top of page
  • Writer's pictureMatt Tyrer

Data Protection: Competitive News Makers (October 2023)

There's a lot going on in the data protection and cyber security markets - it can be hard to keep up with all the news. That's where The Competitive Corner's Newsletter comes in, to help curate and distill the most pertinent movers and shakers each month to make your job easier.

October 2023 saw a lot of news from a lot of companies including a number of fiscal results related announcements and a sizable portfolio update from #Veeam. Other newsmakers this month include #Commvault, #Cohesity, #Druva, #Rubrik, #AvePoint, #HYCU, #Backblaze, #OwnBackup, and #Varonis. Below you'll find a breakdown of why these news items matter to you, links to the original articles, and related blogs for further research and insights.


October 2023 Competitive Headlines:

(click any headline to jump directly to the analysis)


Veeam Announces Backup-as-a-Service for Microsoft 365 and Microsoft Azure

Why it Matters?

Veeam has long been questioned by many in the industry, including analyst groups like Gartner and Forrester, as to why they have not created a SaaS offering for their solutions - especially given the demand in the market for SaaS consumption. Well, Veeam has finally amended that oversight and announced the launch of 2 new Backup-as-a-Service offerings as part of their latest acquisition, Cirrus by Veeam, available today:

  • Cirrus for Microsoft 365

    • Unlimited storage and retention

    • Immutability

    • Appears to be licensed by account

  • Cirrus for Microsoft Azure

    • Protects Azure VMs, Azure SQL instances, and Azure Files data

    • Charged both for workload protected AND $/GB of backup storage (post compression…unclear if it supports dedupe)

    • Limited to 100GB of restore data per month! These also appear to have costs associated to them.

Both offerings are available from the Azure Marketplace. Neither appear to include any ransomware protection/detection outside of basic immutability. Given subsequent product announcements though from Veeam, it may be that those missing cyber security features might get added into the Cirrus offerings in the near future as they are built on Veeam and Veeam is adding that functionality into their core platform in upcoming release 23H2.

The big challenge here is reconciling this SaaS offering vs. the existing Veeam MSP channel options available via their Veeam Cloud Service Provider (VCSP) partners. In the absence of having a 1st party SaaS solution, Veeam heavily relied on their MSP partner community (VCSP) to provide "Veeam-as-a-Service". Now that Veeam does have its own SaaS backup offering they need to sort out the following:

  1. "How will Veeam's VCSP community react?" and

  2. "How will Veeam reconcile this new potential channel conflict?".

I expect a lengthy transition period while the rules of engagement get sorted out. Veeam's indirect RTM are critical to their success, it'd be foolish of them to jeopardize it and I don't believe the Cirrus move does...but it does change it.


Cohesity and Red Hat Enter Strategic Collaboration to Embed Red Hat Enterprise Linux into the Cohesity Data Cloud

[Link to Original Article ]

Why it Matters?

This news was a little interesting, but it appears that Cohesity is aiming to migrate their core platform from CentOS to RedHat vis-a-vis this new "strategic" partnership announcement. This means moving their underlying filesystem and storage structure, file services, security, authentication, reporting, the entire stack from one OS to another. I don't envision this being a change Cohesity entered into lightly, but it was a necessary one as CentOS was discontinued back in 2021. So, this is likely something that Cohesity has been gearing up for and have finally announced. Although, this may introduce some new challenges under the covers:

  • New license costs for RHEV that now have to be factored into their overall operating costs / COGS

  • There will be some loss of control of the OS as they shuffle from an Open Source code to a licensed software solution = less flexibility for them

I'm sure there are others, but it will be interesting to see how seamless the transition ends up being.


Druva's Secret Sauce: Meet the Technology Behind Dru's GenAI Magic

Why it Matters?

Druva recently launched "Dru" their AI copilot for general availability. Druva is the first backup vendor to provide a fully built in AI assistant capable of doing more than just provide enhanced customer support interactions (e.g. Cohesity's AI Support Bot only helps troubleshoot). Yes, Dru certainly can aid in troubleshooting customer issues, but it is also capable of managing everyday administrative and operational tasks, deliver streamlined reporting, and assist in configuration of the environment.

This blog walks through how Druva's "Dru" was built and the platforms behind the engine - it is an interesting view on how the tool was developed using AWS' technology stack. Most interesting, in my opinion, was Druva's decision to leverage multiple LLMs inside Dru, tailoring each for specific tasks and use cases. This flexibility under the hood could give them a leg up as other vendors inevitably introduce their own versions of an AI-copilot over the coming quarters.


Commvault Appoints Industry Veteran Richard Gadd as Senior Vice President of EMEA and India

Why it Matters?

It appears as though Commvault has stolen Cohesity's former VP for EMEA and appointed Richard Gadd as their new SVP for EMEA and India. Richard replaces Marco Fanizzi who held the position for just over 4 years, but now lists himself as "former SVP and GM" on LinkedIn.

Of note in this appointment is that Richard does not appear to be taking on the full "International" territory Marco managed in the past - it seems as though Commvault may be once again splitting the EMEA and APJ/ANZ regions in terms of sales leadership. Over the years Commvault has rotated between having EMEA and APJ merged and separately run depending on the overall GTM strategy at the time, so this would not be a big surprise if they are looking to build more localized leadership for the 2 geographies.


AvePoint Confidence Platform October 2023 Updates

Why it Matters?

For those of you keeping track, AvePoint has a diverse portfolio and it can be a challenge keeping pace with the various product releases. Thankfully, AvePoint regularly compiles all of their recent updates into one handy article for reference. Read away and learn :)


Varonis Launches Data Center in Canada for Cloud-Native Security

Why it Matters?

Varonis has announced the availability of its first data center location in Canada. With Varonis heavily shifting their product portfolio to be SaaS-based, their need for more geographic locations is growing, and they have answered thus far with not only this new location in Toronto but recent new data centers opening in Australia and the UK. Given their focus on governance, it makes sense that they should be providing their offerings in such a manner so as to support customer data sovereignty and compliance needs.

I would expect they would continue to expand their availability over the next several quarters.


OwnBackup becomes Own Company, launches Discover SaaS data analyzer

Why it Matters?

With the intention of expanding their brand beyond just backups, OwnBackup has rebranded themselves to now be known as the "Own Company". As part of this shift in GTM, they also launched a new Discover product that can provide data analytics within data protected by Own. Own currently is best known for being the de facto SalesForce backup leader in the market, but also provide backup and recovery for Microsoft Dynamics 365, Veeva, nCino, ServiceNow, and Microsoft Power platform.

While Discover provides new data insights functionality for Own customers, it certainly isn't the first backup company to incorporate analytics into their product - Commvault, Rubrik, Veritas, and many others have been providing these sorts of analytics for some time. This is, however, a sign that Own aims to continue to drive deeper and richer features into the SaaS applications they are protecting rather than trying to cast a wider net.


Backblaze and HYCU Team Up to Protect Critical Workloads for On-Prem and Hybrid Cloud Environments

Why it Matters?

Backblaze has been expanding the number of backup vendors that can leverage their on-prem and cloud storage options as an immutable backup target - HYCU is the latest to join this group via the newly announced partnership. While HYCU does natively provide immutability as part of their cloud backup solution, this extends their capabilities to on-prem and hybrid customers where they have not had as strong an offering.


Is Rubrik's Ransomware Warranty Worth the Paper It's Written On?

Why it Matters?

I wrote a similar opinion piece internally for Commvault breaking down the various "gotchas" and other concerns with these sorts of Warranties when it was announced a few years ago, as have many others including Rubik's rival Cohesity. So, while this OpEd article is focused specifically on Rubrik you could and should apply these same questions and cautions to any of the data protection vendors offering similar sorts of guarantees or warranties.

Well worth the read! I've always had the opinion that these so-called warranties are certainly more "gimmick" than "substance" and you should have your legal and security teams heavily scrutinize the policy terms before signing up...but perhaps if there weren't so many loopholes for vendors to get out of paying they would be worth a little more. If vendors partnered with cyber-insurers a little better then these agreements may start to matter more, but for now it's just PR.


Veeam major release 23H2: New features and capabilities in Veeam Data Platform

Why it Matters?

In case you missed it, Veeam announced a massive portfolio update on October 24th which will be available in November when the "23H2 Update" becomes generally available. If the release name seems strange to you, it is because alongside this product overhaul Veeam refreshed their branding and GTM release nomenclature - moving away from the version X.Y approach to what appears to be a bi-annual release cadence (H1 and H2) for their core Backup & Replication solution.

The upcoming release is significant in that it finally puts Veeam in the ballpark for security as many critical cyber-resilience features missing from their platform are going to at last arrive for customers. This catches Veeam up with the rest of the pack and even puts them ahead of players like Dell, Cohesity, and Rubrik who rely on separate security tools vs. a built in approach.

