Brought to you by:
Enterprise Strategy Group  |  Getting to the Bigger Truth™

ESG TECHNICAL VALIDATION

Keepit: Dedicated Data Protection For Saas Workloads

Delivering Data Availability, Cost-Efficiency, Simplicity, Instant Recovery, And Total Security

By Kerry Dolan, Sr. IT Validation Analyst
OCTOBER 2021

ESG Technical Validations

The goal of ESG Technical Validations is to educate IT professionals about information technology solutions for companies of all types and sizes. ESG Technical Validations are not meant to replace the evaluation process that should be conducted before making purchasing decisions, but rather to provide insight into these emerging technologies. Our objectives are to explore some of the more valuable features and functions of IT solutions, show how they can be used to solve real customer problems, and identify any areas needing improvement. The ESG Validation Team’s expert third-party perspective is based on our own hands-on testing as well as on interviews with customers who use these products in production environments.

Introduction

This report documents ESG’s technical validation of Keepit, a dedicated software-as-a-service (SaaS) data protection solution for multiple workloads. Our validation focused on the simplicity of setup and ease of backup and restore.

Background

The use of cloud-based SaaS applications is mainstream today. According to recent ESG research, 90% of survey respondents report using SaaS, with Microsoft Office 365 and Salesforce.com the most widely used.1 However, many organizations mistakenly assume that SaaS vendors are protecting customers’ cloud-resident data when, in fact, SaaS vendors are only responsible for maintaining their cloud environments, not customer data. Some SaaS vendors offer third-party data protection solutions, but these often cannot support the scale and SLAs of critical production data; they are often incomplete, cumbersome, and costly. It can take months before data is available.
In the same research, 86% of respondents reported relying partially or completely on the SaaS vendors for data protection, a dangerous disconnect that can lead to serious consequences including lost or unrecoverable data. For example, when asked how their organizations recover Microsoft Office 365 data, 74% reported relying on Microsoft’s service recovery functionality. Similarly, 59% of Salesforce.com customers reported not using a third-party backup solution, instead relying on Salesforce.com.
Where does data loss come from? In our research, the most common reasons for data loss were service outages (22%), accidental deletion (20%), and external malicious deletion (19%) such as ransomware attacks (Figure 1). Other reasons include problems with backup mechanisms and retention/deletion policy misunderstandings. In our research, 81% of Microsoft Office 365 users had to recover data, but only 15% were able to recover 100% of their data.
Figure 1. Top Causes of SaaS Data Loss

What is the top cause of data loss for the SaaS-based applications your organization uses? (Percent of respondents, N=344)

Source: Enterprise Strategy Group

What is important when choosing cloud-based data protection? When ESG asked this question of research respondents, they most often cited the ability to restore data remotely for disaster recovery (35%), freeing up IT staff (29%), improving service levels (24%) and greater cost-effectiveness than in-house solutions and processes (23%).
Figure 2. Top 10 Drivers of Cloud-based Data Protection

Which of the following factors were–or are–the biggest drivers behind your organization’s consideration of cloud-based data protection services? (Percent of respondents, N=376, three responses accepted)

Source: Enterprise Strategy Group

Keepit Dedicated SaaS Data Protection

Keepit offers a dedicated SaaS backup and recovery solution built from the ground up specifically for SaaS applications, including Microsoft Office 365, Azure AD, Salesforce, Google Workspace, and Microsoft Dynamics 365. Keepit protects and restores data and metadata for each application at various levels of granularity. For applications whose structure includes related records (e.g., Salesforce and Dynamics 365), restore can include individual items or items that are related.
Keepit stores backup snapshots in its own dedicated hosting facilities. The solution was designed around an independent, proprietary cloud with a focus on data availability, cost-efficiency, simplicity, instant recovery, and security. Keepit’s regional data centers around the world are fully redundant for total protection. Keepit supports data sovereignty and GDPR compliance requirements as well as ISAE, ISO, and HIPAA standards.
Keepit’s backup service guarantees at least two backup snapshots per day; data are stored in two separate data centers in each region. It uses the “incremental forever” method to minimize data movement. Keepit connects to SaaS applications via API and leverages network peering arrangements with Azure, Amazon, and other clouds to optimize performance.
Figure 3. Keepit Dedicated SaaS Backup

Source: Enterprise Strategy Group

Key features include:

• Data Availability. Keepit’s proprietary backup and recovery cloud is designed to ensure 100% availability for customer SaaS data. Using redundant data centers, Keepit stores four backup copies in two separate physical locations that are always available, off-site, and vendor neutral. Keepit operates data centers in multiple regions globally, helping customers meet data sovereignty requirements; in addition, Keepit’s enterprise-grade cloud data protection is fully GDPR-compliant and certified. Keepit provides fast, reliable, and secure restore operations, and helps speed disaster recovery planning.
• Cost-effectiveness. With Keepit’s proprietary cloud, everything is included in the seat price, eliminating any concern about unexpected costs. The per-seat cost includes unlimited storage and archiving, free transactions, and no egress or ingress fees. With its object-storage architecture, Keepit stores backed-up data on high-density, hard drive-based storage systems; combined with the “incremental forever” backup approach that only transfers changes in any dataset, Keepit remains cost-efficient. Keepit’s predictable pricing keeps customers in control of costs even as they scale.
• Focused on Simplicity. Keepit streamlines SaaS data protection needs with one universal service that supports Microsoft 365, Salesforce, Google Workspace, Dynamics, and more. The user-friendly UI simplifies daily backup and restore, as well as scaling. The platform is intuitive and simple, requiring no training. Keepit delivers an updated platform in tune with the latest changes in SaaS applications, ensuring a seamless backup and recovery experience.
• Instant Recovery. Keepit’s advanced suite of search and restore features lets administrators execute fast and complete recovery in seconds. Its advanced, high-speed search technology based on fast indexing and reindexing algorithms enables browsing through historical snapshots, and Keepit’s file previewer makes it easy to verify the data before restoring. Administrators can even share with a user a link to the data to validate before restoring. Keepit’s intelligent restore orchestration workflow enables administrators to select the snapshots to restore from the method of restore and includes duplicate handling.
• Robust Security. Keepit developed a purpose-built SaaS backup platform with security designed in. Keepit’s storage architecture is built on a tamper-proof, immutable blockchain-based object store and file system. This provides instant access to raw data objects, as well as instant data verification. All data protected by Keepit is stored and protected by a hash-chain object store that prohibits the deletion or manipulation of any data object or backup set. Because data cannot be altered or deleted, it is impenetrable to ransomware, malicious attacks, or other data loss scenarios, and is encrypted in transit and at rest. Backed-up data is immediately encrypted using industry best-practice algorithms before it is written to storage.
The API front end connects to SaaS applications. To scale, Keepit simply expands the number/size of servers on the front end. Dual, active-active data centers are used for load balancing and data duplication.

ESG Technical Validation

ESG viewed live demos of the Keepit solution with a focus on ease of setup and management across multiple SaaS products. These demos used Microsoft Office 365 and Salesforce workloads, but the functionality applies to all supported applications.

Ease of Management

Keepit is a browser-based solution, with no additional plug-ins or hardware components. All functions leverage each SaaS application’s APIs. Setup and management functions are virtually identical across the SaaS applications that Keepit supports.
Initial Setup and First Backup
Setup is extremely simple. It starts with creating a connector to a SaaS application, after which the Keepit application is automatically installed in the application; once that is complete, Keepit is ready to start backing up. Role-based access control enables full control and flexibility.
ESG set up a Microsoft Office 365 connector in just a few clicks, using an environment with Keepit already installed. It should be noted that Keepit does not require the use of a global admin service account for Microsoft Office 365 workloads (Exchange, OneDrive, SharePoint, and Teams). From the Keepit UI Connectors tab, we clicked Add Connector, selected Add Microsoft 365 Connector, and confirmed connection to Microsoft tenants. Next, we were taken back to the Keepit UI to configure the first backup, which we named ESG M365 Backup. Administrators can select all data or subsets of data to back up for the main areas of Microsoft Office 365: Exchange, OneDrive, SharePoint, Groups, and Teams. Keepit leverages the customer’s Active Directory to identify users; all users are included by default, but administrators can specify users or groups to include if desired. Figure 4 shows the ESG M365 Backup with the four primary Microsoft Office 365 areas and the subsets of Exchange for selection.
Figure 4. Configuring Microsoft Office 365 Backup

Source: Enterprise Strategy Group

Management features include:

• Automatic snapshots. Keepit backup snapshots are executed automatically between the SaaS cloud and the Keepit cloud. There is no backup schedule for administrators to configure with Keepit and no planning of backups at off hours to avoid impacting production.
• Flexible schedule. Keepit uses a dynamic schedule to deliver at least two snapshots of all data every day. With cloud-based applications, there is no way to know what Salesforce, Microsoft, or Google are doing with their applications at any time; in addition, they have customers around the globe, so there is no downtime. However, the SaaS providers’ APIs have limits on activity, so if Keepit is hitting their ecosystems too hard, they may be throttled back. For this reason, Keepit maintains a dynamic schedule and can re-try as needed to optimize API calls. With no timeframe to work around, Keepit ensures that snapshots are completed sometime during each 24-hour period and that, during backup, there is no interruption to any Keepit or SaaS application functionality.
• Up to unlimited retention. The default for all data is 12 months and up to unlimited retention time, depending on customer needs. Since Keepit does not charge customers for storage capacity, there is no economic need to manage how long data is kept (outside of customer policies and compliance requirements). All data remains easily accessible, with no storage tiering or separate archiving. Administrators can configure custom retention periods if desired.
• Data Availability. The Keepit cloud stores data redundantly, with four copies of all data in two separate data centers. Initial backups can be lengthy, but the Keepit platform remains available for other tasks. Data is indexed as it comes in, so data is usable very quickly.
• Audit Log and Job Monitor. Keepit’s audit log and job monitor simplify management and help administrators maintain a healthy environment. ESG viewed the demo job monitor, which showed the backup status for all connectors for the previous 24 hours, including the amount of data backed up and the start and end times.
• Keepit API. The Keepit API enables customers to integrate Keepit into their existing service management workflows, including ServiceNow, Splunk, and others, enabling consolidated, automated management and a central location for notifications regarding job completion, skipped items, etc. This increases administrator productivity, reducing costs for managing data protection. In addition, customers gain intelligent data management, as they can access current and historical data through a single API interface. This data can be used to improve business outcomes with analytics.

Why This Matters

SaaS applications save IT a lot of headaches—they require no hardware and little management. Therefore, it makes sense for SaaS backups to do the same—simplify tasks for IT and save time.
ESG validated how easy and fast it was to set up Keepit’s browser-based solution in less than five minutes with just a couple of clicks. It requires no scheduling or retention time configuration, and the workflow is the same for all supported applications. Keepit offers simple, secure, complete data protection with flexibility to include or exclude subsets of SaaS data.

Data Search and Restore

One of the Keepit solution’s key features is how easy it is to find the data you want and restore it. The process is virtually identical across all workloads. Finding and restoring documents, emails, folders, teams, SharePoint sites, or groups of items is extremely simple and fast, including searching for metadata that describe the items to restore. Administrators with the highest privileges can preview items to ensure they are restoring the right data. Data can be restored to the same location or a different location, including SharePoint sites that can be restored to new URLs.

Finding and Restoring Microsoft Office 365 and Salesforce Data

ESG started with a look at the dashboard of a site with connectors to all supported applications (Figure 5). Accessing all SaaS applications with the same workflow dramatically simplifies the ability to find and restore data. The dashboard shows the timing of most recent backups, with a configuration tab to control access to backups.
Figure 5. Keepit Dashboard

Source: Enterprise Strategy Group

ESG clicked on the Microsoft 365 Backup-Demo, clicked on Users, and searched for Megan. Once we clicked on this user’s name, we could view her Microsoft Office 365 subfolders: Calendar, Contacts, Archive, OneDrive, Outlook, and Tasks. The UI showed the size of each subfolder and time of last backup (Figure 6). We clicked on Outlook/Inbox and could view the most recent snapshot of her email folders and individual emails, shown with the same structure and sort options as a typical Exchange mailbox.
Figure 6. Finding Emails in Microsoft Office 365 Backup

Source: Enterprise Strategy Group

Keepit makes it extremely simple to find items that have been deleted. This is an important feature since accidental deletion by users is one of the most common reasons for having to restore. Figure 7 shows Keepit’s Deleted Items View, with the three emails that have been deleted; these are displayed as grayed out and include a trash bin icon on the right. However, these did not have to be extracted from the trash bin but are shown in context; they are grayed out because they had appeared in previous backups sets but were missing from the most recent snapshot.
Figure 7. Deleted Items View

Source: Enterprise Strategy Group

To restore the Northwind Customer Data email to the original location, we simply clicked on the three dots on the right and selected Restore. Other options were to view different versions of that email, to download it, or to share it. Administrators with the highest privileges could also preview the email.
It is important to note that we were not viewing a snapshot on a storage array; instead, we saw the Exchange view with user-specific folders and emails. Keepit searched across all snapshots of this data and presented it in a user-friendly way that made sense in the context of the application. This is part of the simplicity of the system. When a user asks IT to find a deleted document or an email, IT will typically ask about time frame and some identifying information so they can search in the right snapshot. This process can be cumbersome and error prone, particularly when users aren’t sure when they last had the item. With Keepit, searches leverage the typical user view, and the Deleted Items View makes it extremely simple to find deleted data and restore it in a couple of clicks.
Next, ESG restored a document from the same user’s OneDrive, but from a specific snapshot rather than from the latest one. This can be done on the single item level or from the Snapshots Viewer. For a single item, we navigated to the Annual Financial Report (Draft) document in OneDrive, clicked the three dots, and selected Versions. A timeline appeared; we used a slider to find the approximate date and then selected from the list of available snapshots by date and time. We also browsed to Outlook/Inbox, searched for Northwind, and clicked Snapshots Viewer to use the same timeline (Figure 8).
Figure 8. Select Item by Specific Snapshot

