In an interview with CRN, Rubrik CEO Bipul Sinha discusses data security in the GenAI era and why ‘nobody else from our space is even daring’ to go public.

The well-known data security challenges posed by the arrival of generative AI have accelerated the already strong growth opportunities at Rubrik, which is positioned at the center of enabling secure usage of GenAI tools, according to Rubrik co-founder and CEO Bipul Sinha.

Rubrik—which became the first cybersecurity vendor to go public in more than two years with its initial public offering in April—has continued to see major growth with its annual recurring revenue (ARR) reaching $919 million as of the end of July, up 40 percent from the year before.

[Related: All Eyes Are On Accelerating Data Security]

In a recent interview with CRN, Sinha said there’s no question that the surging interest in adoption of GenAI is helping to fuel the momentum at Rubrik. But the company has notably set itself up to capitalize on the opportunity with its long-running zero-trust security approach and moves such as its entrance into the data security posture management (DSPM) space, he said.

When it comes to enabling adoption of GenAI, “Rubrik is uniquely positioned with data [management] and with security of data combined into our platform,” Sinha said. “This is an emerging market, and we have the most important real estate in this market. Because without data [management] and the security of data, GenAI is meaningless.”

Sinha also discussed the global CrowdStrike-caused IT outage in July as well as the IPO market, which hasn’t seen any other cybersecurity vendors pursue an offering this year.

In data security, in particular, “nobody else from our space is even daring to enter [the IPO market],” he said. “And if you look at our competition, they are merging with each other to survive.”

Here is more of CRN’s interview with Sinha.

What do you see as the biggest things organizations need to know about data security in the GenAI era?

Starting in the early 2000s of the tech industry, it was all around workflow automation and application building for productivity gain. Power moved from data into the workflow. Now, the advent of GenAI has essentially heralded a new era where workflows don’t matter because the workflow will be generated and executed behind the scenes by AI. All you need is an agent—you ask them to do something and they report back to you. So in this new world, the power has moved from the workflows and applications back into the data. The data fuels the workflow and that fuels the generative AI engine.

So now when the data is king, the sanctity of the data, availability of the data, security of the data, is the No. 1 issue because if you lose that data, you can’t have GenAI. If you feed the data to the wrong people through GenAI, you have huge compliance and governance issues. So the business has now come to data management and data security—this is where the game is.

Where does Rubrik fit into this exactly?

In the cybersecurity industry, Rubrik is uniquely positioned with data [backup] and with security of data combined into our platform. This is an emerging market, and we have the most important real estate in this market. Because without data [backup] and the security of data, GenAI is meaningless.

Every organization is now thinking about how to ensure that the right data is delivered to the right user at the right time, on the right platform for the right duration. That’s where the security becomes huge because your trust in an AI system will get significantly diminished [without security].

How do you describe the biggest differentiator for Rubrik at this stage?

We have created a unique platform. You can’t just put a layer on your legacy architecture for this. We built a brand-new platform, a brand-new architecture, purpose-built for that. We combined data security posture management, or DSPM, and cyber recovery in a single platform. So we have the full understanding of data risk, data threat and cyber recovery in a single platform. Nobody else has that right now. That’s the reason that we are the first cybersecurity company to go public in [several] years, and nobody else from our space is even daring to enter. And if you look at our competition, they are merging with each other to survive.

What would you point to as the biggest areas of traction for Rubrik since going public in April?

We said in our earnings announcement that we are winning this market. Just look at the growth and at the scale at which we are growing. We crossed $900 million in subscription ARR, just nine years of selling [the product], and we are guiding the market to exceed over $1 billion ARR this year. So we are now at significant scale as a software company. Very few companies hit $1 billion in ARR.

Our goal is to really create this new vision for the cybersecurity industry. Because for far too long, the industry focused on attack prevention from a variety of infrastructure platforms. But the ultimate goal of all of this is data protection. And our vision was that we will focus on cyber resilience. Because attacks are impossible to stop. You can’t stop all the attacks. How do we ensure that your business continues to keep going?

In terms of resiliency, what are your takeaways from the CrowdStrike incident this summer?

First of all, CrowdStrike is a great partner of ours. They reacted and responded really well and fast. It was an unfortunate incident, but it really brought into focus what it means to have resiliency. Everybody wants productivity. Everybody is doing digital transformation. Everybody is automating tasks. But the Achilles’ heel of this digital transformation is the resilience. Can you have these services, that now your business depends upon, up and running all the time? With what happened with CrowdStrike—think about this as a [movie] trailer for what could happen, on an even bigger scale, if it was a true cyberattack.

This was definitely a reckoning for the whole world. People were writing boarding passes by hand. Suddenly you go from the 21st century to the 20th century when these services are down. So it was a huge reckoning. And now, the focus on productivity is still there—but people are also thinking about how to secure that productivity gain. And securing doesn’t mean just secure from cyber. But securing means making sure that these services are available.

Overall it seems like 2024 has been a pretty rough year in terms of cyber resilience?

Look at what happened at [UnitedHealth Group] and Change Healthcare. It impacted the whole ecosystem. If you are doing any business with Change Healthcare, then your business is impacted. When an incident like this happens, then everybody realizes how interdependent we are across businesses. If you look at systemic risk, it increases as the interconnectedness increases. And one of the goals of technology is to create more interconnections. That’s why this particular incident with CrowdStrike had a global impact. So that’s the thing that we all have to reckon with—are we creating resilience in our digital life? So as the digital intensity increases, if that digital part has no resiliency, then there’s huge trouble.

Do you think your channel partners are up to speed on what you see as necessary with data security right now or no?

I think our channel partners who have fundamentally understood that the market has moved from backup and recovery into cyber resilience around data security—the channel partners who have understood that are finding tremendous success. The channel partners who are still in this old world of backup and recovery, they are struggling. So we are continuously educating our partners because this is where the market is. It’s not dissimilar to what happened to the phone market. BlackBerry and Nokia were doing phone and texting, but iPhone invented an internet device—which, in addition to phone and texting, brought apps and data and internet to the phone. Similarly, Rubrik transitioned this market from backup and recovery into a data security platform for cyber resilience. If you’re selling the old legacy products, that’s not a winning proposition.