this blog are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.