Why Backups Aren't Enough & Identity Recovery is Key against Ransomware

Dec 16, 2025

Matt Castriotta, Field CTO at Rubrik, shares insights on the vital need for cyber resilience over traditional backup strategies. He emphasizes that merely having backups is insufficient; organizations must recover clean, trusted data after attacks. Matt warns against the myths of cloud-native recovery like S3 versioning and elaborates on why identity must be the new perimeter in security. The conversation also covers AI's role in data integrity, offering practical advice on incident response and recovery planning.

37:01

forum

Ask episode

web_stories

AI Snips

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

insights

INSIGHT

Cyber Resilience Is About Clean Recovery

Cyber resilience means you can refuse to pay a ransom by recovering cleanly from attacks.
Recovery requires knowing what was impacted and restoring trusted copies, not just having backups.

volunteer_activism

ADVICE

Treat Backups As An Insurance Policy

Treat backups as an insurance policy and validate recovery capabilities regularly.
Ask which backup you would recover from and how long recovery will take.

insights

INSIGHT

Disaster Recovery ≠ Cyber Recovery

Disaster recovery and cyber recovery solve different problems and are not interchangeable.
Cyber recovery must assume data and identity are untrusted after an attacker gains access.

Get the Snipd Podcast app to discover more snips from this episode

Matt's background and role at Rubrik

01:34 • 1min

chevron_right

Defining cyber resilience vs operational recovery

02:35 • 1min

chevron_right

People, process and testing runbooks

04:04 • 2min

chevron_right

Mindset: assume breach and minimum viable company

05:35 • 1min

chevron_right

Why 'I have backups' is insufficient

06:59 • 2min

chevron_right

Disaster recovery vs cyber recovery differences

08:45 • 1min

chevron_right

Cloud-native hazards: versioning and replication myths

10:02 • 3min

chevron_right

Multi-cloud, DORA and cross-cloud recovery limits

12:52 • 2min

chevron_right

Shared responsibility and hyperscaler limitations

15:00 • 3min

chevron_right

Identity as the new perimeter

17:36 • 2min

chevron_right

Identity complexity and AI non-human identities

19:50 • 5min

chevron_right

AI's impact: data as the crown jewels

25:19 • 2min

chevron_right

Rubrik Agent Cloud and rewinding agents

27:38 • 52sec

chevron_right

Top priorities for a 2026 resiliency program

28:30 • 4min

chevron_right

Incident focus: what happened and who had access

Think your cloud backups will save you from a ransomware attack? Think again. In this episode, Matt Castriotta (Field CTO at Rubrik) explains why the traditional "I have backups" mindset is dangerous. He distinguishes between Disaster Recovery (business continuity for operational errors) and Cyber Resilience (recovering from a malicious attack where data and identity are untrusted) .

Matt speaks about the "dirty secrets" of cloud-native recovery, explaining why S3 versioning and replication are not valid cyber recovery strategies . The conversation shifts to the critical, often overlooked aspect of Identity Recovery. If your Active Directory or Entra ID is compromised, it's "ground zero” and you can't access anything. Matt argues that identity must be treated as the new perimeter and backed up just like any other critical data source .

We also explore the impact of AI agents on data integrity, how do you "rewind" an AI agent that hallucinated and corrupted your data? Plus, practical advice on DORA compliance, multi-cloud resiliency, and the "people and process" side of surviving a breach.

Guest Socials - ⁠Matt's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠

Questions:

(00:00) Introduction(02:20) Who is Matt Castriotta?(03:20) Defining Cyber Resilience: The Ability to Say "No" to Ransomware(05:00) Why "I Have Backups" is Not Enough(06:45) The Difference Between Disaster Recovery and Cyber Recovery(10:20) Cloud Native Risks: Versioning and Replication Are Not Backups(12:50) DORA Compliance: Multi-Cloud Resiliency & Egress Costs(15:10) The "Shared Responsibility Model" Trap in Cloud(17:45) Identity is the New Perimeter: Why You Must Back It Up(22:30) Identity Recovery: Can You Restore Your Active Directory in Minutes?(25:40) AI and Data: The New "Oil" and "Crown Jewels"(27:20) Rubrik Agent Cloud: Rewinding AI Agent Actions(29:40) Top 3 Priorities for a 2026 Resiliency Program(33:10) Fun Questions: Guitar, Family, and Italian Food

Home Top podcasts Popular guests Top books