Welcome to Rubrik Insights

Learn data protection terms, strategies, and best practices

AWS Backup

AWS Backup offers a breadth of workload coverage. But it’s worth considering a third-party backup solution for AWS which have additional features you want from a backup and recovery solution, such as advanced security features, multi-cloud and hybrid cloud support, and lower totoal cost.

Accelerate Recovery Downtime

When disaster hits, the faster you can recover and get operations up and running, the better. Here are four ways to speed up downtime recovery and minimize the negative effects.

Access control

A security technique that regulates who can view or use resources in a computing environment. It is a fundamental component of data security that restricts access to systems, applications, and data by enforcing policies and granting permissions only to authorized users, thereby protecting sensitive information from unauthorized access and maintaining regulatory compliance​. A security technique that regulates who can view or use resources in a computing environment. It is a fundamental component of data security that restricts access to systems, applications, and data by enforcing policies and granting permissions only to authorized users, thereby protecting sensitive information from unauthorized access and maintaining regulatory compliance​.

Air Gap

Air gap backups are typically stored in a secure location off-site from the business, such as in a secure server facility and can be used to restore data in the event of a disaster, such as a fire or flood, or if data is lost or corrupted due to a software glitch, hardware failure or ransomware attack.

Azure Backup

Azure has its own backup functionality, but a third-party backup solution may be preferable. A third-party backup solution offers simplified administration of multiple Azure accounts and regions, as well as unified management and pervasive visibility of backups across multiple cloud and on-premises VMs. This often results in lower total cost of ownership (TCO).

Backup Automation

Backup automation promotes the use of scheduling and event-based triggers to initiate the choreographed set of complex processes involved with data backup.

Backup Failback

Failback is a business continuity tool that helps sustain normal virtual operations, even when your primary production site is disabled. Fallback returns production to the original (or new) primary location after a disaster (or a scheduled event) is resolved.

Backup Failover

Failover is a business continuity tool that helps sustain normal virtual operations, even when your primary production site is disabled. Failover switches production from a primary site to a backup (recovery) site.

Backup Snapshot

A snapshot, sometimes called a storage snapshot, is a moment-in-time disk image of server data, made mostly of metadata that defines the state of the data. Snapshots are not a complete duplication of source data.

Bacukp to Microsoft Azure

Managing and protecting data in the cloud is different from how it works on-premises—especially in a hybrid or multicloud environment. To best protect your data in Azure, it’s important to know where your responsibilities end and Azure’s begin.

Business Continuity

Business continuity is a set of plans and actions that ensure a business can maintain or resume operations after a natural disaster, cyberattack, or outage. Business continuity is a function of the way data is managed, stored, and protected.

California Consumer Privacy Act (CCPA)

The CCPA gives California residents the right to know what personal information a business keeps about them, understand how it gets used, and then prevent or delete the collection of their personal information. The California Privacy Rights Act (CPRA) extended CCPA to cover California-based employees, contractors, and emergency contacts. In addition, it introduced new consumer rights and further expanded the definition of personal information.

Cassandra Database Backup

A Cassandra backup is a point in time snap shot of a Cassandra database that is saved in a secure location with regular redeployment testing. Cassandra databases can be backed up and pushed to secure cloud storage, a perfect choice for high volume data sets.

Cloud Archival

Data archiving, or data archival, is the practice of determining what information to transfer from active production to longer-term storage. Today, the cloud is a critical tool for data archives.

Cloud Disaster Recovery

Cloud disaster recovery is the use of a cloud-based solution to maintain or restore IT operations in the event of unexpected disruption. A cloud-dbased solution allows businesses to establish disaster recovery capabilities quickly and at a lower-cost than an on-premises solution.

Cloud data governance

Cloud data governance encompasses all principles, policies, and procedures for managing data in cloud environments. It focuses on managing the privacy of data according to regulatory compliance requirements and industry standards; mitigating data risk; and ensuring data is accurate, available and usable across the organization. Cloud data governance should enable organizations to adhere to privacy standards without interrupting organization-wide access to data. Learn more about cloud data governance.

Cloud data loss prevention (DLP)

Sometimes called cloud data leak protection, Cloud DLP refers to the technology and processes used to safeguard sensitive data against internal and external threats. These solutions continuously monitor the usage and movement of data and alert security teams about potential losses or breaches.

