Table of contents:
Overview - What is the Gartner Magic Quadrant?
The Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions, or simply “The Gartner MQ for Backup", has been a cornerstone of 3rd party analyst validation for the data protection market for well over a decade. Its unbiased analyst perspectives are key in the go-to-market for the vendors involved. Even simply being listed in the MQ, especially the “Leaders” quadrant can lead to client consideration and getting vendors a seat at the table.
Each year, the Gartner criteria for evaluation and positioning change to align with the current market demands, trends, and industry drivers – even the analyst authors themselves change year-to-year. This ever-shifting criterion means that you really can’t compare one year’s MQ directly against another years as the metrics for positioning and scoring could vary drastically. For example, the ongoing and ever-increasing threats to data, and thus the need for much more robust data security capabilities within backup solutions was much more heavily weighed than in prior years, as was the need for solutions to offer simplified management across increasingly complex and diverse enterprise data environments. Vendors that address both and can protect data across a range of SaaS, (multi)cloud, hybrid, and traditional data sources will score better than in prior MQs where these were not quite yet as critical as they are today.
One thing to note in the Gartner reports is that they do consider the vendor market share as a measurement for placement and scoring in the MQ – others do not. This does result in vendors who may have a larger install base being able to maintain a stronger position than you may have thought at first – size matters!
Before reviewing my interpretation and analysis, I strongly recommend reading the FULL Gartner report itself, as they detail their definition of the market, outline the criteria for evaluation in more detail, and key elements of consideration that are unique to this year’s report. It is important to have this background understanding when building your own perspectives on this year’s report. It is also important to keep in mind that this report focuses on the enterprise market and vendors’ suitability therein. A vendor might not position strongly for enterprise clients, but be an excellent choice for mid-market, SMB, or MSP customers.
If you're a Gartner subscriber, you can access the full report directly from the Gartner website: https://www.gartner.com/en/documents/4017101
Many of the vendors in the report have also subscribed to gain permission from Gartner to share the report themselves via their own websites.
Now, let’s dive in!
Highlights - The 2023 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions (EBRSS)
If you’re unfamiliar with the Magic Quadrant, let me do my best to oversimplify things. There are 2 main axes:
The horizontal axis is Vision – or what I like to refer to as “talking the talk”
The vertical axis is Execution – or what I call “walking the walk”
Ideally, you want to be the best of both worlds where you not only understand the market and predict the needs of your customers, but you’re capable of delivering on that perception and innovation with actual product(s) being sold that address those needs. As you can see from the above visual, some vendors excel on execution, which means they move a lot of product. Others lead in vision, which means they are good at understanding their customers. You need both to be the true leader – the closer to the top-right the better.
Again, that’s me really oversimplifying things as there’s a lot that goes into determining and weighing how well each vendor walks and talks, which is again why I recommend reading the whole report.
Before moving on, Gartner themselves do not recommend comparing MQ positions year-over-year as the criteria changes so it’s never an apples-to-apples comparison. I know I’ve said not to do this, but everyone does (assuming they moved in a “good” direction) so let’s just get this out of the way:
There was not a lot of movement in the Leaders quadrant as most of the group clustered up together – though Cohesity and Veritas both shifted slightly ahead of Commvault for Vision. Rubrik remained the leader for overall Vision with Veeam maintaining their position as leader for Execution.
IBM and Acronis made the biggest jumps shuffling into different quadrants entirely - we’ll explore that later. Zerto left the MQ as their post-HPE position has shifted to be more DRaaS than backup and they no longer meet the criteria from Gartner. With the Open Text acquisition of the backup IP (Data Protector) from Micro Focus, those 2 swapped.
In my opinion, the biggest disruption to the MQ is the introduction of Microsoft as a Niche Player to the quadrant. While the hyperscalers (Microsoft, AWS, Google) all have their own native backup offerings, Microsoft is the first to see their solutions crossing the criteria thresholds for customer adoption and revenue to land in the Gartner MQ. This is a significant “first” and certainly should be a wake-up call to the other data protection vendors that the services being built by these cloud providers are something to be contended against.
The Gartner MQ Leaders
The Leaders quadrant is where the evaluated vendors all are hoping to land. These are the top innovators who not only can anticipate the market trends and customer needs, but develop products that can solve these evolving problems and deliver them to the market with success. Let's briefly review who the leaders are, why their solutions are positioned so strongly, and what challenges they still need to overcome in their portfolios:
Cohesity
This year, Cohesity moved slightly ahead of Commvault in the Vision axis, placing them 3rd overall for Vision and shifting them into 4th for Execution. Cohesity added a host of new and expanded services to their portfolio since the last MQ was published including Fort Knox (a new cloud air-gap solution), DataHawk (enhanced threat detection and classification), and new (limited) multi-cloud support for their BaaS DataProtect offering. Cohesity continues to shift more functionality to their SaaS control plane to support a streamlined user-experience for operations and management. Cohesity’s new Data Security Alliance also highlighted their commitment to working with other cyber security vendors to provide stronger overall security for their joint customers.
