![]() ![]() The Policy Engine can be thought of as a data firewall – controlling access to data based on the identity of the requestor, that individual’s authorized privileges, and the requested target.Īccess control policies can be defined using predefined roles, such as read-only. What is underappreciated is the Policy Engine’s ability to secure access based on an IT administrator’s organizational role. Here is a blog explaining this part of the DataGuardian Policy Engine. Rubrik’s SLA domain policies are well-understood and have driven the company’s success in modernizing data protection for thousands of customers. The Policy Engine uses SLA policies to protect data, both in the data center and in the cloud. These policies are declarative and manage data throughout its lifecycle - from basic snapshot protection, through long-term retention, data archival, and data replication. First, it protects application data by managing and applying SLA domain policies for target workloads and backup data. Rubrik DataGuardian incorporates an advanced Policy Engine that manages two core aspects of the data platform. The access granted is minimally sufficient to perform the approved data operation. Additionally, even internal data operations adhere to the Zero Trust principle of least privilege. These low-level APIs are restricted to internal use only so external actors can never access Rubrik-managed data directly. The API Gateway also integrates with popular SIEM and SOAR tools to drive collaboration between IT operations and security operations teams to quickly scope attacks and accelerate the recovery of applications and data.įor internal system communications, the API Gateway uses low-level APIs in combination with Rubrik proprietary protocols. All API communications are secured by role-based access controls and API security tokens.Įxternal REST-based APIs support integration into the larger IT environment, helping to automate backup and recovery operations. This means that any operation executed via the Rubrik UI can also be automated through platform APIs. The Rubrik platform is built with an API-first architecture. Control Plane API GatewayĭataGuardian includes an API Gateway that manages all internal and external data operations and enforces proper security controls against all data access attempts. DataGuardian is proprietary to Rubrik and applies robust security capabilities across the control and the data plane. ![]() The Rubrik architecture combines user and employee risk management, a secure data layer, compliance, and data intelligence capabilities to protect backup data and ensure organizations are prepared to recover from an attack without paying a ransom.įigure 1: Rubrik Zero Trust Data SecurityĪt the core of Rubrik Zero Trust Data Security is DataGuardian, a set of purpose-built technologies designed to protect backup data so that you have a reliable and resilient recovery point from which to restore applications and data. Rubrik Zero Trust Data Security™ is a proprietary architecture modeled after the NIST (National Institute of Standards and Technology) Zero Trust Implementation Model. Even when authorized access is granted, Zero Trust mandates that users are given only the privileges necessary for their role and the specific task. In other words, trust no one and verify everything. All attempts to access data are considered possible threats. When Zero Trust is applied to data management, all users, devices, and applications are presumed to be untrustworthy. This requires implementing an important security principle known as Zero Trust. If your backup data is being targeted, then your security must start at the point of data. What steps can organizations take to reduce their risk and ensure that their backup data can serve as the last and best line of defense? With ransomware threats becoming more sophisticated, attackers are now targeting backups, leaving many organizations without a clear recovery strategy. It looks like we’ve been hit by ransomware.” More than likely, your first questions are, “What about our backups? Can we recover?” Unfortunately for many, the answer is, “No. “Our systems are locked, and we can’t access anything. and you get that call you hoped you’d never get. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |