Veeam Software has announced the acquisition of Alcion, a data protection startup in which it had previously invested as part of a $21 million funding round (the acquisition price has not been disclosed). With yet another SaaS platform in its portfolio of disparate solutions, Veeam needs to decide how it adapts to future data protection requirements in this fast-moving market.
Background
Veeam Software has announced the acquisition of Alcion, a data protection startup founded by Niraj Tolia and Vaibhav Kamra in March 2022. Alcion provides data protection for Microsoft 365, delivered as a SaaS solution. Customers pay per seat per month for one of three subscription levels – Essentials, Security or Enterprise. Each offers an increasing level of features, including (for example) malware detection and customer-managed encryption.
The founders of Alcion previously founded and sold Kasten to Veeam in October 2020, three and a half years after the company was founded in January 2017. You can listen to a podcast we recorded with co-founder Niraj Tolia in November 2019 (here). As part of the Alcion acquisition, Tolia will become the new Veeam CTO, following the departure of Danny Allen in January 2024.
SaaS
Alcion provides Veeam with yet another SaaS offering for data protection. In October 2023, Veeam acquired the Cirrus platform from CT4, rebranding and launching the solution as Veeam Data Cloud in March 2024. Veeam Data Cloud is essentially a SaaS implementation of Veeam Backup for Microsoft Azure and Microsoft 365. We’ve tested (and are still running) the solution (brief review here), which offers some relatively basic backup capabilities for Microsoft SaaS and IaaS platforms.
Cirrus was essentially a rebranding of existing Veeam software, and as such, probably relatively cumbersome and labour intensive to manage at scale. Alcion, by comparison is built specifically as a SaaS offering for Microsoft applications, which should mean better scalability and definitely includes advanced security features not in the Cirrus solution.
Portfolio
Veeam is now in an interesting position. The company has its original data protection solutions under the Veeam Data Platform, which consists of Veeam Backup & Replication, Veeam ONE and Veeam Recovery Orchestrator. This suite of products is only available to run on Windows operating systems. In addition to the core solution, Veeam offers several standalone utilities for protecting Microsoft 365, Nutanix AHV, Microsoft Azure, Google Cloud, Salesforce and AWS. Each of these solutions is “self-managed”, meaning installed on either the customer’s infrastructure or as a virtual instance in a public cloud.
Kasten adds data protection for Kubernetes, while Veeam Data Cloud (Cirrus) and now Alcion provide SaaS-based protection. Kasten runs inside a Kubernetes cluster and is also “self-managed”.

To our knowledge, the original products, Kasten, Cirrus and Alcion all run as unique standalone solutions with no common data protection rules or backup formats. This means in any typical enterprise, data protection will require the installation and administration of multiple software solutions, none of which integrate, interoperate or provide standard reporting and management capabilities.
The Veeam Data Cloud also has significant gaps, with only a small subset of SaaS applications protected by either the Cirrus or Alcion solutions. With upwards of 35,000 SaaS products in the market, protecting an increasingly vital component of the enterprise will require a considerable amount of work for Veeam to onboard new platforms.
The Architect’s View®
In our opinion, incoming CTO Niraj Tolia will have his work cut out. Excluding SaaS, Veeam has widespread support for on-premises and cloud-based workloads, but none of this is achieved in a consistent manner. Why does this matter?
- Standardisation. Ideally, data protection rules should be established in a single place and federated out to each platform providing data protection. When this doesn’t happen, mistakes are easily made, standards aren’t applied evenly, and critical backups could be missed.
- Reporting. Reporting and monitoring for data protection should be centralised, making it easier to see the success or failure of individual jobs, as well as report on applications that are composed of many data and application sources. Without centralised reporting, demonstrating compliance and meeting governance rules becomes an unnecessarily labour-intensive task.
- Simplicity. With overly complex data protection environments, mistakes can be made, while any recovery tasks can be excessively time-consuming (risking breaching RTO and RPO). For example, recovering Kubernetes on virtual instances could require two sets of restores – the VMs and the Kubernetes data – to bring back a single application.
Every new product in the infrastructure (excluding those delivered as SaaS) introduces more support work to install, maintain and upgrade software. However, customers want cloud-like experiences, with much simpler (or no) deployment models, centralised licensing & billing and centralised reporting. This trend counters where Veeam is today.
Looking at Veeam’s competitors, we see Druva delivering a single SaaS platform with a wide breadth of supported ecosystems. Commvault developed Metallic as a SaaS offering and has evolved this into the Commvault Cloud as a single portal for data protection. HYCU created an on-premises backup solution that has evolved into protecting cloud and SaaS resources, all with a single, standardised interface.
What should Veeam do? The answer seems pretty clear – transform the company by developing a single, unified platform for all data protection requirements, wherever the data resides.
However, there is a potential snag in this transformation process. Today, Veeam depends on a vast network of up to 70,000 partner resellers, all of whom could be affected by a move towards a SaaS platform. So, Veeam needs to implement a transition to a single solution, probably SaaS-based, while still incentivising channel partners to be its resellers. Any simplification of the existing solutions could cause problems, especially if it reduces partner income from consultancy and support.
Alternatively, Veeam could develop a platform that can be “white labelled” by partners. Veaam would provide the infrastructure and data protection capabilities, while partners would get a cut of the Opex revenue. So, Veeam has options.
Remember that CEO Anand Eswaran wants to reach $10 billion in annual revenue (a quote from 2021), which would mean acquiring a total of around 4 million customers based on current average customer spending. Can that goal be achieved without building a more comprehensive and cohesive platform? We think not.
We believe Veeam is at an inflection point. The company can continue to acquire new startups and operate many separate backup solutions. Alternatively, the company could consolidate into a central portal, move to a SaaS model and begin the process of adding new features and functionality to its solutions, much like competitors are already offering.
What will Niraj Tolia and friends do next? We’ll be waiting with interest to find out.
Related Content
- Research Note: Veeam launches Veeam Data Cloud with CT4 Acquired Assets
- Veeam acquires Cirrus backup from CT4 and introduces Backup as a Service
- Will Alcion Solve Veeam’s Baas Problem?
- The Veeam Dream
Copyright (c) 2007-2024 – Post #aaa2 – Brookend Limited, first published on https://www.architecting.it/blog, do not reproduce without permission.