Cloud data management

Cloud data management involves overseeing the storage, accessibility, and privacy of data across multi-cloud environments. It includes ensuring data integrity and compliance, securing data against breaches, and leveraging frameworks like CDMC to structure and audit data-related activities. This practice is key to harnessing cloud benefits while protecting sensitive information and maintaining regulatory compliance​ and Cloud data management involves overseeing the storage, accessibility, and privacy of data across multi-cloud environments. It includes ensuring data integrity and compliance, securing data against breaches, and leveraging frameworks like CDMC to structure and audit data-related activities. This practice is key to harnessing cloud benefits while protecting sensitive information and maintaining regulatory compliance​

Cloud data privacy

Cloud data privacy focuses on safeguarding the confidentiality and integrity of data stored in cloud environments. It involves implementing measures such as encryptionaccess controls, and compliance with privacy regulations to protect sensitive information. Ensuring data privacy in the cloud is essential for building trust with users and meeting legal requirements for the responsible handling of personal and sensitive data.

Cloud security architecture

Cloud security architecture refers to the structured design and implementation of security measures within a cloud computing environment. It includes strategies, policies, and technologies to safeguard data, applications, and infrastructure hosted in the cloud. Key components include access controls, encryption, identity management, and monitoring systems. A well-designed cloud security architecture aims to mitigate risks, address compliance requirements, and ensure the confidentiality, integrity, and availability of data in the cloud. Regular assessments and updates are essential to adapt to evolving threats and maintain a robust defense against potential security breaches.

Cloud security assessment

A cloud security assessment evaluates a business's cloud infrastructure's risks, vulnerabilities, and existing security controls. Cloud security assessments are important because they help companies understand their cloud risks and take steps to remediate them.

Cloud security posture management (CSPM)

Cloud security posture management focuses on continuously monitoring and assessing the security posture of cloud infrastructure. CSPM platforms scan for potential cloud infrastructure risks such as misconfigurations, vulnerabilities or overly-permissive access control. Because they focus on the infrastructure of cloud environments, CSPM platforms lack the ability to do robust data discovery and classification, provide only limited context about the data, and do not have any focus on privacy, compliance, or governance requirements. Understand the difference between CSPM vs. DSPM.

Cloud transformation

Cloud transformation is the process of migrating traditionally on-prem techniques and tools into a cloud environment. Many businesses move their data, applications, and infrastructure to the cloud because it supports increased flexibility and speed. While beneficial in many ways, cloud transformation also brings new security risks such as misconfigurations, unauthorized data access, or unmanaged or unsecured sensitive assets.

Cloud-native security

Cloud-native security is a set of processes and solutions that secure the various aspects of an organization’s operations and data in the cloud. It encompasses the company’s entire cloud ecosystem, including application development and data storage. Unlike legacy security platforms, cloud-native security solutions typically employ built-in cloud services (i.e., APIs, etc.) and were created with the ephemeral nature of the cloud in mind. Learn more about cloud native security.

Compliance automation

compliance automation solution helps organizations align with privacy, governance and security requirements from internal and external stakeholders. It continuously reviews business processes to ensure compliance with regulations. Compliance automation provides a more effective and comprehensive approach than establishing and enforcing policies manually.

Compliance monitoring

Compliance monitoring means reviewing an organization’s routine functions and ensuring they are in alignment with compliance policies and procedures. Organizations can use a combination of manual tasks and automated solutions, such as a policy enforcement engine, to implement compliance monitoring.

Cyber Extortion

Cyber extortion is a tactic common ransomware tactic where an attacker steals data and threatens to post the data publicly unless the victim pays an additional ransom.

Cyber Recovery

Cyber recovery involves implementing a comprehensive and proactive plan for data remediation that includes backup and recovery systems, incident response planning, and ongoing monitoring and testing.

Cyber Resiliance

Cyber resilience refers to the ability to keep an organization’s data “healthy.” It reflects your ability to not only repel a cyberattack, but to continue operations and provide essential services during and after an attack.

Cyber incident response plan

A Cyber Incident Response Plan is a structured strategy which outlines actions and procedures to follow when a cybersecurity incident occurs. It encompasses detection, analysis, mitigation, and recovery steps to minimize the impact of cyber threats. Essential for swift and effective response, the plan aims to safeguard data, systems, and overall organizational integrity. Compliance with industry standards and regular testing ensures preparedness against evolving cyber risks.

