In an interview with CRN, Bipul Sinha, CEO of Rubrik, discusses data security in the GenAI era and why “no one else in our space even dares” to make it public.

The well-known data security challenges posed by the arrival of generative AI have accelerated the already strong growth opportunities at Rubrik, which is positioned at the center of the secure use of GenAI tools, according to co-founder and CEO of Rubrik, Bipul Sinha.

Rubrik, which became the first cybersecurity provider to go public in over two years with its IPO in April– continued to see significant growth with its annual recurring revenue (ARR) reaching $919 million at the end of July, up 40% from the previous year.

(Related: All eyes on accelerating data security)

In a recent interview with CRN, Sinha said there’s no doubt that growing interest in GenAI adoption is helping fuel Rubrik’s momentum. But the company has set itself up to capitalize on this opportunity thanks to its long-standing partnership zero trust security approach and developments such as its entry into the data security posture management (DSPM) space, he said.

When it comes to enabling GenAI adoption, “Rubrik is uniquely positioned with data (management) and data security combined in our platform,” Sinha said. “This is an emerging market and we have the most significant real estate in this market. Because without data (management) and data security, GenAI makes no sense.

Sinha also discussed the global crisis caused by CrowdStrike. Computer failure in July as well as the IPO market, which has not seen any other cybersecurity vendor bid this year.

When it comes to data security, in particular, “no one else in our field even dares to enter (the IPO market),” he said. “And if you look at our competitors, they are merging with each other to survive.”

Here is another CRN interview with Sinha.

What do you think are the most important things organizations need to know about data security in the GenAI era?

Since the early 2000s, the technology industry has been focused on automating workflows and creating applications to increase productivity. Power has shifted from data to workflow. Today, the advent of GenAI has essentially heralded a new era in which workflows no longer matter because the workflow will be generated and executed behind the scenes by AI. All you need is an agent: you ask them to do something and they report back to you. So in this new world, power has shifted from workflows and applications to data. Data powers the workflow and powers the generative AI engine.

So now when data is king, data sanctity, data availability, data security is the No. 1 issue, because if you lose that data, you can’t have GenAI. If you pass data to the wrong people through GenAI, you end up with huge compliance and governance issues. The company has now turned its attention to data management and security: that’s where the game is.

Where exactly does Rubrik fit into all this?

In the cybersecurity industry, Rubrik is uniquely positioned with data (backup) and data security combined in our platform. This is an emerging market and we own the most significant real estate in this market. Because without data (backup) and data security, GenAI makes no sense.

Every organization is now thinking about how to ensure the right data is delivered to the right user, at the right time, on the right platform and for the right duration. This is where security becomes huge, as your trust in an AI system will be significantly diminished (without security).

How would you describe the biggest differentiator for Rubrik at this point?

We have created a unique platform. You can’t just add a layer to your existing architecture for this. We built a whole new platform, a whole new architecture, designed specifically for this. We’ve combined data security posture management, or DSPM, and cyber recovery into one platform. So we have a complete understanding of data risks, data threats and cyber recovery in one platform. No one else has this at the moment. This is why we are the first cybersecurity company to go public in (several) years, and no one else in our space even dares to enter. And if you look at our competitors, they are merging with each other to survive.

What do you see as the main areas of traction for Rubrik since its IPO in April?

We said in our earnings announcement that we were winning this market. Just look at the growth and the scale at which we are growing. We have surpassed $900 million in subscription ARR, in just nine years of sales (of the product), and we are leading the market to exceed over $1 billion in ARR this year. So we are now at significant scale as a software company. Very few companies reach $1 billion in ARR.

Our goal is to really create this new vision for the cybersecurity industry. Because for too long the industry has focused on preventing attacks from various infrastructure platforms. But the ultimate goal of all this is data protection. And our vision was to focus on cyber resilience. Because it is impossible to stop the attacks. You can’t stop all attacks. How can we ensure your business continues to operate?

In terms of resilience, what do you learn from this summer’s CrowdStrike incident?

First of all, CrowdStrike is a great partner of ours. They reacted and responded very well and quickly. It was an unfortunate incident, but it really highlighted what it means to be resilient. Everyone wants productivity. Everyone is doing a digital transformation. Everyone automates tasks. But the Achilles heel of this digital transformation is resilience. Can you have these services, on which your business now depends, operational at all times? With what happened with CrowdStrike, consider this a (movie) trailer for what could happen, on an even larger scale, if this were a real cyberattack.

It was definitely a reckoning for the whole world. People wrote their boarding passes by hand. Suddenly we go from the 21st century to the 20th century, when these services are broken. So it was a huge toll. Today, the focus is still on productivity, but people are also thinking about how to ensure that productivity gain. And security doesn’t just mean being protected against cyberattacks. But securing means ensuring that these services are available.

Overall, it seems like 2024 has been quite a challenging year in terms of cyber resilience?

Look at what happened at (UnitedHealth Group) and Change Healthcare. This impacted the entire ecosystem. If you do business with Change Healthcare, your business is impacted. When an incident like this happens, everyone realizes how interdependent we are across businesses. If we consider systemic risk, it increases as interdependence increases. And one of the goals of technology is to create more interconnections. This is why this particular incident with CrowdStrike had a global impact. So this is the thing we all have to reckon with: are we creating resilience in our digital lives? So as digital intensity increases, if that digital part has no resilience, then there are huge problems.

Do you think your channel partners are currently aware of what you consider necessary regarding data security or not?

I think our channel partners who have fundamentally understood that the market has moved from backup and recovery to cyber resiliency around data security – channel partners who have understood that are having tremendous success. Channel partners who are still in this old world of backup and recovery are struggling. So we continually train our partners because that’s where the market is. This is no different from what happened to the telephone market. BlackBerry and Nokia did phone and text, but iPhone invented an Internet device that, in addition to phone and text, brought apps, data, and the Internet to the phone. Similarly, Rubrik has evolved this backup and recovery market into a data security platform for cyber resilience. If you’re selling old products, this isn’t a winning proposition.