Veeam's Securiti play could push it past Cohesity

By buying Securiti, Veeam has opened up a whole new revenue stream. Combined with its backup/resilience market growth, this could make Veeam bigger than Cohesity.

Rick Vanover, VP for Product Strategy in Veeam's Office of the CTO, is hopeful IDC could validate this overtake in the not too distant future. He was presenting to an A3 TechLive event in Paris, and this member of his audience realized that data resilience is the gift that keeps giving. 

New threats are constantly being added to the traditional data destroyers – "fire, flood and blood," as Vanover describes them. We have already seen viruses, phishing attacks, ransomware with its encryption and exfiltration, now being assisted by AI. Rogue AI agents are the latest addition to resilience vendors' marketing pitch. The threats are real, and there are enough gruesome examples that no one can afford to ignore cyber-resilience.

What Veeam has done is made the leap from ensuring backup data is resilient to facilitating production data resilience. And it's done that by buying Securiti, differentiating itself from every other cyber-resilience supplier with a data protection background.

Veeam is deadly serious about production data security management as a way to detect the sensitivity and security posture or status of data items. Sensitive items can be classified and have their security status, regarding access, and protection, for example, evaluated.

In effect, Veeam's Securiti scans a production data set, such as a customer's entire AWS data estate, and maps it using graph technology. The scanning time will clearly depend upon data set size and the number of sources, and the resulting graph can contain thousands of entries, conceivably millions. 

Once the data graph map is populated, questions looking into it can be formulated. Find, for example, the sensitive data, run a ROT (redundant, obsolete, and trivial data) analysis, make a breach impact analysis, check for compliance and related controls, inspect access controls and AI governance, and look at the data's protection status.

This is not traditional data management, where suppliers have often had an original focus on file data placement and storage media class tiering, with data moving engines. They have developed and added functions like personally identifiable data detection and masking, and AI pipeline data selection – think Komprise and Datadobi, DataDynamics, etc. 

For Veeam, all these things are now functions it can add on to the Securiti data knowledge graph. It now adds data item relationship intelligence and mapping, to metadata about files and objects and records in folders, buckets and databases, mail messages and so forth.

The cross sell opportunity is massive, as Securiti customers can be introduced to Veeam and vice versa. Securiti customers can be told they can ask the graph what is the protection posture of their most sensitive data? And then find out the protection gaps and indicate/trigger Veeam protection facilities.

Combine this with Veeam selling Securiti functionality into its existing customer base and we can see why the prospective business that Veeam thinks this opens up is substantial.

 Securiti enables Veeam to manage real-time production data resilience. It is not entering the general data management market, like Komprise and Datadobi, but the general data resilience market, which they are entering too, think Venn diagram overlaps, but without knowledge graph technology.

Our understanding is that there are only two data protection/cyber-resilience companies using graph technology: Druva, with its Dru MetaGraph, and Veeam. 

So, let's finish this with two questions. Will other cyber-resilience/data protection suppliers adopt graph technology, and, second, will they also start looking at production data resilience? We think some of them will, the fast adopters, like Rubrik, and the tenacious and aggressive ones like Cohesity and Commvault.

Bootnote

Storage array and system vendors could also look to add production data resilience to their products. They have the production data on their systems and could view it as value-add data services they could offer their customers. For example, Hitachi Vantara's VSP 360 control plane has PII functionality already.