DFIR (digital forensics and incident response)

DFIR is the process of investigating and responding to cybersecurity incidents. The process includes finding the event's root cause, gathering evidence, and determining the scope of the breach. Response strategies are also critical to stopping and containing a threat, minimizing its impact on the organization.

DLP monitoring

Data loss prevention (DLP) monitoring is the practice of scanning data continuously in search of potential risks. DLP solutions flag unauthorized or unusual activities involving data at rest, in motion, or in use. Today, many organizations use a data detection and response (DDR) solution to fulfill the role of DLP monitoring in a cloud-native environment.

Data Backup

The ability to restore data to a specific point in time. Data backups run at periodic intervals, creating “save points” of all the data on your production servers. These save points can be restored in the event of file corruption, system failure, outages, or any event that causes data loss.

Data Backup and Recovery

Without proper protection, data disaster events can be incredibly damaging to business. Data backup and recovery solutions can mean less trouble in the event of an operational failure, ransomware attack, or data corruption.

Data Management as a Service

Data management as a service (DMaaS) is the comprehensive approach to storing, organizing, securing, and maintaining all the data that an organization possesses using a vendor that operates on a pay-as-you-go model. Fees are based on the amout of data to be stored and additional needs for security, backup and recovery, data discovery, and analysis.

Data Replication

The process of making copies of business data, synchronizing it, and distributing it among multiple servers and data centers replicated in multiple databases. Data replication maintains consistent access to critical data and core business applications remotely in the event of an outage or emergency.

Data access governance

Data access governance (DAG) solutions manage user, application, and machine data access privileges. They employ the principle of least privilege to ensure only the right identities have access to the organization's sensitive data, enabling innovation and growth while maintaining a strong security posture. DAG tools also continuously monitor who and what is accessing data, highlighting unauthorized access or suspicious behavior.

Data access governance

Data access governance (DAG) solutions manage user, application, and machine data access privileges. They employ the principle of least privilege to ensure only the right identities have access to the organization's sensitive data, enabling innovation and growth while maintaining a strong security posture. DAG tools also continuously monitor who and what is accessing data, highlighting unauthorized access or suspicious behavior.

Data asset

A data asset is a broader term that encompasses any object or set of objects that contain data. It could refer to a data store (such as Amazon S3 bucket), a data object within that store (such as Apache Parquet file), or a data record (such as a single row in a MySQL table).

Data breach

data breach means that an unauthorized person has successfully infiltrated an organization’s data stores and viewed, taken or shared data. Contributing factors that may lead to a breach include shadow data, misconfigurations, cyber attacks, social engineering, human error, or physical theft of devices containing data. If a data breach involves sensitive, confidential or regulated data, an organization may face adverse business impacts including increased regulatory scrutiny, financial losses, and loss of customer trust. There is also a possibility that the threat actor will use stolen data for fraudulent activities in the future.

Data breach prevention

Data breach prevention is a set of best practices for keeping sensitive data safe from unauthorized personnel. A few data breach prevention tactics include: discovering and classifying your sensitive data, automating data policy management, following the principle of least privilege access, continuously monitoring your environment for active breaches, and aligning data practices with regulations and standards.

Data catalog

A structured inventory of a company's data assets, typically across various clouds and technologies, which helps in identifying, classifying, and organizing sensitive data like PII, PHI, and PCI transaction data, thereby aiding in data security and governance through enhanced visibility and control over the data landscape​ & A structured inventory of a company's data assets, typically across various clouds and technologies, which helps in identifying, classifying, and organizing sensitive data like PII, PHI, and PCI transaction data, thereby aiding in data security and governance through enhanced visibility and control over the data landscape​.

Data classification

Data classification is the practice of categorizing data based on specific characteristics such as its sensitivity, value, volume and criticality to an organization. By classifying their data assets, teams can better understand the owners and uses of data, define and enforce policies appropriate to the level of data sensitivity, and reduce risks such as unauthorized access, data loss, or breaches.

Data democratization

Data democratization is the process of enabling many users across a business to easily access and use data. Previously, only data experts could handle data, making it difficult for other departments to make data-driven decisions. With the rise of data democratization, various users — including non-experts — can use tools and resources to analyze, interpret, and leverage data. Widely-available data enables business innovation, especially as it migrates to the cloud, which also increases data security risk.

Data detection and response (DDR)

Data detection and response alerts organizations in real time when suspicious activity or data breaches occur, allowing security teams to respond rapidly and mitigate active threats. With DDR, businesses can swiftly contain any data security incidents and minimize potential damage.

Data discovery

A process that involves identifying and understanding where data resides within an organization's environment, including public clouds, data warehouses, SaaS applications, cloud file shares, and on-premise storage. Data discovery aims to achieve comprehensive visibility into all data an organization creates and utilizes, providing crucial information about the data's owner, access, usage, type, and sensitivity. & A process that involves identifying and understanding where data resides within an organization's environment, including public clouds, data warehouses, SaaS applications, cloud file shares, and on-premise storage. Data discovery aims to achieve comprehensive visibility into all data an organization creates and utilizes, providing crucial information about the data's owner, access, usage, type, and sensitivity.

Data governance framework

data governance framework establishes which people, processes, and technologies are responsible for managing and protecting data assets. It sets policies for ensuring data is usable and executing successful data security, as well defining the daily operations for meeting compliance standards.

Data leak

data leak occurs when sensitive data is accidentally or maliciously exposed to unauthorized parties. Misconfigurations, cyberattacks, insider threats, security vulnerabilities, and other factors can cause leaks. A comprehensive data security posture management (DSPM) solution can help prevent leaks.

Data loss prevention/Data leak prevention (DLP)

DLP is a technology that monitors sensitive data as it gets used, moved, and stored across the organization. It prevents data leakage and alerts team members about potential data losses or breaches. DLP works well for on-premise environments but is not conducive to a fast-paced, ephemeral cloud environment.

Data management

Data management encompasses the practices of collecting, keeping, and using data securely, efficiently, and cost-effectively. It involves a range of tasks such as data governance, storage, data quality assurance, and data policy enforcement, ensuring that data is accessible, reliable, and handled in compliance with policies and regulations.& Data management encompasses the practices of collecting, keeping, and using data securely, efficiently, and cost-effectively. It involves a range of tasks such as data governance, storage, data quality assurance, and data policy enforcement, ensuring that data is accessible, reliable, and handled in compliance with policies and regulations.

Data mapping

Data mapping enables teams to understand the location, source and destination of their data, including previously unknown shadow data, its format and type, and which transformations it undergoes. It is used both to ensure compliance with data protection regulations and standards, and governance standards that often require organizations to map data because it provides visibility into potential risk.

Data masking

Data masking is a security process that protects confidential information by hiding it behind modified, fake data. This technique is often used when sharing data with external parties or within different parts of an organization, ensuring that sensitive details remain inaccessible while the overall structure and utility of the data are preserved for legitimate use. & Data masking is a security process that protects confidential information by hiding it behind modified, fake data. This technique is often used when sharing data with external parties or within different parts of an organization, ensuring that sensitive details remain inaccessible while the overall structure and utility of the data are preserved for legitimate use.

Data privacy compliance

Data Privacy Compliance entails adhering to regulations and standards that govern the collection, processing, and protection of personal information. It involves implementing policies, procedures, and technologies to ensure that organizations handle data in accordance with legal requirements. Achieving and maintaining data privacy compliance builds trust with stakeholders and safeguards individuals' rights to control their personal information.& Data Privacy Compliance entails adhering to regulations and standards that govern the collection, processing, and protection of personal information. It involves implementing policies, procedures, and technologies to ensure that organizations handle data in accordance with legal requirements. Achieving and maintaining data privacy compliance builds trust with stakeholders and safeguards individuals' rights to control their personal information.

Data security

Data security is a discipline concerned with protecting digital assets such as customer data, employee data, and company secrets. It safeguards these assets from unauthorized actions and access. Today, organizations must think about securing the data within their cloud environments, as well as their traditional, on-premise environments.

Data security in the cloud (cloud data security)

Data security in the cloud, also referred to as cloud data security, protects the data stored and processed in cloud environments. The discipline is focused on empowering organizations to leverage that data to meet business goals while still protecting cloud data from exposure risks, breaches and compromises. To make this approach work, it’s imperative for security teams to understand where the sensitive data is and who has access to it, the overall security posture of that data, and how it is being accessed on an ongoing basis. Learn more about data security in the cloud.