Source: Enterprise Strategy Group

Keepit can restore individual items or groups of items, such as mailboxes, folders, or entire users. In addition, instead of doing a complete restore, administrators can create a secure, sharable link to data. This enables instant access and offers the ability to share with users outside of the SaaS application environment, and the link can be time limited. For example, should a user be unable to access her OneDrive but need a critical presentation, administrators can create a password-protected link for immediate access.
ESG also viewed a Salesforce restore and noted the extreme similarity to the Microsoft Office 365 workflow. Keepit restores Salesforce objects, including individual records, files, and attachments. We selected a Salesforce backup, selected Objects, and searched for Accounts; this brought up a list of all accounts, as well as the Deleted Items View. We selected the PIND Investment Backup account and clicked Restore. With Salesforce, since many records are related—such as leads and contacts—there is an option to restore the single record or to add related records (Figure 9).
Figure 9. Restore Options for Salesforce Data

Source: Enterprise Strategy Group

Why This Matters

Backup data should be easy to find and restore in the event of accidental deletion, malicious attack, system failure, or policy error to maximize production uptime. In addition, backup data that is easy to find can be used for other data management functions such as eDiscovery.
ESG validated how simple it was to find and restore individual items or groups of items from any Keepit snapshot. Administrators browse easily in a natural format that resembles the application context. The Deleted Items View makes finding deleted data extremely simple—a great feature since accidental deletion is one of the most common reasons to restore. Data can be restored to the same or another location, including new SharePoint sites; in addition, Keepit enables a sharable, password-protected, time-limited link to data for immediate access. And applications with related data, such as Salesforce, can restore related objects as well as individual ones.

The Bigger Truth

Business is no longer strictly on premises, and neither are applications. As mentioned earlier, in ESG research, 90% of survey respondents report using cloud-based SaaS applications such as Microsoft Office 365, Salesforce, Google Workspace, and Microsoft Dynamics 365. However, many SaaS customers don’t realize that they are responsible for protecting their SaaS data. In the face of increased exposure to ransomware attacks and other vulnerabilities, as well as typical deletions and failures, it is critical to be proactive about protecting SaaS data. There is no time to waste, as ESG expects more and more software to be delivered as a service in the future.
Keepit offers an extremely simple, secure SaaS data protection solution that uses a proprietary object store to keep data protected and tamper-proof in its independent, redundant global data centers. The Keepit brand is known for simplicity, security, cost-effectiveness, and fast data recovery. Key aspects of its simplicity are that snapshots are automatic, so no scheduling is required; data is retained forever by default with unlimited storage, so data retention is easy to configure and manage according to your compliance requirements; and pricing is by seat, so there are no charges for ingress, egress, storage capacity, bandwidth, etc.
ESG validated the Keepit solution’s:
  • Simplicity and speed of initial setup and backup.
  • Simplicity and speed of finding and restoring data.
  • Restore options that make data quickly accessible while retaining SaaS application context.
It seems clear that the Keepit solution was not built using a traditional data protection paradigm, but instead was specifically designed for SaaS applications—and for use by generalists and application owners, not data protection specialists. Keepit understands what customers need. They need a couple of backups a day, and they need them to happen automatically. They need to be able to easily find their data and get it back as quickly as possible, no matter how old it is. They need an immutable history, and they need to comply with corporate, regional, and industry governance requirements. The long, arduous bare-metal recovery process is just not sustainable in today’s fast-paced business environment.
Keepit delivers on all these key needs for SaaS applications. With Keepit, customers can restore data remotely for disaster recovery; free up IT staff so they can contribute more strategically; improve service levels; and reduce costs. These are key drivers of cloud-based data protection according to ESG research.
ESG believes that adding support for more SaaS applications and adding certain features like data masking would extend the solution’s value. If your organization is ready to get serious about protecting SaaS data and is looking for a solution that is simple, secure, complete, and cost-effective, ESG recommends that you take a good look at Keepit.

This ESG Technical Validation was commissioned by Keepit and is distributed under license from ESG.

Source: ESG Master Survey Results, 2021 Data Protection Cloud Strategies, May 2021. All ESG research references and charts in this technical validation have been taken from these master survey results.


All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.

Enterprise Strategy Group | Getting to the Bigger Truth™

Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.