Veeam Emphasizes On The ‘3-2-1-1-0’ Rule As The Go-To Data Backup Strategy For Companies

India has emerged as a sweet spot for Veeam Software, registering the highest growth among its Asia Pacific and Japan regions. Expecting this momentum to continue, the data management company is doubling down on its investments in the country and strengthening its partner ecosystem.

Throughout this year, it will unveil a series of new program enhancements through collaboration with partners, alliances, and global systems integrators to help customers become future-proofed against the growing threats to their data and business continuity. Recently, Veeam announced a strategic partnership with Microsoft to co-innovate new backup and protection solutions, where the duo will also co-sell the Veeam Data Cloud to help their respective customers become cyber-resilient.

Since its establishment in 2006, and starting Indian operations a decade ago, Veeam has expanded its customer base to span 450,000 companies, including global majors like Coca-Cola and BMW and Indian entities like Hero MotoCorp, Mahindra Group, Granules India, Parul University and Future Generali as well as government-led smart cities and defense projects.

In March 2020, private equity firm Insight Partners acquired the company for $5 billion, to propel it into new markets and sustain its growth. Leveraging its VMware virtual machine protection capabilities, it currently boasts a $1 billion annual run rate, providing data ownership, control, and protection in hybrid cloud environments.

Sandeep Bhambure, vice president and managing director for Veeam Software India and SAARC and the company’s general manager and senior vice president, Asia Pacific and Japan, Beni Sia, tell Outlook Business why they are excited about the opportunities in India, especially with the rollout of the Digital Personal Data Protection (DPDP).

Edited excerpts:

How has Veeam grown its operations in the APJ region and where does India fit into this, in terms of revenue contribution, workforce, and business sectors?  

Beni: FY24 was one of the best years for Veeam Software. Though we don’t share area-wise revenues, the SAARC region led the global business with high double-digit year-over-year growth. This was on the back of our investment here, not just in people and resources, but also in R&D.  

Sandeep: In the global scheme of things, APJ is the fastest-growing theatre for Veeam and within this, SAARC is the rapidly growing region. We are staring at triple-digit growth, and though we have not reached there yet, this reflects the quick pace of the industry. As per IDC Semi-annual Software Tracker 2H22, in India, Veeam is growing 2.5 times as compared to the global data replication and protection market.

What is propelling this growth?

Sandeep: The engines driving this growth are essentially the growing occurrences of ransomware attacks and organizations modernizing their IT setup by moving to the cloud, adopting containers or even protecting Software as a Service (SaaS) workloads.

We are the leaders in all these spaces and have also been protecting traditional and virtual workloads. We add hundreds of new clients every quarter across industries like banking and financial services (BFSI), ITeS, healthcare as well as government agencies.

We also have a vast 700-plus partner network in the country, which includes partners like HPE, Cisco and Lenovo from our Reseller Alliance Ecosystem and cloud service providers, global systems integrators and independent software vendors.

Beni: According to IDC, the data protection and recovery market is growing by 4% to 5%, but we are growing at multiples of that. That kind of points to a couple of things. Firstly, we are doing a lot of customer acquisition and are eating our competitors’ lunch.  As per IDC Semiannual Software Tracker 2H22 reports Veeam, with an 8.1% year-over-year growth rate grew faster than the other top five vendors and the overall market average.

What investments is Veeam doing in the APJ region, and India in particular?

Beni: One of them is with role changes, with a big one around a sales development representative function to help our sales team in the SMB, commercial and enterprise segments. That's in terms of identifying not only within our installed base but also in the white space for entities seeking solutions that promptly address their needs.

R&D is another area that we will be investing in FY24 alongside repurposing some people to do different roles. Moreover, we have decided to make Bangalore our hub and are doubling down in terms of hiring support engineers and R&D talent.

What is your partnership network in India and how will making Bangalore the hub help?

Sandeep: Since the pandemic, almost 50% of IT workloads have moved to the cloud environment, which required us to reinvent and modernize our go-to-market. We are heavily investing in enabling our partner community to work with cloud service providers and hyperscalers like AWS, Google, and Azure.

We are also ramping up our partnership with cloud service providers as well.  This is one big transformational thing that we are driving in India visa-a-vis our competition.

While you are looking at increasing your talent pool, there is a massive dearth of skilled talent globally. At the same time, the growing adoption of Gen-AI is throwing up new challenges for existing cybersecurity teams. How is Veeam trying to navigate this situation?

Beni: The reality is talent will always remain a challenge because everybody's competing for the same human resources. After you train an engineer and they gain a certain level of experience, they get multiple offers from many companies and will move on.

The scalable model is to build and train teams with a strong enablement program. This way we don’t just enable new talent, but also show them the value in terms of being associated with us, which augments our retention.