Data security posture management (DSPM)

Data Security Posture Management (DSPM) is the set of processes, policies, and technologies used to protect sensitive data and ensure compliance in cloud environments at scale and with automation. This rapidly evolving security solution category grew out of the need to protect the “innovation attack surface” created by the unintentional risk cloud data users, such as developers and data scientists, create when using data to drive innovation. It provides organizations with a practical approach to securing cloud data by discovery of structured and unstructured data, analyzing access, usage patterns, and security posture, and providing actionable, guided remediation for data security risk. Learn more about data security posture management (DSPM).

Data tokenization

Data tokenization is a security technique that involves replacing sensitive data with unique tokens. These tokens are generated through an algorithm and hold no intrinsic value, making it difficult for unauthorized users to decipher the original information. This process enhances data security, especially in payment transactions and sensitive information storage, as the tokens can be securely processed without revealing the underlying sensitive data. Data tokenization plays a crucial role in protecting information from potential breaches and unauthorized access, contributing to overall data privacy and security measures.

Database management

Database management involves the systematic organization, storage, and retrieval of data within a structured database system. It includes tasks such as data modeling, database design, implementation, and optimization for efficient data storage and retrieval. Database management systems (DBMS) play a crucial role in controlling and managing access to the data, ensuring data integrity, and supporting various data-related operations within an organization. Effective database management is crucial for businesses to efficiently handle and leverage their data assets.

Disaster Recovery

Disaster recovery is a data backup and system restoration plan that can help a business survive an unexpected event, such as a cyber attack, natural disaster, or data loss due to human error.

Disaster Recovery as a Service (DRaaS)

Data Recovery as a Service (DRaaS) solutions enable the replication of backup data to a third-party service provider or public cloud infrastructure while providing the orchestration and resources necessary for rapid recovery in the event of a disaster.

Distributed File System

A distributed file system “distributes” a companies data across multiple servers using replicated and partitioned file systems to break data into smaller blocks and keep multiple copies of the data in multiple locations.

Endpoint Protection

Endpoint protection is a comprehensive approach to safeguarding individual devices like computers, smartphones, and servers that connect to a corporate network. The primary goal of endpoint protection is to defend against a wide range of cybersecurity threats that could enter the network through these devices.

Enterprise Backup

Enterprise backup software allows companies to set protocols based on specific data needs, safeguarding the business from data loss while maintaining seamless operations.

Enterprise data security

Enterprise data security is a collection of tools and technologies that focus on securing every data asset within an enterprise, regardless of its location, owner, or type. It aims to protect all data within a large organization without slowing down critical business processes.

GDPR

General Data Protection Regulation (GDPR) is a law that requires organizations to protect the personal data and privacy of people and companies inside the European Union. The EU recommends seven principles for complying with GDPR:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Google cloud security

The protection of multi-cloud architectures, integrating autonomous data management with Google Cloud to provide continuous discovery, classification, and defense against data breaches. This unified approach ensures data security, governance, and compliance across cloud ecosystems with minimal training required for security teams​.& The protection of multi-cloud architectures, integrating autonomous data management with Google Cloud to provide continuous discovery, classification, and defense against data breaches. This unified approach ensures data security, governance, and compliance across cloud ecosystems with minimal training required for security teams​.

GraphQL

Created by Facebook to overcome the challenges of accessing complex data through REST APIs, GraphQL is an open-source data query language for APIs that interact with the Facebook iOS app.

HIPAA Compliance

Maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA) requires that individuals’ health information and medical data is properly protected, that technical and non-technical safeguards are in place to ensure that protection, and that any breach of those safeguards are properly reported.

Immutable Backup

An immutable backup is a backup file that can’t be altered in any way.

Incident response

Incident response is the process of investigating and minimizing the damage of a data breach, then putting in measures to reduce the likelihood of a similar incident in the future. Organizations can lessen the impact of a data breach by creating an incident response plan ahead of time and leveraging tools like DSPM to enforce data security policies and DDR to monitor activity.

Incident response management

Incident Response Management involves the systematic approach to identifying, managing, and mitigating cybersecurity incidents. It includes preparation, detection, containment, eradication, recovery, and lessons learned. The goal is to minimize damage, reduce recovery time, and strengthen defenses against future incidents. This proactive process is crucial for maintaining the integrity and security of an organization's information systems.& Incident Response Management involves the systematic approach to identifying, managing, and mitigating cybersecurity incidents. It includes preparation, detection, containment, eradication, recovery, and lessons learned. The goal is to minimize damage, reduce recovery time, and strengthen defenses against future incidents. This proactive process is crucial for maintaining the integrity and security of an organization's information systems.

