For one of the largest poultry plants in the U.S., these three things shape every infrastructure decision they make.

This blog, co-authored by the company’s Information Security & Operations Manager Patrick Conroy and Rubrik, describes how Patrick’s team designed cloud-aligned resilience for critical workloads and then extended the same model to Azure DevOps.

The company runs exclusively as a Microsoft shop, with Azure at the center. Core workloads include virtual machines and SQL databases in Azure, Azure Data Factory and Azure Fabric pipelines, and Dynamics 365 environments for ERP and integrations.

A significant portion of the company’s differentiation lives in custom applications and data flows:

• Custom integrations that ingest data from plant-floor systems and external sources into central data stores.
• In-house tools for parts and supply rooms that tie PPE and inventory to purchase orders.
• Custom reporting workloads that support operational dashboards and regulatory obligations under the Packers and Stockyards Act.

Plant data moves through Azure data services into live dashboards around the building, giving operations a near real-time view of throughput and performance. At the same time, the team deliberately separates production-critical systems from analytics by mirroring production databases and running reporting off the copies rather than the live systems.

Patrick sums up the philosophy simply: “Everything we kind of do, it’s designed around, 'If this is broken, can we still run chicken?”

Before adopting Rubrik Cloud Data Protection, the team ran Avamar combined with Azure Site Recovery. While this provided data copies, it came with several limitations:

• Managing the legacy platform consumed a large amount of operational effort, to the point where roughly half an FTE was tied up in keeping it healthy.
• Azure Site Recovery could replicate workloads to the cloud, but latency-sensitive plant-floor systems, such as labeling equipment that needs sub-5-millisecond response times, cannot realistically run directly from the public cloud.
• Past experiences with tools claiming successful backups but failing at restore time left the team skeptical of anything requiring heavy manual oversight. Validation of restores became non-negotiable.
• For Azure DevOps, the team started with native retention and soft delete, but found that the built-in options did not provide enough control over backup policy or restore behavior.

What they needed was a cloud-aligned approach that would cut operational overhead, support realistic recovery paths for manufacturing workloads, and give them real control over how DevOps data gets protected.

With Rubrik, the team rebuilt resilience around a few straightforward principles: protection should be automatic, backups should be immutable, and there should always be a copy that a ransomware attack or admin mistake cannot reach.

Rather than manually assigning backup jobs to individual workloads, the team defines SLA policies at higher scopes, like vCenter and Azure subscriptions, so new VMs automatically inherit at least a baseline policy. This takes the risk of a forgotten workload off the table and has cut day-to-day administration dramatically. What previously consumed roughly half an FTE is now closer to a quick daily check of backup status.

Retention Lock makes backups immutable for a defined period, ensuring that even compromised admin accounts cannot wipe out the backup estate. And Rubrik Cloud Vault adds an offline, air-gapped copy entirely isolated from production infrastructure, without the overhead of tape. Patrick called this out as one of the clearest differentiators in their environment: a single incident, whether ransomware or an admin mistake, cannot take out every version of the data.

On top of that, the team uses Rubrik’s Data Threat Analytics to scan backups for sensitive data and indicators of compromise. Before committing to a restore, they can run Threat Hunting with custom YARA rules alongside Microsoft Defender XDR to validate that a restore point is actually clean. Resilience is not just about having backups. It is about knowing whether those backups are trustworthy.

One workload illustrates why this matters in practice. Under the Packers and Stockyards Act, when farmers place chickens to grow, the company is legally obligated to produce statements built from data ingested across multiple systems. The pipeline pulls from source systems capturing placement, performance, and settlement data, runs through custom ingestion and transformation logic, and feeds into Azure-based reporting components that generate the statements sent to farmers.

This is exactly the kind of workload that is painful to reconstruct under pressure. Restoring from a known-good point is far less risky than trying to recreate custom logic and data flows mid-incident. With Rubrik the team can validate that a restore point is clean before committing to it. As Patrick puts it: “This is the kind of work you really don’t want to rebuild under pressure.”

Their Azure DevOps environment is relatively small, around 36 projects and 50 repos. But it holds years of custom development: APIs pulling data from non-standard plant-floor robots, in-house safety management applications, pipeline definitions for Dynamics 365 ERP deployments, and the reporting pipelines required to meet their regulatory obligations. Small in size, high in value.

The same principles apply here. SLA protection is defined at the organization level, so new repos and projects are automatically discovered and protected without the IT team having to “lift a finger.” Backups run every eight hours with daily snapshots retained for a full year. Because DevOps data is relatively compact, Patrick felt comfortable going aggressive: “It’s not a whole lot of data, so we felt comfortable going pretty aggressive on the backup schedule and retention.”

Rubrik Cloud Vault air-gaps the DevOps backups entirely away from Azure itself, and Retention Lock prevents anyone from wiping the backup estate without multi-user sign-off. If a restore is ever needed, the team can recover repositories to a new destination project or a different organization entirely. The associated pipelines are automatically recreated alongside repos, so a recovered environment is immediately operational.

Management runs through a centralized RSC Azure DevOps dashboard that gives the team a single view of organization health, storage consumption, and daily backup status across all protected objects. Reporting provides visibility into what data lives where, useful both day-to-day and for compliance audits.

The same philosophy that guides their manufacturing resilience applies here: custom integration work and deployment logic built over years should not be the thing you are scrambling to reconstruct during an incident.

For teams with similar cloud and DevOps footprints, a few things stand out from Patrick’s experience:

For this team, resilience is not a checkbox. It is how the facility stays running. Patrick’s team is small, the footprint is lean, and the approach is straightforward. But every layer has been thought through, from SLA automation to immutable backups to an air-gapped vault to DevOps coverage, and the result is a posture that holds up against the scenarios that actually matter.