Rubrik has acquired identity orchestration company Strata.io and used its annual customer event to unveil two new identity products aimed at a painful gap in cyber recovery: keeping authentication online while rebuilding compromised identity systems. Terms were not disclosed.
The transaction gives Rubrik a more credible position in identity resilience, an area adjacent to its core backup and recovery franchise but strategically more valuable. Data can be restored after an attack. Identity is harder. Once an attacker compromises an identity provider or Active Directory, companies face a messy tradeoff between reverting to a clean snapshot and preserving legitimate changes made since the breach. Rubrik’s new Identity Roll Forward is designed to reconstruct Active Directory while preserving approved changes such as employee onboarding and offboarding. Identity Continuity, enabled by Strata, adds failover to a secondary identity provider so authentication can continue during an incident.
That combination matters because Rubrik is no longer just selling recovery infrastructure. It is moving up the stack into operational continuity. Strata’s software was built to unify fragmented IAM environments across cloud, hybrid, and on-premises systems without forcing customers to rewrite application code. For Rubrik, that reduces deployment friction and gives it a way into the identity control plane without building a full identity platform from scratch.
The subtext is competitive pressure. Cyber vendors are racing to own larger portions of the post-breach workflow, where budgets are holding up better than in discretionary security tooling. Acquire.fyi data shows technology M&A volume is down 10.2% year to date, even as median deal size has risen 9.4%, a sign that buyers are still paying for assets that solve urgent infrastructure problems. Identity recovery fits that category.
There is execution risk. Both Identity Roll Forward and Identity Continuity are only in private preview, and Rubrik still has to prove customers will trust one vendor to manage backup, recovery, and identity continuity in the middle of an active attack. But if the company can make identity failover and clean-state restoration work at enterprise scale, rivals in backup, IAM, and incident response will have to respond. The boundary between recovery software and identity infrastructure is starting to disappear.
Source: Company press release and Acquire.fyi's proprietary data
