Objection Handling 1
“Rubrik sounds expensive, native tools are so much cheaper.”
"That’s fair—if you’re looking for just a compliance checkbox, there are definitely cheaper options. But the cost of a backup isn't the storage fee; it’s the cost of downtime. We are priced for recovery speed, not just storage."
“We back up Active Directory at the VM level already”
“That’s great, but we’ve seen attackers typically lie dormant for more than 28 days before launching an attack. How long would it take you to rebuild all of the changes to your thousands of users if you had to go back over 4 weeks to find a clean backup? Would you be able to recover your entire forest if you were in a mass recovery event?”
“I use the native AD backup software, I can recover from there.”
“That’s a good approach for single Domain Controller operational recovery, but in recent cyber attacks we’ve seen all the Domain Controllers get targeted. Recovery from a SW level backup entails a highly manual 150 page process for each DC, and on average takes a week. What would be the impact for your executives if your users couldn’t access their critical apps for a week?”
Okta is the most secure IDP on the market, why do I need a separate backup solution?
“Okta has some great authentication capabilities, but can’t protect against accidental deletion or the actions of rogue admins / compromised credentials. The best defense against a cyber attack is a quick and clean path to recovery. Even if you can recover with native backup tools in Okta, you’re limited to 30 day retentions, lack of granularity, and will have to rebuild all of the underlying dependencies. How long would that take for an organization of your size?”
“We have 90 days of retention in the Recycle Bin.”
"The average 'dwell time' (the time an attacker sits in your network before striking) is often over 100 days. If an attacker quietly deletes data or modifies policies 4 months before triggering the ransom note, that data is already gone from your 90-day recycle bin. You are protecting yourself against accidents, but not against patience."
“We’re moving to the cloud… AD is just a legacy system we barely touch”
“Completely understand, many of our customers are going through similar journeys. During that migration, AD is typically still your “source of truth” for hybrid users, meaning any compromise there can be synced to negatively impact your Entra users.”
“We don't have budget for this right now”
"Completely understand—budgets are tight. That being said - Is M365 considered a 'Tier 1' critical application for you? If email went down for a week, what would be the impact? Usually, we find that protecting the company's 365 environment costs less than one day of downtime, and we can start with your most critical users (executives/admins)."
“My Cyber Insurance will cover the cost if we get hit”
"I hope they will… Have you checked your policy renewals lately? Most carriers are now denying claims if you can't prove you had an isolated, immutable backup in place before the attack. They treat M365 without third-party backup as 'negligence.' Even if they do pay, they cover the financial loss, not the reputation loss or the 3 weeks your team spends unable to send emails."
“MSFT has built in replication, so we are safe from disaster.”
"Replication creates a mirror image. If a file is corrupted or deleted in Data Center A, Microsoft instantly replicates that corruption to Data Center B and C to keep them in sync. You now have three perfect copies of corrupted data. Replication protects you from a hardware failure, but not a cyber attack."
“I already have AD Forest Recovery with Quest / Semperis”
“It’s great that you have a Forest Recovery Solution, and they are fantastic DR tools. Unfortunately both of those solutions run on Windows using a Full Trust model, and criminals or rogue admins can render the software unavailable during a large-scale attack. How would you execute a Forest Recovery if you were unable to access Quest / Semperis?”
"Doesn’t OKTA protect the data for me? They guarantee 99.9% uptime."
“That’s a common belief, but OKTA actually states that they are responsible for the uptime of the service, and the data is the responsibility of the customer. In the event of a cyber attack or outage, it’s on you to recover your Identity Data.”
“I have all of my users and groups backed up in Entra’s Recycle Bin”
“Great, that’s the first step. From there the biggest challenge is assigning accurate applications and conditional access rules to each of your users. How would you do that for thousands in the event of an attack? How long would that process take?"
“MSFT is responsible for my data, they would help me get it back.”
"Microsoft’s Service Level Agreement (SLA) actually guarantees the uptime of the infrastructure, but it explicitly states that you are responsible for the data. In fact, Microsoft’s own services agreement recommends using a third-party backup.”