Incident response plan

A proactive protocol designed to prepare organizations for effectively handling and mitigating the effects of data breaches. It details investigative steps and damage control measures to swiftly manage incidents, ensuring the enforcement of data security policies through tools like Data Security Posture Management (DSPM) and Data Detection and Response (DDR). The plan also includes strategies to reduce future risks, thus minimizing the overall impact of security incidents.& A proactive protocol designed to prepare organizations for effectively handling and mitigating the effects of data breaches. It details investigative steps and damage control measures to swiftly manage incidents, ensuring the enforcement of data security policies through tools like Data Security Posture Management (DSPM) and Data Detection and Response (DDR). The plan also includes strategies to reduce future risks, thus minimizing the overall impact of security incidents.

Infrastructure security

The practice of defending critical systems and assets from physical and cyber threats. This encompasses safeguarding IT assets, including end-user devices, data centers, network systems, and cloud resources, to ensure the resilience and reliability of these fundamental components.& The practice of defending critical systems and assets from physical and cyber threats. This encompasses safeguarding IT assets, including end-user devices, data centers, network systems, and cloud resources, to ensure the resilience and reliability of these fundamental components.

Infrastructure-as-a-Service (IaaS)

Infrastructure-as-a-Service (IaaS) refers to the internet-based provisioning of computing resources such as servers, networks, and data storage by a cloud service provider. The user handles operating systems, applications, and middleware, while the service provider handles networking, data storage, hard drives, and hardware. IaaS can pose unique data security challenges, such as cloud sprawl caused by multi-tenancy.

Innovation attack surface

The innovation attack surface is a massive, non-contiguous patchwork of exposed data and shadow data that creates unintentional risk caused by those that use an organization’s cloud data to propel the business forward. These innovators using data and creating risk as a natural by-product could include developers and data scientists, among others. Most organization’s naturally accept the innovation attack surface as a cost of doing business in the cloud, however this is becoming increasingly untenable as cloud data proliferates and related risks rise.

Kubernetes Disaster Recovery

Rubrik offers cloud-based, immutable backups for Kubernetes environments. When a problem arises in your cluster our SaaS platform will protect your persistent volumes and objects on the original cluster or new deployment.

Malware

Malware is short for malicious software and refers to any program or code designed with intent to cause harm. It is specifically designed to disrupt, damage, or gain unauthorized access to a computer system and is often used by cybercriminals to gain access to sensitive information, cause damage, or steal data.

Microsoft 365 Protection

Microsoft 365 platform has built-in protection mechanisms that help keep your data secure. But s Microsoft 365 backup and recovery solution can be vital in cases such as accidental or purposeful deletion of data, a ransomware attack, or a natural or manmade disaster that takes down your IT systems.

Microsoft SQL Database Backup

For many database administrators, backing up and managing SQL servers is one of the most important tasks in their job description. But backup errors can be costly and time-consuming. Here are a few common mistakes to avoid in SQL database backup.

MongoDB Backup

MongoDB includes native replication, which is good for protecting against media and network failures. But it can be a serious disadvantage in the case of data corruption or loss. Organizations deploying NoSQL-based solution like MongoDB require database backup in addition to replication.

Multi-cloud data security

Multi-cloud data security is a form of data security that protects data stores across multiple cloud ecosystems (Amazon Web Services, Google Cloud Platform, Microsoft Azure, etc.). It also compiles security information from all of these environments into a single pane of glass.

NIST Framework

The NIST Cybersecurity Framework (NIST CSF) is a series of reccomendations designed to help targeted busiensses improve their cyber defenses in accordance with a voluntary set of standards. Originally published in 2014, the NIST CSF was updated in 2024 to reflect the reality that cyber threats are now ubiquitous and threaten every part of the economy.

Netwrok Attached Storage (NAS) Backup

Traditional NAS backup can lead to vendor lock-in, lowered performance, and higher cost of ownership. Protecting NAS data in a generic format delivers simple, cross-platform archival and data restore capabilities in private or public clouds.

NoSQL Backup

NoSQL databases offer scalability and availability, but these qualities make NoSQL hard to back up. New approaches to NoSQL backup have emerged, though, that make it possible to protect data in NoSQL databases.

