Veeam Strengthens Its BUaaS Play with Cirrus

Veeam Strengthens Its BUaaS Play with Cirrus

The News: Veeam acquired Cirrus, a software as a service (SaaS)-delivered, self-service management portal for backup as a service (BUaaS) that was built on top of Veeam Backup and Replication (VBR) developed by CT4. Cirrus by Veeam for Microsoft 365 and Microsoft Azure are available immediately via CT4’s existing channels for Cirrus, and the fully integrated Veeam solution is slated for availability in Q1 2024. Additional details are available in Veeam’s press release.

Veeam Strengthens Its BUaaS Play with Cirrus

Analyst Take: IT teams have long struggled with the expensive costs and cumbersome complexities of their data protection solutions. Today, this challenge is exacerbated by a massive sprawl of data across a range of on- and off-premises applications and infrastructure, as well as significantly limited staff. In fact, in The Futurum Group’s Trends in Enterprise Data Protection 2023 study, insufficient staff/headcount (selected by 28% of respondents) was outranked only by limited budget (39%) and high solution costs (30%) as a top challenge with existing data protection solutions.

The Growing Case for BUaaS

In response, IT operations teams are increasingly turning to the public cloud to simplify upfront deployment as well as ongoing day-to-day management of their data protection. Approximately 80% of respondents in our research indicated that they use the public cloud in some manner to support their data protection implementations, with 30% indicating that they use backup software hosted in the public cloud, specifically.

It is, of course, no secret that production apps and systems are also migrating to the cloud. What has been less clear to many is that, just like their on-premises counterparts, these SaaS and infrastructure as a service (IaaS) solutions also require protection. This lack of awareness is beginning to change, however, thanks in large part due to activism by hyperscaler juggernauts. For example, the “shared responsibility model,” which dictates that, although cloud providers are responsible for the security and availability of their services themselves, and the infrastructure they run on, the privacy, protection, and availability of the data that is being generated and stored in the cloud remains in the court of the customer. This differentiation was a major theme at re:Inforce, AWS’ security summit. Additionally, Microsoft has announced plans to introduce a native protection service for Microsoft 365 – one of, if not the most, commonly used SaaS apps currently in existence. As a result, nearly 85% of respondents in The Futurum Group’s study indicated that they are protecting a cloud workload. Specifically, 57% said they are protecting Microsoft 365, more than one-quarter said they are protecting another non-Microsoft 365 SaaS app, and nearly 50% said they are protecting an IaaS workload.

Introducing Cirrus by Veeam

For its part, Veeam has already carved out a successful position in the growing market for SaaS and IaaS protection. Notably, its Veeam Backup for Microsoft 365 offering already protects more than 16 million users. To date, however, Veeam has lacked its own, first-party BUaaS offering, relying strictly on cloud marketplaces and its Veeam Cloud Service Provider Partners (VCSPs) as its routes to market. Acquiring the Cirrus platform will allow Veeam to remain strategically committed to these channels while addressing a third delivery option in demand by customers – first-party, Veeam-provided and -managed BUaaS. The intention is to optimize flexibility for how customers can consume Veeam.

Cirrus runs Veeam Backup for Microsoft 365 as its back-end, and a cloud-native, microservices-based front-end that is based on Azure functions and Azure SQL Server for service delivery. Veeam has acquired the Cirrus intellectual property (IP), as well as the team that developed it, from a firm called CT4. The intention is to simplify implementation while moving toward both streamlined and more proactive administration and management., including managing patches, and avoiding and, when necessary, remediating misconfigurations for improved security.

Addressing the issue of cost efficiency, pricing is straightforward, billing per-user per-month. To control the costs of underlying cloud storage infrastructure, data can be tiered across storage classes on a customizable, policy-driven basis, and data compression is applied.

Backup jobs are policy-driven with recovery point objectives (RPOs) that are customizable per the customer’s requirements. The Futurum Group notes that, in being built on the Veeam platform, the Cirrus offering includes a host of table stakes, enterprise protection features. For example, the Cirrus platform offers a variety of recovery options, including the ability for entire Azure instances, and specific folders and files, to be recovered across regions and subscriptions, to avoid the possibility for data loss or extended downtime. Search and eDiscovery are also included.

For security, granular role-based access control (RBAC), multifactor authentication (MFA), and control over network access to the Cirrus portal are included to prevent unauthorized access. Customer data is stored in a dedicated Azure storage account in the customer’s region; it is encrypted in flight and at rest, and immutability of backup copies is included as a built-in function. Arguably, most critically to The Futurum Group, CT4 regularly engages a third party for penetration testing against Cirrus.

Looking Ahead

It is likely that the market will continue to gravitate toward BUaaS as customers desire to procure their protection capabilities in the same manner that they consume their infrastructure and applications. That being acknowledged, data protection solutions have a long tail of adoption, meaning that as a service delivered backup software will coexist alongside traditional deployments for the foreseeable future. Change will take time. In the interim, the acquisition of Cirrus is a strategic move for Veeam to “skate where the puck is going” – that is, position to address how customers are incrementally evolving their purchasing desires and patterns. With the legacy CT4 team reporting into Veeam CTO Danny Allan, The Futurum Group expects to see the Cirrus platform integrated in a targeted and strategic manner into Veeam’s portfolio roadmap, addressing use cases presenting the greatest customer demand and opportunity.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Veeam Launched the Latest Version of Its Core Offering and Focuses on Data Security designed for Hybrid Clouds

AWS re:Inforce: Bridging the Shared Responsibility Divide

Microsoft and Partners will Strengthen Microsoft 365 Data Protection

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.


Latest Insights:

The Six Five team discusses NVIDIA announces Mistral NeMo 12B NIM.
The Six Five team discusses Apple using YouTube to train its models.
The Six Five team discusses TSMC Q2FY24 earnings.