However, this approach does have some drawbacks and it does introduce complexity and dependencies on these 3rd party and OEM solutions to solidify customer security postures. Cohesity’s AWS BaaS solution, while it did add Azure support for M365 backup storage, is still limited in terms of the workloads that can be protected by that service – not to mention that Fort Knox and DataHawk are yet to be available to customers using their BaaS (core platform only).
Verdict: Cohesity continues to expand their capabilities and services across their portfolio while maintaining a consistent user experience. While promising, time will tell if their Data Security Alliance manifests into some real solutions for customers rather than simply a marketing exercise.
Commvault
Commvault pretty much maintained their overall position on both the Vision and Execution axes holding onto the 2nd overall spot for Execution, but they did see Cohesity and Veritas pass them putting them 4th overall in Vision. They made multiple enhancements for multi-cloud support in their core offering, and their Metallic SaaS saw rapid expansion of workload support. Commvault/Metallic continue to deliver the industry’s broadest workload support in a single platform – especially across multi-cloud data sources resident in Azure, AWS, GCP, and OCI.
User Experience is still an area of challenge for Commvault as they continue to strive for feature parity across their platform. Many features introduced in Metallic have yet to be ported to their core Complete solution, and there remains some operational capabilities still only available in their older GUI (though that is being remedied).
Verdict: When it comes to coverage, Commvault has no equal in terms of support for applications, PaaS, hypervisors, cloud, etc. If you run it, they can back it up. Coupled with recently announced security enhancements they are a strong choice for heterogeneous enterprise environments. When properly designed and implemented Commvault’s solution can address a wide range of needs.
Dell Technologies
Dell also did not move much year-over-year on the MQ sitting 6th on both Vision and Execution in the Leaders quadrant. However, they have not been idle as Dell continues to enhance their multiple solutions especially in the areas of cloud protection. Their Cyber Recovery solutions now support Azure, AWS, and Google, and both PowerProtect DataManager and PowerProtect Backup Service (OEM of Druva) continue to add support for more cloud-native workloads. In terms of enterprise scale, few can match Dell’s PowerProtect DD (DataDomain) in terms of providing a solid backend for datacenter backups.
Dell’s challenges are still with the overall complexity and interdependency of their portfolio. Since the PowerProtect suite has yet to provide coverage to many traditional workloads, we still see legacy offerings such as Networker and Avamar lingering as the newer solutions just can’t protect those data sets. In addition, customers tend to require multiple Dell solutions to address their needs, but Dell does not offer any holistic way to manage these solutions by way of a unified control/administrative plane. Dell needs to reconcile their backup products but doesn’t appear to be investing in that direction.
Verdict: If you’re a Dell shop, the Dell data protection portfolio will suit you well. The technology is proven and built for the enterprise. However, if you run a heterogeneous or hybrid shop with multiple vendors and providers, the Dell solution could become complex and costly to operate.
Rubrik
This year, Rubrik held onto their lead (1st) in terms of Vision and moved into 3rd for Execution on the MQ. Adding several enhancements to their cloud-based data security capabilities including a new Security Command Center, Rubrik has continued to focus on growing their ransomware detection/protection features and automation around cyber recovery from these threats. Their UX makes deployment and utilization of Rubrik and all their advanced features very streamlined.
This security focus has come at a cost to overall development of their backup offerings with slower than average expansion of their SaaS backup capabilities and overall workload coverage as well as a still extremely limited BaaS solution when compared to others in the MQ. Despite marketing as a “security” vendor, they are still first and foremost a backup solution – none of those security services function without the backup. Rubrik will need to ensure their backup features stay relevant.
Verdict: Rubrik is an extremely simple solution to deploy and use, plus it brings with it some very powerful security tools to bolster your overall data security posture and drive rapid recovery. Their limited coverage for data sources though does mean you may need multiple vendor solutions to protect your entire data landscape. Excellent choice for simple environments, but not well suited as the complexity and diversity of your environment scales.
