Getty Images/iStockphoto

Rubrik expands cloud databases and Oracle Cloud protection

Backup vendor Rubrik will protect numerous new workloads in the platform this year, but cybersecurity experts warn customers to continue prepping for threats.

Rubrik's data backup platform will soon protect a variety of cloud database services and Oracle Cloud workloads.

These new capabilities will be released in the coming months, according to vendor executives during the company's Rubrik Forward conference held online Wednesday.

Beyond database support, Rubrik's platform will also benefit from new services specifically designed for Oracle Cloud, starting with protection for Oracle Cloud databases and Oracle Cloud VMware Solution.

Rubrik is a data backup and recovery platform that has positioned itself as a cybersecurity specialist in the past, but it leaned into the cybersecurity role its software can play during this year's conference.

Modern cybersecurity needs fast and accurate data recovery, said Bipul Sinha, co-founder and CEO of Rubrik.

IT infrastructure has likely already been compromised by threats that are either waiting to detonate in data stores or invisibly through legitimate but compromised security checks, he said. Having a recovery point that an admin knows is clean and readily available provides the only real form of protection.

"Every leader must operate on the assumption that attackers will eventually find their way in," Sinha said.

It's a message that more IT leadership and backup vendors are beginning to digest and understand, said Krista Case, an analyst at The Futurum Group.

Data backup and security have begun merging in terms of the primary responsibility and business continuity, she said. Organizations should also apply many of the security health checklists to backup as well, especially as more rely on public cloud services.

"It's well beyond a matter of simply backing the data up," Case said. "It's about taking sufficient copies to avoid data loss, validating the recoverability of those copies and recovering as quickly as possible, in order to facilitate business continuity."

Database defenders

Rubrik's backup software will protect several managed cloud databases in the coming months across a variety of public and private hyperscalers, according to the company.

The initial relational managed databases that the platform will protect include AWS RDS and Microsoft Azure SQL. These two mark the start of a new relational database protection focus for the company with additional database engines planned in the future, including MySQL, AWS Aurora, Oracle and more, said Rubrik spokespersons during the conference.

A relational database commonly stores mission-critical data, making it a target for attacks due to its often mission-critical importance and how easily they can be accessed through common protocols, Case said.

"Relational databases can be high-value targets because they often store structured, sensitive information such as healthcare data, and they are increasingly in use," Case said. "They are accessed via standardized query languages like SQL, which means that attackers can -- and do -- exploit this."

The company also plans to protect non-relational cloud databases as well, starting with AWS DynamoDB and Azure Cosmos DB in the coming months. Other new protection services planned will include orchestrated recovery for Azure VMs, according to a spokesperson.

Cloud vulnerabilities are a common vector for security compromises, according to Case's research at Futurum. This means that these cloud database services are another security vector that backup teams should pay attention to as they're folded into enterprise technology stacks, she said.

"Unstructured databases would be prone to common vulnerabilities such as misconfigurations, overprivileged users [and] lack of encryption," Case said.

Rubrik isn't the only backup vendor prioritizing cloud workloads this spring. Competitors Druva and Commvault expanded protection services for cloud VMs and databases, respectively, last month.

Druva now protects Azure SQL and Azure Blob Storage, building on a new partnership with the hyperscaler. Both services are available today, according to the company.

Commvault's platform will protect virtual machines running on Red Hat OpenShift Virtualization, with an expected launch of the new service this fall, according to the company.

Strong security

To reiterate the company's focus on cybersecurity, the Rubrik Forward virtual conference offered more than a half-dozen cybersecurity discussion sessions with guest speakers for a variety of enterprise needs.

Ron Ross, a former fellow at NIST, and Rob Joyce, former Cybersecurity Director at the NSA, speak during Rubrik Forward 2025.
At left, Ron Ross, a former Fellow at NIST, and Rob Joyce, former Cybersecurity Director at the NSA, speak during a panel at the online Rubik Forward 2025 vendor conference.

Speakers included Ron Ross, a former fellow at NIST, and Rob Joyce, former cybersecurity director at the National Security Agency (NSA). Both discussed how organizations should prepare themselves for cyberattacks in a conference panel.

Maintaining even the basics of data security will put most organizations ahead of the curve, according to Ross and Joyce. Simply applying software patches and keeping an inventory of devices can help curb digital intrusions, they said.

Joyce said modern cyberattacks are going after user credentials and identities, echoing Sinha's earlier sentiments that security and backup admins should assume compromises are a matter of when and not if.

These legitimate credentials enable attackers to initiate "living-off-the-land" attacks, which exploit or corrupt existing and trusted systems in an environment to create service disruptions, he said. Since these attacks are difficult to detect compared with legitimate operations, an intrusion can expose vulnerabilities for a long time before an attack commences.

The attackers will know your network better than the people who own and operate it.
Rob JoyceFormer Cybersecurity Director, NSA

Federal organizations like the NSA may deal more directly with nation-state threats, Joyce said, but organizations of all sizes that provide national infrastructure or commerce are equally vulnerable.

"The attackers will know your network better than the people who own and operate it," Joyce said. "When you're up against the [People's Republic of China], that's a pretty daunting challenge."

NIST offers a wide array of checklists and security benchmarks organizations can use as a starting point to build a cyber-resiliency and recovery plan, depending on their specific hardware and software stack, Ross said.

Organizations should identify the most critical damage that could take place and ensure there's an operational plan to continue business to avoid downtime, he said.

"You treat the sucking chest wounds before the hangnails," Ross said.

Both said a combination of public and private partnerships, as well as strong federal policies and support, is vital to maintaining cyber-resilience nationwide.

Even if political support for security wanes, an organization's own planning can prevent downtime and loss of business, Joyce said.

"Have a plan and sweat the details," he said. "Downtime is unacceptable. It's an existential threat."

Tim McCarthy is a news writer for Informa TechTarget covering cloud and data storage.

Dig Deeper on Data backup and recovery software