You know that feeling when you're contemplating a move to a potentially less desirable location in your city for XYZ reasons (probably to get more bang for your buck). But then, the old cliché "location, location, location" starts ringing in your head. No matter how much land you can buy in rural Texas, you decide to stick around in central Austin for the access to great amenities. Now, when it comes to the Rubrik filesystem, I want you to replace "location, location, location" with "security, security, security." If you're evaluating what makes a good backup solution, I'll outline three reasons why Rubrik's filesystem earns a nod for being a secure choice.
Reason 1: Did I Hear "Immutable"? 🤔
To be fair, the bare minimum for a good backup solution is having immutable data. If you ever need to restore this data at any point, why would you want the ability to overwrite it? What do I mean by immutability?
By immutability, I mean that the data itself cannot be overwritten or modified. The opposite of immutability is mutability, which is the ability to modify something. Think about posting a tweet and realizing there's a typo – you probably want the ability to modify that tweet in place. However, your backup solution is not a tweet, and you shouldn't want it to be tampered with.
Because many applications are virtualized, infrastructure systems need to be aware of logical data and physical data. Rubrik's filesystem achieves immutability at both the logical and physical levels by using cyclic redundancy checks (CRC) for each file. CRCs are used for data verification by comparing the data at the source and the recipient location to ensure that data hasn't been corrupted or accidentally modified. Storing the CRCs with each file allows Rubrik to check against the file for every data operation requested. If a write operation is requested to alter the data, Rubrik will check against the CRC file and reject that operation. Additionally, Rubrik automatically verifies that the data hasn't been modified, regardless of whether a data transformation operation has been requested.
Figures 1 & 2 (see below): Shows the architecture behind immutability
Reason 2: Did I Hear "Air Gapped"? 🤔🤔
Yes, Rubrik's filesystem is air-gapped. "Air-gapped" is a fun word and usually means that data is offline and not accessible via the public internet. If you were to put data on a hard drive and store that hard drive under your bed, I would definitely classify that data as air-gapped. But how do you air-gap a system that will probably need to be connected over some sort of public network to perform an upgrade operation at the very least?
Rubrik's filesystem does indeed connect to the internet, but it cannot be exposed to external clients as a storage target. This means Rubrik's filesystem cannot be mounted on some random server as a file share where all the files can be accessed at will. Mounting your backup's filesystem to a server is problematic because it means that anyone with access to that server can now access all the backup data, and if they can access the data, someone could surely find a way to delete it.
Figure 3 (see below): Shows us an alternative way to accomplish air-gapping where Dell's DataDomain has a completed isolated physical "CR Vault", where the CR Vault's DataDomain is only open to accept replication traffic
Reason 3: Every Operation Must Be Verified 🤔🤔🤔
This one is short and sweet – only Rubrik-certified services can perform operations within the Rubrik cluster. Every data operation must first be validated with certificate-based mutual authentication. Only Rubrik can talk to Rubrik. We can say that Rubrik is the bouncer standing outside the club, only letting in first-class citizens (sorry, everyone else)
In conclusion, when it comes to securing your data and ensuring a reliable backup solution, Rubrik's solution comes in as a viable option. Just as the real estate mantra emphasizes the significance of "location, location, location," Rubrik underscores the importance of "security, security, security" in the world of data protection.