Veeam
Veeam continues to lead the overall MQ in terms of Execution, sitting #1 on that axis for at least the past 3 years, but they continue to lag in terms of Vision, remaining 5th overall in that category. Veeam has had several product releases since the last MQ including v12 of their flagship Backup & Replication product, and the introduction of a new Salesforce solution. While the Veeam Data Platform still comprises 8+ offerings that can be consumed separately, Veeam has been making strides to tighten the integration between those products to reduce complexity and streamline operations for customers. Their excellently managed user community remains an envy for every other vendor in the market.
That said, overall complexity is still a challenge. Veeam’s continued lack of a true SaaS offering does make cloud deployments more difficult to manage as customers must build and scale the in-cloud infrastructure or rely on one of the many MSPs providing Veeam-as-a-Service to reduce friction. Veeam has been slower than most of the industry in terms of introducing key security and ransomware protection features into their products, although upcoming enhancements in v12A do start to rectify that shortcoming.
Verdict: Veeam has a huge customer base and the adoption of their latest M365 and Salesforce products have seen incredible growth. It would not be a stretch to state that you’re likely to see Veeam deployed in almost every enterprise environment. However, their complexity at scale does mean that often they are sharing the floor with other vendors. They have a backup solution for almost every major data source, application, and cloud out there – just be mindful of how you plan to tie all their tools together cohesively.
Veritas
Veritas was a big winner in the Gartner MQ this year as they jumped into 2nd overall for Vision with the execution of a complete overhaul of their portfolio. Refactoring their flagship NetBackup solution and layering on a brand-new SaaS control plane (Alta View) to start to unify their various other products has brought new life into this veteran vendor. Expansions to their cloud and SaaS backup coverage helped them to not just maintain relevancy for customers leveraging those platforms, but in fact jump ahead of Rubrik and Cohesity in that respect. Veritas has also been able to integrate (to some degree) their NetBackup and Alta SaaS Protection offerings to provide a more holistic approach to managing hybrid data protection. Ongoing enhancements to their built-in ransomware and security capabilities are helping keep pace on that front.
The challenge with Veritas is that many customers are unable to take advantage of these very positive technology moves due to very slow adoption of the latest releases. Alta View is barely a v1 solution and most customers would need a heavy lift to upgrade from their existing Veritas versions to the latest release where these enhancements become available. In addition, many of the security features added by Veritas are limited to NetBackup, leaving users of their other solutions with little options in terms of data immutability and anomaly detection.
Verdict: Veritas is a longtime leader in the data protection market, and their investments and development efforts to modernize their platform are starting to pay off. They have broad and impressive coverage for workloads in the datacenter and across multi-cloud environments. On paper, all these improvements to their platform look fantastic, but they remain largely unused and unproven by their own customer base – that can change, and if the new architecture and features demonstrate themselves as reliable updates, we could see Veritas continue to disrupt the backup space (in a good way).
Other Notable MQ Contenders
Now, we won’t be going into detail on every vendor covered in the MQ, but I did want to address some notable movers and shakers in the market. These vendors are targeting that Leaders’ quadrant and we could very well see them moving there in the future.
Acronis
Acronis saw a significant shift in their position from 2022 to 2023 as they moved left out of the Visionaries into the Niche Players quadrant. This may be viewed by some as a “negative” shift for Acronis, but I see it more as Acronis targeting their specialty: MSPs and the midmarket. The Gartner MQ is focused on enterprise, and Acronis is less focused on that market compared to the others in the report.
Their acquisition of several cyber security companies in the last 24 months has given them a very strong portfolio for security and prevention and the products themselves (Cyber Protect and Cyber Protect Cloud) provide decent workload coverage for endpoints, VMs, SaaS, and some other workloads. However, Gartner points out concerns with scalability and support for several features that are important for enterprise customers.
Verdict: A well-integrated solution with very strong security capabilities in the portfolio well suited for their focus on MSPs and midmarket companies. With over 20,000 MSPs on board, 52 Acronis data centers globally, and streamlined recovery tools, they fit the niche space in the quadrant very well. Enterprise companies should validate that the feature set meets their needs.
Druva
Druva’s position changed very little in the MQ this year – holding their place as highest to Execute in the Visionaries quadrant but falling slightly behind in terms of Vision. Their AWS-based BaaS solution was one of the first cloud-native offerings for backup and recently crossed the $200M ARR milestone. Their OEM partnership with Dell has certainly had a positive impact on the bottom line and continues to push Druva into more enterprise accounts
. Additional support for ransomware detection, immutability, a new Salesforce backup offering, and even some Azure support for VMware all contribute to their ongoing feature expansion. In addition, they have been working behind the scenes to strengthen the integration of their 3 core products under a common control plane – which will greatly improve overall UX.