Object Storage

Object storage packages discrete data “objects” along with metadata and a unique identifier and stores them individually for easy access and retrieval. Object storage’s ability to support user-defined metadata adds significant flexibility and has made object storage a favorite for large stores of unstructured data.

Oracle Database Backup

Automated best-practices ensure Oracle databases are highly available and protected against media corruption, user-induced errors, and noncompliance.

Phishing

Phishing is the use of fraudulent documents (e.g., emails, websites, and spreadsheets) to trick people into giving up sensitive information.

Pii cyber security

PII Cyber Security involves protecting Personally Identifiable Information from unauthorized access resulting in compromise. It employs encryption, access controls, and continuous monitoring to ensure data confidentiality and integrity. Compliance with regulations like GDPR and HIPAA is crucial for maintaining trust and preventing identity theft.

Platform-as-a-Service (PaaS)

Platform-as-a-Service (PaaS) is a computing cloud data procedure that allows a business to bypass the typically expensive and time-consuming process of obtaining and maintaining software licenses. PaaS companies offers a shared public cloud platform for app administration and development. If not managed correctly, PaaS can become very complex over time, making it difficult to gain complete visibility of the entire platform and putting the data within this system at risk.

Privacy compliance

Privacy compliance refers to the adherence to laws, regulations, and standards governing the protection of individuals' personal information. Organizations must establish and follow policies and practices that ensure the lawful collection, use, and safeguarding of sensitive data. Achieving privacy compliance not only mitigates legal risks but also fosters trust with stakeholders by demonstrating a commitment to respecting individuals' privacy rights and maintaining the confidentiality and security of their personal information.

Private cloud security

Private Cloud Security involves safeguarding data, applications, and infrastructure in a dedicated cloud environment inside of an organization. Utilizing access controls, encryption, and monitoring, it ensures protection against unauthorized access and data breaches, maintaining confidentiality, integrity, and availability. Regular updates are crucial for adapting to evolving threats.

Public cloud data security

Public cloud means an organization uses a third-party cloud service provider (CSP) to provide and manage cloud infrastructure, often including data stores in a fashion that is shared with other businesses (as distinguished from private cloud which is not shared). In the cloud, where data can proliferate exponentially, data security is often a shared responsibility and more important and challenging than ever before. Put together, public cloud data security is the practice of securing the data that is present in the public cloud.

Public cloud security

Public cloud security focuses on securing public cloud environments that are managed by cloud service providers (CSPs). It is different from private cloud security that focuses on the security of private cloud environments. Public cloud security follows the “shared responsibility” model, meaning that cloud providers and their customers must jointly take responsibility for security.

RTO and RPO: What is the Difference?

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are two key parameters that define how long a business system can afford to be offline and how much data loss it can tolerate.

Ransomware

Ransomware is a type of malware (malicious software) that threatens to either publish or block access to data on a computer or computer network. It does this by encrypting data on a device or network or by locking the victim out of their device altogether.

Ransomware Attack

A ransomware attack is an invasive cyber incident that uses malware to encrypt enterprise data or files and hold them “hostage” until a ransom is paid.

Ransomware Recovery

In the event of a succesful ransomware attack, ransomware recovery is the ability to identify, locate and restore to the most recent clean version of business data.

Recovery Point Objective (RPO)

Recovery point objective is the amount of data a business can withstand losing without sustaining significant damage.

Recovery Time Objective (RTO)

Recovery time objective is the maximum amount of time a computer, system, network, or application takes to recover after an outage or data loss without detrimental effect to business operations and service-level agreements (SLAs).

Rubrik vs. Cohesity

The difference between Rubrik vs. Cohesity comes down to inital design. From its inception, Rubrik was designed using a zero trust security model. Cohesity, on the other hand, was originally designed to make data more accessible and discoverable.

Rubrik vs. Commvault

Legacy solutions were built for legacy challenges. Reliable data security can’t be achieved through endless bolt-ons—it has to be built right into the technology. Rubrik’s Zero Trust Data Security is part of our DNA, making us immutable by design. Find out why Rubrik is a better alternative to Commvault.

Rubrik vs. Veeam

Unlike Veeam's hardened Linux repository or object storage, Rubrik is immutable by design, so data is secure from the start. Here’s a competitive breakdown of how Veeam falls short against Rubrik’s native capabilities.

Rubrik vs. Veritas

With fragmented security products and use of multiple consoles, Veritas makes you do all the heavy lifting while their minimal reporting capabilities don’t allow you to monitor your security with the confidence you need. Find out why Rubrik is a better alternative to Veritas.

SaaS security

SaaS security is the set of strategies and practices aimed at protecting applications and data hosted in a Software-as-a-Service model from unauthorized access and cyber threats. It focuses on ensuring that multi-user access to cloud-based applications does not compromise data integrity, confidentiality, or compliance, especially as these services often operate beyond the direct control of an organization's security teams.

Security execution gap

The security execution gap refers to a growing divergence between the activities that contribute to innovation and the security activities intended to protect the business. To overcome this gap, organizations must empower their value creators, such as developers and data scientists, to innovate quickly and safely with agile data security.

Semi-structured data

Semi-structured data does not align with pre-defined data models but contains associated information such as metadata. This additional information provides some level of structure by enforcing hierarchies and separating semantic elements. Many spreadsheets are examples of semi-structured data.

Sensitive data

Sensitive data refers to any information that could be harmful to an organization if disclosed or accessed by unauthorized individuals. Examples of sensitive data include everything from customers’ personally identifiable information (PII) such as health records, trade secrets, and financial information to highly confidential trade secrets. To adequately protect this sensitive data, organizations must know where it is, then implement security measures such as enforcing access controls or moving sensitive data out of insecure environments.

Separation of Duties

In cybersecurity, separation of duties is the principle that no user should be given enough privileges to misuse the system on their own. That means ensuring that user access to information is appropriate for a users job role and as limited as possible.

Shadow data

“Shadow data” refers to unknown and unmanaged data that the organization’s IT and security teams do not govern, secure, or update. Because of data democratization, it is common for a data user to copy, move, or modify data without the IT and security team’s knowledge. This has led to the proliferation of shadow data and it presents a very real risk to organizations. Learn more about shadow data.

Software-as-a-Service (SaaS)

Software-as-a-Service (SaaS) refers to software applications maintained by a third-party provider. SaaS tools improve flexibility by enabling multi-user access to critical applications without the requisite setup and administration burdens. However, SaaS tools can increase the likelihood of overly-permissive data access, since they often fall outside the purview of security teams.

Spyware

Spyware is a kind of malware that gathers and transmits sensitive information from a victim’s computer or device without their knowledge or consent and without announcing its presence.

Structured data

Structured data aligns with a predefined data model. Examples include names, social security numbers, addresses, etc. Because this data is highly organized, users can leverage tools such as a relational database management system (RDBMS) to input and modify structured data. Structured data is often transactional and quantitative in nature (e.g., financial transaction data).

Subscription-Based Backup

Subscription-based backup provides reliable data protection for a low monthly cost, delivering evergreen technology, predictable renewal costs, and easy transfers to cloud data backup.

3-2-1 Backup Rule

The 3 2 1 backup rule is an easy way to remember the best practices for enterprise backup: keep three copies of data on two media types, with on copy in an offsite location.

The Rubrik Difference

Legacy cybersecurity solutions put businesses at risk. The Rubrik difference is based on data resilience, data observability and data remediation and sets a new standard of defense against cyber threats.

Unstructured data

Unstructured data is usually qualitative and does not fit into a predefined data model. As such, conventional data tools such as relational databases cannot process it. Examples include text, video or audio files, images, etc. Most creative works, designs, IP, and documents consist of unstructured data.

Versioning

Versioning is a cloud service provider (CSP) feature that keeps multiple versions of an object in the same bucket. Many teams use it to preserve, retrieve, or restore different object versions when needed. However, versioning can become a security risk if there is no policy for permanently deleting or safely archiving previous versions. Otherwise, they may exist indefinitely, usually out of sight of the average user, adding to organizational risks and costs.

Virtual Machine Backup

Virtual machine backup is the process of safeguarding virtual machines (VMs) that run on VMware's vSphere platform. It involves capturing configurations, data, and system states to ensure business continuity and data protection.

Vishing

Vishing is a form of cyber attack that uses voice communication to manipulate victims into providing sensitive information such as bank account details, passwords, and social security numbers.

Zero Trust Network Access

Zero Trust Network Access (ZTNA) is based on the concept of Zero Trust (ZT) security; The principle of denying all access requests by default and assuming a “trust but verify” posture towards all activity. ZTNA Zero Trust principles to network access, verifying user identities (and device identities) and then re-verifying them throughout their connection with the network.