Key features/enhancements coming in the 23H2 update include (but aren't limited to):

  • A new Malware Detection Engine providing in-line threat detection during backup

  • New integrations with ServiceNow and other SIEM tools to provide alerting for any detected backup inconsistencies

  • New APIs (Veeam Incident API) whereby customers' other security tools can communicate directly with Veeam to earmark the blast radius and determine likely recovery points inside of Veeam

  • New post-backup YARA rules analysis to identify specific malware strains and reduce the risk of reinfection

  • Enhanced clean recovery automation to streamline restore efforts and more easily identify the "last known good copy" of data

  • New Veeam Threat Center dashboard consolidating your security views and providing alerting and recommendations for hardening/securing the Veeam environment.

  • Introduces a new AI-powered support bot for streamlined interaction with their extensive knowledge base.

  • Lots more...

A full list of new features and enhancements is not yet published, but the linked article does provide a good overview of the featured capabilities. In addition, releases for Veeam's Backup for Azure v6, Salesforce v2.0, Google Cloud v5, AWS v7, as well as updates to their VeeamONE and Veeam Recovery Orchestrator solutions. This is a big release from Veeam and we look forward to exploring the latest features in full once available.


Cohesity Names Industry Leaders - Indra Nooyi, Jim Snabe, Ken Denman and Tami Erwin - to Newly Formed CEO Advisory Council

Why it Matters?

Back in late 2022 Cohesity announced the formation of their a new "Security Advisory Council" as well as the formation of a fancy "Data Security Alliance" with several of their friends in the industry. While these both sound pretty impressive, to date neither group has produced any significant content of value since their creation over a year ago. Right now, these entities really only appear to serve as PR and marketing instruments rather than a useful thinktank for the industry...

So, call me cynical when it comes to Cohesity once again making a new friends group with the announcement of this new "CEO Advisory Council". Some are positioning the formation of this new Council as another key step on Cohesity's path to IPO by having these other CEOs contributing their advice and expertise to drive that effort forward, which it certainly could be what with the successes of this group of CEOs, but given the history of the other councils I'm not yet convinced.

All that said, if Cohesity starts to show something of value produced from any of these councils I'll gladly revisit my opinion on the matter. Cohesity has a wealth of expertise distributed across these 3 groups of industry leaders - I feel it is a waste of talent to not be hammering out thought leadership and guidance from them.


Commvault Appoints Global Cybersecurity Expert Melissa Hathaway to Chair the Commvault Cyber Resilience Council

Why it Matters?

Following suit with other vendors like Rubrik and Cohesity, Commvault has announced a newly formed Cyber Resiliency Council and the appointment of Melissa Hathaway as the chairperson and strategic advisor. Melissa served as a Cyberspace Policy advisor under 2 US presidents (Bush & Obama) as well as serving in numerous security leadership roles over her career. More about the role of the council and Commvault's overall security strategy (including some new product announcements) will all be showcased at their upcoming "SHIFT 2023" event to be held virtually on November 9th.

Stay tuned for more news from Commvault on the security front as several product announcements are expected during the event.


Cohesity Launches Cohesity SmartFiles Integration on the Snowflake Data Cloud

Why it Matters?

Cohesity has added support, via S3 integrations, for Snowflake to run data analysis against NAS data stored on Cohesity SmartFiles. SmartFiles is Cohesity's file services engine and can run on-prem or in the cloud. This integration enables customer to avoid having to physically move their data into the Snowflake data cloud in order to take advantage of their analytics - which could be both time consuming and costly to execute. This also avoids potential data sovereignty and governance conflicts that could be associated with such data moves since the data can stay in place on the Cohesity appliances rather than require movement to Snowflake.

This is a "smart" move for Cohesity as it both builds the foundations of a relationship with Snowflake and keeps the data on their box.


Varonis Announces Third Quarter 2023 Financial Results

Why it Matters?

Varonis has announced its financial results for Q3 2023, and their recent pivot to focus on delivering the solution through SaaS certainly appears to be paying off based on the numbers

The company reported a 16% YoY growth in annual recurring revenues, with a 59% SaaS mix of new business and upsell ARR in the third quarter. Varonis generated $49.0 million in cash from operations and $46.0 million in free cash flow YoY. The company also repurchased 1.2 million shares at an average price of $30.10 for a total of $35.9 million. Varonis is seeing solid demand from both new and existing customers who wish to consume Varonis through its SaaS platform, which is reflected by its third-quarter SaaS mix of 59%. The company expects SaaS to represent 55% of new business and upsell ARR for the full year ended 2023 and expects the mix to be 60% in the fourth quarter.


Written by Matt Tyrer. These posts reflect my own opinion and are not necessarily the opinion of my employer.

104 views0 comments


bottom of page