Rubrik IPO Shines Light on Defensive Security, But the Future Demands Offensive Data Controls

Rubrik, a data security posture management (DSPM) provider, has officially filed to go public, effectively breaking the cybersecurity IPO freeze that has maintained for several years. 

While many are excited about the implications this news may have on the market, there is more to the story with regards to the future of the cybersecurity industry at large.

There’s no doubt that Rubrik offers an impressive suite of product capabilities designed to help business customers:

• Backup and restore data in case of loss, corruption, or disasters.
• Archive and cost-effectively retain old data for defined periods of time.
• Discover and classify data so they know exactly where it is located and what is sensitive.
• Protect data stored internally from unauthorized access, theft, or ransomware attacks.

Two Sides of Data-Centric Security

In the world of data-centric security, there are two distinct sides to the coin, each addressing critical aspects of protecting sensitive data.

On one side, we have the defensive approach, exemplified by companies like Rubrik and other DSPM vendors like Immuta, Dig, Flow, and Cyera. Collectively, these companies are laser-focused on one thing: helping customers safeguard their sensitive data from unintentional loss, unauthorized access, or breaches.

On the other side of the coin, we have the offensive approach, represented by companies like Virtru that are dedicated to helping customers protect sensitive data that is intentionally shared with others to drive business value. By applying and enforcing granular policy on individual data objects, Virtru enables organizations to share sensitive data without sacrificing security, privacy, or control.

The Importance of Playing Offense

Organizations across all sectors today rely on interconnected ecosystems of partners, vendors, and stakeholders with whom they must share intellectual property, personal data, financial information and other sensitive assets. Keeping this data out of motion is not an option — it's the lifeblood required to create and activate value. 

The headlines we see every day are a constant reminder that defense alone does not win the game. Despite massive investments in defensive cyber security products, attacks and breaches have only increased in frequency and impact, with Change Healthcare being the most recent catastrophic instance of ransomware. By incorporating offensive measures like proactive data sharing with granular access controls applied, organizations can start putting points on the board from a cyber perspective. The “points” in this case are increased productivity, enhanced operational efficiency, and the safeguarding of critical assets.

The future can’t be defined by the same defensive practices that have already been in use constantly, with varying levels of success. Forward-thinkers are adopting an offensive cybersecurity posture - defining granular policies to carefully govern how data flows through critical communication channels like email, messaging, cloud storage, and SaaS workflows. This enables ethical, audited sharing of sensitive data rather than spending all attention and resources on locking it down.

Simply put, companies that go on offense and embrace cybersecurity capabilities to dynamically control and audit data sharing policies will ultimately have a decisive upper hand in the future. Cyber defense is essential, but offense is where the strategic business advantage lies.