There is a tendency in the IT industry to treat backup as a necessary evil. Something you set up, forget about and hope you never have to use seriously. That attitude costs businesses billions every year.
Modern ransomware attacks now explicitly target backup systems – because the attackers know exactly what they’re doing. If they can encrypt or delete your backups before they hit the production environment, you’re stuck. Backup is no longer the internal affair of the IT department. It’s a business-critical function with a direct link to how long the business can survive an attack.
In this context, the choice of backup platform is a security decision, not just a storage purchase.
Two philosophies, two architectures
The market has effectively converged around two dominant platforms: Cohesity and Rubrik. Both are replacing legacy solutions from a completely different technological paradigm. But that’s where the similarities end – and the differences are not marginal.
Cohesity: backup as an active data platform
Cohesity was founded by Mohit Aron, one of the architects behind Nutanix, and it shows in the design. At its core is SpanFS – a distributed file system designed to scale linearly, without bottlenecks and without reliance on a central metadata database. Data and metadata are spread evenly across all nodes in the cluster from day one.
What makes Cohesity technically interesting is not just how it stores data, but what it does with it. SpanFS is a live file system. That means a backup volume can be exposed directly to a hypervisor – VMware, Nutanix AHV, or Hyper-V – and hundreds of virtual machines can be booted directly from the Cohesity repository in a disaster scenario, while the data in the background is migrated back to the primary environment. It’s an architectural possibility that legacy backup never even approached.
Deduplication occurs with variable block lengths in real time, globally across the entire cluster. In practice, this means that an organization that puts backup, archive, file services, and test/dev environments on the same Cohesity cluster often sees dramatic reduction numbers – and a unit cost per terabyte that drops steadily with scale.
The licensing model is capacity-based (per TB or per node), which rewards consolidation. The more you spend on the platform, the better the calculation.
Heading: backup as a security domain
Rubrik took a fundamentally different approach. The question they asked was not “how do we manage data effectively?” but “how do we design a system that an attacker with full network access still cannot compromise?”
The answer is Atlas – a file system built on the principle of immutability. Data in Atlas is append-only. A written block cannot be modified or deleted via external commands, ransomware, or administrator accounts on the production network. It’s not a configuration setting – it’s an architectural feature embedded in how the file system works.
During normal operation, Rubrik does not expose its storage surface via standard protocols like SMB or NFS. This is a deliberate choice: the attack surface is minimized by removing the interfaces that are otherwise the most common vectors.
The configuration philosophy reflects this. Rubrik has replaced the traditional backup job with SLA Domains: you define the business requirement (“protect this database every four hours, retain for seven years”) and the platform takes care of the rest. Scheduling, resource allocation, verification – everything is automated and API-driven. This makes Rubrik popular in devops-oriented environments, but it’s equally suited to organizations that want a system that requires minimal ongoing administration.
The licensing model is subscription-based and tied to the amount of front-end data – that is, the actual data you protect, not the capacity behind the scenes. A transparent model where the cost follows the business rather than the infrastructure.
How do you choose?
There is no universal ‘best’ platform. There is the platform that best fits your environment, your threat landscape and your requirements.
A rough rule of thumb that holds in practice:
Cohesity is often the right choice when:
- You have large volumes of unstructured data (files, objects) that you want to consolidate
- You want to use the backup as an active resource – for dev/test, analytics or fast disaster recovery
- Scale and cost-effectiveness per TB weigh heavily in the decision
Headline is often the right choice when:
- Zero Trust isolation and immutability are non-negotiable requirements
- You want a set-and-forget system with minimal administrative overhead
- The environment is cloud hybrid and you want a unified policy engine across on-prem and cloud
But it’s not always an either-or. Several of the organizations we work with have come to the conclusion that they want both – and that’s a perfectly rational decision.
Why dual platforms can be an active strategy
In security architecture, it is well known that monoculture is a risk. If your backup environment is built entirely on one vendor’s codebase, you expose yourself to that vendor’s vulnerabilities – and history shows that no systems are immune to zero-day vulnerabilities, even those designed for security.
Having Cohesity’s SpanFS and Rubrik’s Atlas in parallel means that a critical bug in one system does not compromise the other. For organizations with extremely high availability requirements – financial institutions, critical infrastructure, healthcare – it’s not overkill, it’s reasonable risk management.
It’s also about matching the right architecture to the right data classification. Your most sensitive, irreplaceable data may deserve Rubrik’s strict immutability. Your large volumes of operational data benefit more from Cohesity’s consolidation and active reusability.
Test in real life, not in slides
At Aixia, we operate both platforms in Swedish data centers. Your data stays in Sweden, under Swedish jurisdiction, all the way.
We offer Proof of Concept tests against your own data – not synthetic demo environments. This means you can measure the things that actually matter to your decision: real recovery time in your environment, deduplication rates achieved with your data, and how the licensing models actually perform financially in a 3-5 year perspective.
Want to see how the two architectures relate to your specific threat landscape and regulatory requirements? Get in touch – we’ll run a technical briefing.