“We have 10 Domain Controllers, so we have built in redundancy through replication. If one fails, we just use the others.”
“That works great for DR or Hardware failure, but what about a cyber attack or if a rogue admin deletes a group? The deletion / encryption can be replicated to all of your other controllers in seconds, that's why it’s so important to have an air gapped copy that sits outside of the replication loop to safely recover.”
“I don’t need to backup Entra, it’s in the cloud so MSFT handles the data.”
“That’s a common belief, but what MSFT actually states in their Shared Responsibility Model is that the data is the customer’s responsibility. That means that during a cyber attack, recovering your Entra environment is your responsibility, and MSFT actually recommends having a 3rd party backup solution for this reason.”
"We use OneDrive sync, so everyone has a copy on their laptop”
"Sync is actually the problem, not the solution. If a user gets a virus on their laptop, OneDrive instantly syncs that infection up to the cloud. Then, because five other people sync that same folder, the virus downloads to their laptops instantly. Sync doesn't protect data; it acts as a distribution system for malware."
“We have audit logs in Entra to see what has changed and would fix it”
“Logs are great when it comes to"who" and "when" changes occurred, but they aren’t able to remedy those changes effectively. How long would it take to rebuild all of the changes for thousands of users? We deliver point in time recovery to bring you back to a clean place in minutes.”
“Entra ID has the recycle bin out of the box, I can recover from there.”
“Yes - you can. But if someone makes a mistake and changes permissions for thousands of users, there is no easy way to undo the mistake and go back to a specific point in time. You’re forced to manually rebuild the permissions for each of your users, this is because the Recycle Bin lacks point in time recovery.”
“We don’t have any sensitive data in Entra, it’s just for logging in.”
“That’s good, but the risk with Entra is more than just sensitive data. You use Entra to access most of your critical cloud/SaaS apps, what would be the impact if you couldn’t access Salesforce or your m365 environment for 2 weeks?”
“I have versioning with OneDrive / SharePoint so I can go back to an older version.”
"Versioning is great for 'oops' moments. But modern ransomware is smart—it often encrypts the file, effectively creating a 'new version,' and then does it 500 more times to exhaust your version limit, pushing the clean version off the cliff. Alternatively, if a malicious admin or compromised account permanently deletes the file, the version history dies with it."
"I have a 3rd party tool for my OKTA backup, it’s called Backupta and it works great.”
“That’s a great product, is Okta your only IDP? What most of our customers tell us is that they have AD for on prem apps, or another IDP in the mix. While Backupta can get your Okta environment back up, it can’t help with the other IDPs and more importantly - the underlying data. How would you recover the rest of your environment in the event of a cyber attack?”
“I’m happy using recycle bin, it does backup and recovery”
"Native tools are excellent for restoring a single deleted email or file that you lost yesterday. They are not designed to restore 50,000 files that were encrypted by malware dwelling for months. If you had to recover 10,000 users manually, how long would that take your team?"
“If we really need to recover email, we can just export data to PST files manually”
"That’s a great option for 5 users, but have you ever tried to import a 50GB PST file back? It can corrupt or crash, and takes hours per user. If you have to recover thousands of users after a breach, your team will be manually importing files for six months. Modern recovery needs to be automated, not manual."
“I have an E5 license, so we have infinite retention with Litigation Hold…”
"That’s a great license, but Litigation Hold is designed for eDiscovery (finding evidence for a lawsuit), not Recovery (restoring a business). If ransomware encrypts your SharePoint, that retention policy just retains the encrypted version of the file forever. It doesn't give you a clean copy to restore from."
“We don’t keep a lot of sensitive information in 365.”
"Even if 365 doesn’t have a single byte of sensitive data, it holds a lot of power within the organization. A successful attacker can compromise your email, impersonate your executives, and authorize fraudulent activity. Protecting 365 isn’t just about the data, it’s about securing your entire organization."