We don’t take this approach only with our internal sources, but also extend it to our partners so that they are equipped with relevant skills to help them scale their business. The new partner program that we are launching keeps partners engaged with us as they stand to make more money and margins than the previous edition. It also encourages them to be competent in terms of Veeam solutions, which will increase customer trust and stickiness.

What's your partner network in the SAARC, APJ and in India, respectively?

Beni: We can put our partners in two buckets—global software resellers like Kyndryl, Infosys and TCS and then local partners. The Veeam ProPartner program kicks in to help these partners in India; they can benefit from the growing adoption of Veeam technology to help companies become radically resilient in the face of growing cyber threats and other outages.

Sandeep: The born-in-cloud partner ecosystem that we are building is another initiative. A year ago, we had just a handful of certified engineers on Veeam. Today, we have thousands of Veeam-certified sales and technical professionals as well as Veeam Certified Engineer, which is the top-end partner certification for our technology.

While security companies are investing in AI to help their cybersecurity professionals have the latest skills, the technology has supercharged the abilities of hackers. How does Veeam try to stay ahead of this emergent challenge with solutions tailored to react quickly to incidents?

Sandeep: In Veeam data platform 12.1, we introduced proactive monitoring and alerts by incorporating elements like entropy analysis. This AI engine alerts about impending threads and it was incorporated so that customers are not caught by surprise.

Has Veaam created any solutions specifically for Indian companies, which are known to be very value-conscious?

We have three steps to handle occurrences in the threat landscape—pre-event, during-event, and after-event. Our clear-cut processes can help value-conscious customers because it's not just about offering a technology or implementing it. It's also about hand-holding the customer at the time of crisis or threat event.

I have dealt with customers who lost thousands of dollars when their servers went down. We worked with them day in and out to recover all the data. So, it's not just about technology, but also about people and processes, which Veeam excels in.

Beni: It always goes back to fundamentals and what we've been preaching as a best practice all these years even before the spike in cyberattacks through leveraging AI. It boils down to the 3-2-1-1-0 protection rule. This means having three copies of data on two different media—1 offsite and 1 immutable, while the ‘zero’ stands for testing during peacetime to verify that the backup copies can be restored within the time frame.

That rule still holds true, and I especially stress the ‘0’. Because when people are undergoing cyberattacks, they must ensure that they have rehearsed their response and that every person in the organization knows what their role is during a crisis.

It sounds very easy theoretically, but is it practiced?

Beni: Yes. We have had numerous customers experience ransomware attacks and the way to recover their data is to find whether they have followed the 3-2-1-1-0 strategy. Most of the time, recovery is possible, especially if they have practiced the ‘0’ step within the resources and the time allocated.

According to a PWC report, 90% of Indian business leaders expect a significant cyber threat to their organization and cybersecurity is likely to command 10% to 15% of their IT budgets. However, there is an overall dip in IT spending as some companies feel they can use internal resources combined with Gen AI tools to plug in existing gaps. Is this a viable possibility or just a euphoric reaction to the Gen AI trend?

Beni: I'll probably take a different spin based on Veeam’s latest data protection trends report where we asked over 1200 customers how their posture towards cybersecurity is changing. The percentages you cited are not too far from it.

In fact, 93% of the cyberattacks will target the backup copy. This is because cybercriminals know that once they encrypt the backup copy, the chances of a company paying for its recovery are very high. Hence, I go back to the fundamentals of making sure that you stick to the 3-2-1-1-0 rule.

That's where you have an immutable and clean copy that can be restored quickly. Also, stressing back to the 0, if you have previously tested it, you know the time allocation and you also know the resource allocation that you need to bring your businesses back.

Are there any significant white spaces that Veeam sees as opportunities and would like to explore in the coming months?

Sandeep: Firstly, there is a growing need for data protection and ransomware recovery cuts across the verticals. I am more excited about the unfolding compliance and regulations, including the DPDP Act. Bringing the importance of data protection to the fore, it has penalties that can go up to Rs 250 crore. Organizations will, therefore, have to start looking at how to be compliant with the DPDP Act.

At the same time, there is a provision to create some important positions like Data Protection Officers or Data Consent Officers that are directly reporting to the board. This simply means that today the board is thinking of data protection and backup and recovery as a very important need of the business to keep it running. This is a very exciting opportunity for Veeam because as the largest data protection company globally we excel in data recovery.

If you look at the IT landscape today, 50% of the data is on the cloud while the rest is in virtual and physical environments. In a scenario where data is moving all over the place, the challenge of protecting it and ensuring its recovery while ensuring that organisations retain their agility is going to grow manifold.

Organizations that are trying to do business out of India particularly have to be highly compliant. Whether it is healthcare, pharmaceutical companies or banking firms, they need to continuously audit their systems and give regulators and internal auditors an assurance that the data is protected. This is certainly an opportunity that will drive the importance and growth for data protection.