The backup market shrunk throughout 2024 with mergers and acquisitions consolidating enterprise-grade service providers and only one company risking an IPO.
Analysts said the consolidations should result in product and service releases next year. Some early examples released at the end of 2024 include multi-cloud offerings and new SaaS backup capabilities.
Beyond these launches, however, the decreasing number of market players will need to diversify their platforms' capabilities.
Backup and recovery alone are no longer enough of a differentiator, according to Christophe Bertrand, an analyst at TheCube Research.
Many backup vendors see themselves as data brokers for generative AI applications, he said. They see an opportunity to provide these new apps with regimented and secure access to data troves acquired through years of backups.
Backup vendors are also working more closely with security and data management vendors to provide cybersecurity and cyber resilience, which focus on stopping attacks and recovery after attacks that do occur.
In 2025, backup and recovery vendors will need to find their niche within those terms in a shifting market, Bertrand said.
"Nobody can do it all, [so] unsurprisingly, vendors are expanding through acquisitions," he said. "The market itself is not just backup and recovery."
What was the market in 2024
Describing acquisition activity in the backup market as "busy" in 2024 is an understatement, said Krista Case, an analyst at The Futurum Group.
It's very active from the standpoint of acquisitions, more than what we've seen in a long time.
Krista CaseAnalyst, The Futurum Group
"It's very active from the standpoint of acquisitions, more than what we've seen in a long time," Case said.
Commvault, an enterprise backup platform vendor, made two significant acquisitions this year with Clumio, a backup vendor specializing in AWS data, for $47 million in September, and Appranix, a cloud automation company, for an undisclosed sum in April.
In September, Salesforce, a cloud SaaS platform, acquired backup vendor Own Company, in which it had previously invested, for $1.9 billion.
Analysts said the most significant 2024 acquisition in terms of expected price was Cohesity's acquisition of Veritas Technologies. The acquisition closed Dec. 10, creating a unified company valued at about $7 billion with more than 12,000 customers, according to Cohesity. Specific business units within Veritas were spun out into a separate business -- Arctera, which is run by former Veritas executives.
Larger vendors acquiring smaller backup vendors -- the unique situation of the smaller Cohesity subsuming Veritas notwithstanding -- is likely the only way to innovate on legacy enterprise products and platforms, according to Brent Ellis, an analyst at Forrester Research. These vendors must focus on supporting enterprise customers that use legacy capabilities and are cautious when investing in new tools due to security and stability concerns, he said.
An acquisition can help quickly bring new capabilities that likely have been tested by other customers into an established product, such as the case with Clumio and Appranix, he added.
"If you're a large company, it gets to a point where it's hard to innovate," Ellis said.
But other acquisitions were motivated by more than technology, according to Case.
Veeam's April acquisition of Coveware for white-glove cyber recovery services builds a recovery offering different from other platforms, she said.
Coveware specializes in damage assessments, auditing and ransomware negotiations. These features help to create a comprehensive cyber recovery offering beyond restoring data, Case said.
Another backup vendor sought out a different way to grow in 2024.
This year, Rubrik emerged as the lone IPO, formally going public in April. Other backup vendors long questioned about taking a similar step, such as Veeam, have yet to go public. Veeam CEO Anand Eswaran has indicated interest in an IPO, but hasn't committed to a timeline.
"They had to tell everybody they still protect data [and that] they don't have just a fluffy cloud security piece," Ellis said.
Ellis anticipates acquisitions to continue in 2025, but at a reduced scale both in price and market impact.
"I think there's going to be a lot of little acquisitions, but it won't be as big as it was last year," Ellis said. "The big companies will have to do some innovation."
What's the future in 2025
With most of the legalities and paperwork in the past, these newly merged companies should begin 2025 by debuting products and services that use the tech they've acquired, according to Case.
"We'll likely see a focus on bringing these portfolio components to bear," she said.
Releases in the coming year will need to focus on cyber-resilience innovations, Bertrand said, notably for protecting SaaS applications.
Many SaaS vendors do not back up customer data and continue following the shared responsibility model, which means the vendor is responsible for the service's security and uptime, but not for the customer data used within it, he said.
As more enterprises adopt SaaS offerings, they might learn through data loss that protecting data is their responsibility to maintain service and protect against another vector for intrusion, Bertrand said.
Hyperscaler Microsoft Azure began offering backup services for Microsoft 365 this year, he noted, while vendors such as HYCU specialize in backing up industry-specific SaaS apps.
"It's not just about disaster recovery," Bertrand said. "It's about cyber resilience. It's going to take some people getting burned, [but] then it's going to be an arms race."
Cyber-resilience capabilities will encompass data governance for backups in 2025, Ellis said, as backup administrators will find themselves responsible for protecting data against threats inside and outside an organization. Features that can manage permissions, sensitive information and automation will be important as backups become a major repository for AI and machine learning (ML) applications, he said.
"What used to be backup is starting to have repercussions in security and governance," Ellis said.
But Case anticipates those AI and ML capabilities coming to backup platforms to aid in recovery. Backup admins will likely need all the assistance they can get when recovering from a cyberattack, so having AI find the last viable snapshot and generate reports about the environment is a useful tool, she said. Such actions, however, will still need human intervention, she added.
"We're already seeing some capabilities like automatically using AI to trigger actions or using AI to suggest a recovery point," Case said. "The more insight the administrator has into what actions were taken and why will be critical, but there's still some human oversight that's needed."
Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.
