Rubrik adds data sensitivity labels to secure access control

Rubrik has added Data Security Posture Management (DSPM) to Rubrik Security Cloud, using Microsoft labeling to protect sensitive data access, with an AI gloss, and prevent its loss.

DSPM supplier Laminar was bought by Rubrik in August 2023, and Rubrik has been building on this acquisition since then. DSPM was a feature of its Cisco cyber-resilience partnership in August. Rubrik also introduced DSPM for Microsoft’s 365 Copilot in October. This identifies and controls access to sensitive Microsoft 365 data, preventing unwanted exposure. Now it has integrated it into its mainstream Rubrik Security Cloud (RSC) offering, saying DSPM helps accelerate AI adoption by quickly and easily identifying data risks.

Mike Tornincasa, Rubrik
Mike Tornincasa

Mike Tornincasa, Rubrik’s chief business officer, stated: “Organizations struggle to contain the risk of sensitive or critical data getting leaked through GenAI, especially as that data grows rapidly across fragmented environments. Having Rubrik DSPM within Rubrik’s comprehensive Cyber Resilience platform reduces that complexity to help accelerate AI adoption, and secure data wherever it lives.”

Rubrik claims that, unlike standalone DSPM solutions that require a lengthy, months-long deployment process, Rubrik DSPM allows existing customers to simply activate DSPM capabilities within their environment. This activation empowers organizations to proactively reduce data risks across fragmented cloud, SaaS, and on-premises environments to accelerate secure AI adoption and ensure their sensitive data remains protected.

RSC DPSM will “automatically find and classify sensitive data across cloud, SaaS, and on-premises environments, and put security controls in place.” It does this by using Microsoft’s MIP (Microsoft Information Protection) labeling.

MIP is security metadata involving the addition of labels to data that set a sensitivity level, such as Confidential, Internal, or Public. The classification can be manual (users apply labels) or automatic (based on policies, such as keyword matches or patterns like credit card numbers). Labels can be used to enforce protection through encryption, access control, and watermarking. For example, a “Confidential” label might restrict access to specific users or prevent files from being emailed externally.

Rubrik says that customers “can rapidly enable DSPM for increased data visibility and sensitive data control across cloud, SaaS, and on-premises environments from their existing Rubrik Security Cloud instance, without disruptive new data scans.” 

Logically, a customer’s backed-up data in the Rubrik Security Cloud still has to be scanned for its sensitivity to be determined and labels applied. That means a customer has to set up its own group of labels and decide which data merits which label. Then the customer has to initiate the scan.

Once that is complete and the labels are in place, the customer has to decide how to take advantage of them in their data access procedures. In other words, data sensitivity label checking has to be switched on for some or all of their data, and decisions made about what to do if a check identifies invalid data accesses. This is not like buying a turnkey application.

Rubrik says that RSC customers using DPSM will be able to:

  • Gain control and visibility of data.
  • Safely and confidently enable GenAI use cases.

They can reduce DPSM deployment time, avoid the creation of multiple snapshots of their data for disconnected tools, and eliminate the need for disruptive scans on live systems and additional security audits from a separate tool.

RSC with DSPM will be available in early 2025.