The challenge is that Druva is still very much limited to the AWS ecosystem and on-premises environments. With most enterprise customers operating with a multi-cloud infrastructure, Druva must continue to push outside of their AWS home base if they want to successfully transition into being a Leader in the MQ.
Verdict: Druva is a proven cloud-based solution with very good data security capabilities and good support for AWS-native and hybrid environments. Customers with multi-cloud needs will currently have to look to other solutions to provide complete coverage, but my bet is Druva will be expanding into the other hyperscalers in the coming quarters.
HYCU
HYCU was the only new vendor added to the MQ in 2022 and have stayed relatively in the same place in the Visionaries quadrant in 2023 – moving slightly ahead of Druva in Vision this year. HYCU’s BaaS platform provides multi-cloud support, and their newly launched R-cloud provides a low-code development platform for MSPs and customers to build their own backup for SaaS applications. If you’re running primarily in a cloud/multi-cloud environment, the Protégé suite is well suited for your needs.
HYCU’s backup offering is still maturing, and while it plays strongly in the cloud it does lack support for many on-premises workloads. In addition, other key features for ransomware protection/detection and security are yet to be included in the platform.
Verdict: HYCU’s multi-cloud BaaS platform is moving in the right direction and building out their capabilities with each iteration. That said, it is important to keep in mind that there are still missing features that enterprise customers typically look to for cyber resilience and security. Definitely a vendor to watch.
IBM
IBM made the biggest move in the MQ this year jumping into the Visionaries quadrant with their latest Storage Protect and Storage Protect Plus backup solutions becoming tightly integrated with their storage and OEM products. Add to that a new common control plane, and much of the complexity typically associated with the IBM portfolio in years past is quickly fading away. A new partnership with Cohesity, expanded Kubernetes support, and new support for many key cloud-native and SaaS workloads has begun to truly transform this legacy player into a Visionary.
Change can be difficult. With so much of their portfolio in flux, there risks a lot of churn within the existing customer base as IBM reconciles this new approach and puts additional products in the mix. In addition, while these changes look good on paper, they have yet to prove they can be successful driving the revamped portfolio into today’s data protection market – selling backup has not been a big focus for years.
Verdict: IBM’s technology is proven and slowly catching up to today’s enterprise needs for data protection. Can they execute on this significant shift in strategy? Time will tell, but it will be interesting to see if they can build off this momentum. There are a lot of IBM sellers out there, and this could create some very streamlined solutions for customers looking to invest in “Big Blue”.
Microsoft
Now we get to the only “real” new entry on the MQ and probably the biggest surprise to everyone – and the biggest disruption: Microsoft. While the top 3 cloud providers have had their own options for backup for some time, this is the first time we’ve seen any of them land on the MQ. Microsoft’s diverse backup portfolio covers both on-premises and Azure workloads but are (obviously) focused on the Microsoft ecosystem of data sources for protection.
The Microsoft tools are also limited even within their own family as many Azure-native and PaaS/SaaS data workloads are not yet supported by their backup portfolio. The portfolio itself is still made up of multiple products which add to the overall complexity of operations. The Microsoft suite does lack several enterprise backup features such as ransomware detection/protection, global deduplication, and broader application coverage.
Verdict: If you’re a large Microsoft shop and/or have an enterprise contract that you can draw from for Microsoft products and services, then it behooves you to at least investigate if their native backup offerings are sufficient for your data protection needs. While many of these solutions have been around for a while, they are only now maturing into tools that may appeal to enterprise customers. If anything, this is a signal to the broader data protection industry that the big cloud providers are jumping into the sandbox.
Summary
In conclusion, the Gartner Magic Quadrant is one of the industry’s most well-known research reports and an excellent reference for tracking and evaluating enterprise data protection vendors and the overall market trends driving their innovation. It is important to remember that this MQ is focused on the enterprise space, and while not all the vendors are necessarily “Leaders” in the report itself, they can all leaders in the industry. The breakdown and interpretation I’ve provided is based on my knowledge of the vendors themselves, the market, Gartner’s methodology, and my own experiences with these various solutions. I strongly recommend you read the full report yourself as there may be nuances in the vendor writeups that align more closely with your specific business needs.
Lastly, at the time of this blog’s publishing, the complementary Gartner Critical Capabilities Enterprise Backup and Recovery Software Solutions report has not yet been published by Gartner. It is another very good resource that delves more into the technology of the vendor solutions, their capabilities, and overall positioning for various key use cases such as datacenter, cloud, hybrid, and edge. I cannot stress enough the value in combining the information from both as you create your own rankings for the vendors best suited for your data protection requirements.
Written by Matt Tyrer. These posts reflect my own opinion and are not necessarily the opinion of my employer.