HYCU, Keepit lead IDC SaaS data protection report

IDC has positioned HYCU and Keepit as leaders in a SaaS data protection vendor assessment for 2025-2026.

Rubrik, Cohesity, Commvault, and Rewind were positioned as Major Players, second only to the Leaders category. IDC’s Johnny Yu, Infrastructure Software Platform research manager, said: “With so many SaaS applications, it is often difficult for organizations to find a data protection solution that offers both the breadth of SaaS application coverage to support everything they use and the depth of capabilities to make it more valuable than what native tools can do. This IDC MarketScape is designed to help IT buyers find that balance of breadth and depth and narrow down their choices of SaaS data protection solutions to ones that best match their needs.”

HYCU’s Don Jennings, Senior Director for Global Comms, blogs: “We believe this recognition reflects the momentum behind our mission: to make data protection simple, scalable, and purpose-built for SaaS, without trade-offs.”

Frederik Schouboe, Keepit co-founder and Chief Visionary Officer, said: “We believe being named a Leader by the IDC MarketScape affirms the strength of our architecture and the impact it has on our customers. Our independent cloud, our immutable storage, and our focus on fast, intuitive recovery all reflect our belief that data protection should be simple, secure, and ready for the future.”

The IDC report authors, Johnny Yu and Phil Goodwin, state: “IDC research found that for SaaS application data protection, most organizations use native tools from SaaS vendors. These tools often have limitations or require an additional license to unlock premium data protection capabilities.” Hence third-party tools are needed to bypass the limitations.

“IT buyers face a market that can be described as top heavy. They can find many third-party products that can protect the most popular SaaS applications, but far fewer options for niche SaaS applications that aren’t widely adopted or are industry specific. Buyers are put in the uncomfortable position of balancing using multiple SaaS data protection vendors, using the native data protection tools from the SaaS vendors themselves, internally developing their own method and workflow for exporting SaaS data for protection, or a combination of these to cover all their SaaS applications.”

Here is their MarketScape chart:

The chart is mostly white space and several vendors are excluded, notably Druva, but also Asigra, CloudAlley, Kaseya’s Spanning, and Own from Salesforce (formerly OwnBackup). The IDC analysts say: “This IDC MarketScape evaluates what we believe are the six most prominent SaaS data protection vendors.”

Oddly, the same two analysts wrote the IDC MarketScape: Worldwide Cyber Recovery 2025 Vendor Assessment, which positioned Druva as a leader alongside Rubrik, Veeam, Cohesity, Commvault, and Acronis. That report looked at 11 vendors in total, not just six, and it recognized Druva for strengths in its “100 percent SaaS-based architecture.” We have asked Druva about this apparent disparity and a spokeperson replied: “The IDC MarketScape: Worldwide SaaS Data Protection 2025-2026 focuses specifically on data protection of individual SaaS applications, essentially evaluating how many discrete SaaS apps a vendor protects. It does not assess data protection delivered as a SaaS platform, which is where Druva’s differentiation and leadership are most evident.

“Druva’s exclusion was driven by qualification requirements tied to a fixed cutoff date of January 1, 2024, not by product capability, customer adoption, or market position. Importantly, this should not be interpreted as a change in IDC’s view of Druva. IDC has continued to recognize Druva’s strengths, including naming Druva a Leader in the IDC MarketScape: Worldwide Cyber Recovery 2025, which reflected our strengths in SaaS architecture, cyber resilience, and enterprise-scale data protection.

“We are in active discussions with IDC about the report.”

MarketScape explainer: IDC’s MarketScape is a 2D square chart with two axes: Capabilities from low to high on the vertical axis and Strategies (low to high) on the horizontal axis. Suppliers are placed in sections called Leaders, with the highest ratings in capabilities and strategies, Major Players with the next-highest ratings, Contenders with the next highest, and Participants, which has the lowest ratings. A supplier’s spot or bubble on the chart increases in size with their revenue.

There were five vendor inclusion criteria in this IDC MarketScape:

• The vendor offers a purpose-built solution for at least five SaaS applications.
• The vendor’s solution will be considered in totality of “own IP” and “other IP” (i.e., partnerships), provided that at least 80% of the vendor’s core solution is primarily “own IP.”
• The vendor’s solution must be available as standalone products (options for inclusion as a bundle are acceptable).
• The solution must be available in at least two of the three major geographies (NA, EMEA, APJ).
• The core solution must have been in general market availability on January 1, 2024, with all features under consideration in general availability as of May 31, 2025. Features released after that time are considered road map items.

Get a HYCU excerpt of the IDC report here. The full report is available from IDC for $20,000 here.