In an interview with CRN, Rubrik CEO Bipul Sinha discusses data security in the age of GenAI and why “no one else in our space dares” to go public.

The well-known data security challenges presented by the arrival of generative AI have accelerated the already strong growth opportunities at Rubrik, which is positioned at the heart of enabling the safe use of GenAI tools, according to Rubrik co-founder and CEO Bipul Sinha.

Rubrik – which became the first cybersecurity vendor to go public in more than two years with its initial public offering in April— continued to experience major growth, with its annual recurring revenue (ARR) reaching $919 million at the end of July, up 40% year-over-year.

(Related: All eyes are on accelerating data security)

In a recent interview with CRN, Sinha said there’s no doubt that growing interest in GenAI adoption is helping to fuel the momentum at Rubrik. But the company has especially prepared to capitalize on the long-term opportunity zero-trust security approach and moves such as its entry into the data security position management (DSPM) space, he said.

When it comes to enabling GenAI adoption, “Rubrik is uniquely positioned with data (management) and data security combined in our platform,” Sinha said. “This is a growing market and we have the most important real estate in this market. Because without data (management) and data security, GenAI makes no sense.”

Sinha also discussed the global cause of CrowdStrike IT disruption in July, as well as the IPO market, which has seen no other cybersecurity vendor pursue an offering this year.

In terms of data security, in particular, “no one else in our space dares to enter (the IPO market),” he said. “And if you look at our competition, they’re teaming up with each other to survive.”

Here’s more from CRN’s interview with Sinha.

What do you think are the biggest things organizations need to know about data security in the GenAI era?

Starting in the early 2000s in the tech industry, it was all about automating workflow and building applications to increase productivity. The power has shifted from data to workflow. Now, the advent of GenAI has essentially heralded a new era where workflows don’t matter because the workflow will be generated and executed behind the scenes by AI. All you need is an agent – ​​you ask them to do something and they report back to you. So in this new world, the power has shifted from workflows and applications back to data. Data powers the workflow and that powers the generative AI engine.

So now that data is king, data sanctity, data availability, data security, is the no. 1 because if you lose that data, you can’t have GenAI. If you’re giving your data to the wrong people through GenAI, you have huge compliance and governance issues. So the business has now come to data management and security – that’s where the game comes in.

Where does Rubrik fit into this exactly?

In the cyber security industry, Rubrik is uniquely positioned with data (backup) and data security combined in our platform. This is a growing market and we have the most important real estate in this market. Because without data (backup) and data security, GenAI makes no sense.

Every organization is now thinking about how to ensure that the right data is delivered to the right user at the right time, on the right platform for the right duration. That’s where security becomes huge, as your trust in an AI system will be significantly diminished (without security).

How would you describe the biggest differentiator for Rubrik at this stage?

We have created a unique platform. You can’t layer on top of your legacy architecture for this. We built a brand new platform, a brand new architecture, built specifically for this. We’ve combined data security posture management or DSPM and cyber recovery into one platform. So we have a complete understanding of data risk, data threat and cyber recovery in one platform. No one else has that now. This is why we are the first cybersecurity company to go public in (several) years and no one else in our space dares to enter. And if you look at our competition, they band together to survive.

What would you point to as the biggest areas of traction for Rubrik since publishing in April?

We said in our earnings announcement that we are winning this market. Just look at the growth and the scale at which we are growing. We’ve surpassed $900 million in subscription ARR, just nine years into selling (the product), and we’re guiding the market to surpass $1 billion in ARR this year. So we are now at a significant scale as a software company. Very few companies have reached $1 billion in ARR.

Our goal is to truly create this new vision for the cybersecurity industry. For far too long, the industry has focused on preventing attacks from a variety of infrastructure platforms. But the ultimate goal of all this is data protection. And our vision was that we would focus on cyber resilience. Because the attacks are impossible to stop. You can’t stop all attacks. How do we make sure your business keeps going?

In terms of resilience, what are your takeaways from this summer’s CrowdStrike incident?

First of all, CrowdStrike is a great partner of ours. They reacted and responded very well and quickly. It was an unfortunate incident, but it really brought into focus what it means to be resilient. Everyone wants productivity. Everyone is doing digital transformation. Everyone is automating tasks. But the Achilles heel of this digital transformation is resistance. Can you have these services, which your business now depends on, up and running all the time? With what happened with CrowdStrike — think of it as a (movie) trailer for what could happen, on an even larger scale, if it were a real cyber attack.

This was certainly a reckoning for the whole world. People were writing boarding passes by hand. Suddenly you go from the 21st century to the 20th century when these services are shut down. So it was a big reckoning. And now, the focus on productivity is still there, but people are also thinking about how to secure that productivity gain. And securing isn’t just about protecting against cyber. But securing means making sure these services are available.

Overall, does it seem like 2024 was a pretty rough year in terms of cyber resilience?

Look at what happened at (UnitedHealth Group) and Change Healthcare. It affected the entire ecosystem. If you do any business with Change Healthcare then your business is affected. When an incident like this happens, then everyone realizes how interdependent we are between companies. If you look at systemic risk, it increases as interconnectedness increases. And one of the goals of technology is to create more interconnections. That’s why this particular CrowdStrike incident had a global impact. So this is the thing we all need to consider – are we building resilience into our digital lives? So as the digital intensity goes up, if that digital part doesn’t have resistance, then there are huge problems.

Do you think your channel partners are aware of what you think is necessary with data security right now or not?

I think our channel partners who have fundamentally understood that the market has shifted from backup and recovery to cyber resiliency around data security — channel partners who have understood that have been tremendously successful. Channel partners who are still in this old world of backup and recovery are struggling. So we’re continuously educating our partners because that’s where the market is. It’s no different than what happened to the phone market. BlackBerry and Nokia made phone and text, but the iPhone invented an internet device – which, in addition to phone and text, brought apps and data and internet to the phone. Similarly, Rubrik has transitioned this market from backup and recovery to a data security platform for cyber resilience. If you are selling the old old products, this is not a winning proposition.