Skip to content

Keepit – SaaS Workload Data Protection First

Photo by Claudio Schwarz on Unsplash

TECHunplugged analysts Arjan Timmerman & Max Mortillaro recently had the opportunity to travel to Munich, Germany to attend A3 Technology Live!, an event organized by A3 Communications Ltd. One of the presenting companies, Keepit, focuses on SaaS (Software-as-a-Service) workload data protection.

SaaS and Data Protection

Although some organizations still take the route of self-managed software deployments, SaaS versions are becoming increasingly (if not overwhelmingly) popular, especially with solutions such as Microsoft 365, Google Workspace, and Salesforce to cite a few. The simplicity SaaS brings to organizations is evident, but still leaves room for misconceptions and gaps, notably when it comes to data protection, data privacy, and data sovereignty.

Figure 1 – Transition to SaaS applications – Source: Keepit / 2023 State of SaasOps, BetterCloud

Most organizations wrongly assume that the service terms also include data protection capabilities, which is not always the case. When included, data protection policies and retention capabilities may also not necessarily meet the requirements of the organizations, and multiple high profile cases exist where data losses could have been easily prevented.

Keepit – Company Presentation

Keepit is a Danish company that has built a data protection solution currently protecting 8 SaaS offerings: Microsoft 365, Microsoft Entra ID (formerly Azure AD), Google Workspace, Salesforce, Dynamics 365, Azure DevOps, Power Platform, and Zendesk.

The company currently has 10,000+ customers distributed across all verticals and sizes and located in 74 countries;  it also operates its own data centers in 7 regions (USA, Canada, Australia, UK, Germany, Denmark, Switzerland).

Figure 2 – Fact Sheet for Keepit – Source: Keepit presentation

Keepit data centers are co-located (on Equinix); the infrastructure is owned, designed by, and operated by Keepit, and is specifically designed / located to be at different data centers than public cloud locations, to ensure the Keepit data protection infrastructure will not be impacted by public cloud provider outages.

Solution Review

A strong focus is placed on data resiliency: every backup consists of four copies of the data, with two copies sent to each data center. The solution is built on immutable storage to provide protection against ransomware attacks. Keepit has full coverage for EU Data Protection laws (for example, it has no sub-data processor, simplifying the regulatory requirements). Specific DCs are available in Frankfurt (Germany) and Zurich (Switzerland) to comply with those countries’ stringent data sovereignty laws.

Figure 3 – conceptual overview of Keepit SaaS data protection solution – Source: Keepit presentation

Keepit operates through a SaaS management plane. Configuration happens through connectors for each of the workloads previously mentioned. This opens the possibility to seamlessly expand the platform to new workloads in the future. A demo was presented, showing how easy it is to configure data protection. Organizations also have the ability to create multiple instantiations of the same connector to define granular policies from a data retention perspective, specify specific subsets of users, etc.

Multiple recovery options are offered, it is also possible to perform a full recovery on a new tenant in case of catastrophic data loss due to an accidental or malicious deletion of a full tenant. Among other capabilities, the solution supports RtbF (Right to be Forgotten) / RoE (Right of Erasure) regulations and gives the ability to label specific users with the RtbF flag for further handling within the organization by compliance fuctions.

TECHunplugged’s Opinion

TECHunplugged has had prior to Keepit when performing research on hybrid cloud data protection and cloud-native data protection reports, but did not evaluate Keepit previously due to its laser focus on SaaS workloads. The presentation was enjoyable from from a structure and technical contenct perspective, and the demo was very insightful.

TECHunplugged analysts agree with Keepit’s assessment that SaaS workload protection remains an area for improvement across many organizations. This is primarily due to a lack of understanding around SaaS vendor support capabilities / SLAs, wrong assumptions around service scope, and potential limitations & costs of built-in SaaS platform data protection capabilities. In addition, organizations must meet stringent regulatory requirements in the European Union (even more so in the DACH region, with Swiss and German data sovereignty laws).

Based on the presentation and demo, it appears that Keepit has built a compelling solution with a SaaS-first approach that allows the company to thrive and consistently win against the competition in SaaS-focused deals.

The plaform’s API only approach and work previously done on multiple connectors makes TECHunplugged believe that Keepit has all it takes to further expand its solution. This can be done not only for other SaaS workloads, but also for other cloud-based services in the future, for example managed database services, Kubernetes services, and more.

When asked, Keepit declined to provide any specifics or confirm any of our assumptions, however the company stated that it has an internal roadmap and plans to expand service coverage in the future, so stay tuned.