Commentary: Data Protection – Evolve or Die

Commentary: Data Protection – Evolve or Die

Chris EvansData Practice: Data Protection, Data Protection, Enterprise

Cohesity Inc. recently announced its intention to buy the enterprise data protection assets of Veritas Technologies LLC.  It may seem strange that a “start-up” company wants to acquire a legacy vendor.  However, data protection is an evolving market, and those who don’t adapt are doomed to wither and die. We put this acquisition into the context of wider data protection evolution.

Background

Cohesity, a start-up vendor of data protection and secondary data solutions, intends to acquire the enterprise data protection assets of Veritas Technologies, LLC, a privately held data protection company with a long history in the industry.  The acquisition creates a new business potentially valued at $7 billion and with revenues of $1.6 billion.

Diversity

The interesting aspect of this deal is the difference between the two companies.  Cohesity was founded in 2013 by Mohit Aron (formerly of Nutanix), with core technology that delivered a data protection appliance with relative simplicity of installation and management compared to traditional data protection solutions. 

The Cohesity “secret sauce” is a scale-out file system capable of storing an infinite number of snapshots.  Cohesity DataProtect customers gain a solution that makes the entire data protection process easier compared to the traditional method of backup scheduling.

Looking at Veritas, we see a platform with a long legacy of enterprise data protection.  NetBackup, the core enterprise product, was inherited from the acquisition of OpenVision Technologies, Inc. in 1997.  Although Veritas did offer an appliance version of NetBackup, the core software is a distributed implementation of multiple servers running admin and data movement tasks.

Back in 1997, there was no server virtualisation, so NetBackup primarily protected data on physical servers.  Each one ran agent software responsible for feeding data to a media server based on the instructions of a NetBackup master server.  This design implemented scalability on relatively slow networks by today’s standards.  The trade-off was the need to manually schedule and rebalance the timing of backups to optimise network and media bandwidth.

Scope

Most modern backup solutions have come to market with somewhat limited scope in terms of the platforms they protect.  Cohesity, Veeam and Rurik, for example, all initially started out by delivering backup for virtual server environments.  Over time, this scope has expanded to cover many more data sources. 

However, in the last two decades, we have seen the dominance of server virtualisation being eroded by the public cloud, while SaaS applications have provided another data source in need of protection.  We’ve previously highlighted four primary sources of data for the enterprise.

  • On-premises – servers and systems running in private data centres or co-location facilities where the equipment is owned by the business.
  • Public Cloud – virtual instances, managed databases, managed applications, and unstructured data stores running on public cloud platforms.
  • SaaS – data stored in applications running software-as-a-service, including typical solutions such as Microsoft 365 and Salesforce.  SaaS applications continue to increase in number and are being integrated into business processes (e.g. Slack).
  • Edge – although probably not the largest source of data (yet), edge solutions encompass data collection agents (cameras, sensors) and technology not run in core data centres.

Within each of the listed sources, there are many platforms that include multiple operating systems, storage systems and managed applications.   Many solutions can be run across multiple sources; for example, Kubernetes and containerised applications could exist everywhere.

Completeness vs Stickiness

There are few (if any) data protection vendors that can claim to protect every data source in use by the enterprise.  This problem was an Achilles’ heel for the new entrants into the market, which was a positive differentiator for legacy backup software.  However, the gaps between the two solutions have closed, as start-ups have added capabilities to protect the growth areas of technology in the enterprise.

Despite the widening of platform support, data protection remains a “sticky” business, mainly because backup images need to be retained for many years, and there are no tools to move backups between one platform and another.

Data protection is essentially an ETL process where primary data is extracted, transformed, and stored on secondary media.  The data format and metadata used to index backups are non-standard and proprietary information.  We’re only aware of one company that offered backup data translation services, and that was UK-based Butterfly Software Ltd, acquired by IBM in 2012.

With implicit data longevity and lock-in, backup platforms remain sticky to businesses, even if the growth areas of data are moved to new solutions.  Businesses typically rely on museum environments and old software, which can be fraught with risk.  Alternatively, media can be retained and processed on-demand by specialist solution providers. 

Old and New

How does all this translate back to the acquisition of Veritas by Cohesity?  First, the new combined entity will have backup revenues that equal or exceed the current market leaders.  This is a subjective view, as Dell Technologies and Veeam do not publish specific accounts (Veeam is private, and data protection is a division of Dell’s enterprise business and not itemised separately). 

More importantly, Cohesity gains the capability to protect applications that otherwise might not be included in the modern portfolio due to much lower customer demand.  It also gains access to thousands of customers that can be transformed onto the new solutions.

From the customer’s perspective, businesses with legacy backup solutions and those either planning or already Cohesity customers will have a single “throat to choke” for ongoing maintenance and support.  The smart move by Cohesity will be to “cloudify” on-premises legacy backups and provide customers a way to decommission on-premises hardware without losing the ability to restore legacy data. 

The Architect’s View®

How is the broader data protection market affected?  When the deal completes, Cohesity will have a foot in both camps and access to many complex customer environments that offer significant revenue opportunities. 

In the wider market, data protection is still highly fragmented.  Veeam, for example, has no real backup-as-a-service (BaaS) offering and implements independent products by data source.  Alcion is a new start-up solely focused on Microsoft 365.  There are discrete solutions in the market for protecting Kubernetes data.  We see perhaps only a completeness of vision from vendors such as HYCU and Commvault. 

As the threat of ransomware and cyberattacks has increased exponentially, data protection has become a source of early warning and the recovery point of last resort.  Data protection is no longer just about backup and restore, but now includes threat identification, data quarantining and isolation through cyber-vaulting.

Data protection vendors need to constantly evolve to a rapidly changing production landscape.  Backup solutions need to protect legacy and modern data sources and applications.  It is a constant state of flux that requires a unique requirement to support both old and new.

Cohesity has made the first move.  How will the rest of the market respond?  Commvault recently “pivoted” to embrace a SaaS deployment model by default while already having significant legacy support.  HYCU, Inc. has a diversity of data protection capabilities across SaaS, on-premises, and the public cloud.  Druva is already 100% SaaS, with a wide range of supported platforms and governance capabilities. 

Dell Technologies has expanded on-premises capabilities with partner relationships addressing new requirements (such as Druva for SaaS).  Veeam appears behind the curve for SaaS but has invested in start-up solutions and acquired Kasten for container backup in October 2020.

We will cover data protection in an updated report later this year.  However, the takeaway from this commentary is simple; data protection must continually evolve to address new data sources and the inherent threat of data loss.  Vendors offering the most comprehensive levels of platform support and features will be the ultimate winners, and this is the benchmark by which this part of the industry will be measured. 

Related Content


Copyright (c) 2007-2024 – Post #ec2c– Brookend Ltd, first published on https://www.architecting.it/blog, do not reproduce without permission