Keepit gets data sovereignty and AI threat boost

Denmark-based SaaS app protector Keepit is growing fast because AI-based cyber threats are rising and European data sovereignty concerns are causing a switch from US-based protectors to European ones. It's also onboarding more SaaS Apps.

There is no way a US-owned data protection business can guarantee 100 percent data sovereignty within a European region. CTO Jakob Ostergaard told an A3 TechLive meeting that, even if a US data protector stores data in a European-owned and located data center, the US government could still get access to it.

That means that every European organization storing data that has to be compliant with local sovereignty regulations is a potential Keepit customer; a huge market. Its recent business growth is reflected in its headcount:

• 2023 - 190
• 2024 - 245
• 2025 - 500
• 2026 - 540 and a spokesperson said: “We’re hiring like crazy.”

There is a virtually infinite number of SaaS apps and the decision process about which ones to support is not simple. Mark Groves, Keepit’s Senior Product Director, outlined a 5-step process:

• Business case - Is there a market
• Competitive analysis
• UI and API support - do they have an API for incremental backup, for restore?
• Enablement 
• Partner and customer input

Even if there is a business case and the competitive analysis reveals an opening, the road ahead isn’t straightforward. The target vendor can, when approached, say we offer our own protection services. Keepit then has to explain that it offers better services, with a longer protection period for example, which customers value.

Then it has to evaluate the target app’s API scope. KeepIt always goes in through an API portal and its service capability depends upon the API's scope, needing, for example, granular restore capabilities. If this hurdle is passed, then the target SaaS app vendor can want a revenue share. Groves slaid this is becoming normal, and cited SAP Concur which wanted “15 percent plus $20,000 up front.” That can alter the business case.

Open-source target SaaS apps are difficult because of their ongoing development adding to a lifetime support burden to Keepit.

Groves also discussed Keepit’s internal roadmap. One item that stood out was longer term preservation, particularly for SharePoint where customers want to move old tenants to an archive and stop paying Microsoft as they breach SharePoint license step boundaries. This would mean, we suppose, Keepit offering tape-based archive storage, tiering off old or relatively unwanted data to tape.

There’s also a possibility of looking at protecting certain kinds of on-premises data. For example, Active Directory since it’s connected to EntraID.

Keepit is also developing a natural language interface to Keepit’s stored data, as part of a potential 3-stage AI adoption program. An AI model would use MCP to talk to Keepit’s data, with a preview being tested now. If successful this would extend to a human-in-the-loop concept and then, eventually, agentic AI.

The company is vigorously developing its services so as to capture a goodly part of the Europe-based movers away from US SaaS app protection products, as full data sovereignty become more widely adopted. This, along with the rise of AI-influenced cyber threats to data means there is, one Keepit person said, “a huge potential for us.”