Gartner Ranks Top Seven Enterprise Endpoint Backup ProductsWinner Druva, then Code 42, Datacastle, Asigra, HP Autonomy, CommVault and Mozy
This is a Press Release edited by StorageNewsletter.com on 2013.11.07
The following report, Critical Capabilities for Enterprise Endpoint Backup (ID:G00255640) has been published by Gartner, Inc. on 24 October 2013 and written by analysts Pushan Rinnen and Dave Russell
This research provides detailed stack ranking of seven endpoint backup products against 11 critical capabilities and across two use cases. This can help IT leaders narrow their enterprise endpoint backup product shortlists.
- Endpoint backup is no longer just about data protection; it also applies to reducing security risk and increasing user productivity.
- Endpoint backup capability gaps among leading products have narrowed in the past year, making product selection more difficult than before.
- While all products offer decent PC backup capabilities, key differentiations focus on performance-related metrics, mobile device support and additional capabilities, such as integrated remote wipe and remote tracking.
- Almost 40% of user references surveyed reported that they have started implementing the practice of BYOD; however, support for integrated backup and file sync and share remains unavailable from the majority of vendors.
- Procure budget for endpoint backup to protect your company's intellectual property and to increase knowledge workers' productivity.
- Work closely with the endpoint security/compliance team and the mobile team to design a comprehensive corporate plan for endpoint protection, including backup.
- Choose endpoint backup products based on employees' risk profiles. The mobile workforce tends to be more at risk than office workers, and will need a product that has stronger built-in security features and more data capture capabilities, and offers better self-service experiences.
- Choose endpoint backup products that offer strong mobile device support if your company is planning to introduce BYOD.
What You Need to Know
Endpoint backup is fundamentally different from server backup. Endpoint backup deals with the unpredictability of people, rather than predictability of servers. Many organizations had given up on endpoint backup because of management complexity and high failure rates. Modern endpoint backup solutions have beefed up basic backup capabilities and, more importantly, are no longer only about backup. Vendors are adding functions such as easy self-restore, mobile access, file sync, e-discovery and remote wipe to increase user productivity and reduce compliance and security risks associated with human behavior.
Meanwhile, the increased mobile work options and adoption of BYOD are increasing security risks. As a result, we are seeing greater interest in deploying endpoint backup from large organizations, including well-known technology companies. These companies realize that increased workforce mobility heightens data loss risks, as more employees store their data locally on their endpoints. The old way of either ignoring endpoint backup or forcing users to write to a corporate network share is no longer valid.
This updated report has several major changes compared with last year's report. We have excluded one product that is no longer available and three products that almost never show up in Gartner end-user inquiries and lack development focus on endpoints from their vendors. Good Technology acquired Copiun in 4Q12 for its file sync and share function and discontinued the backup product. The other products that are excluded are CA Technologies' CA ARCserve, EMC Avamar and IBM Tivoli Storage Manager (TSM) FastBack for Workstations and TSM with Backup/Archive Client. These vendors and their respective products have a much stronger focus than on endpoint backup development. Again, we haven't included Symantec's Desktop and Laptop Option backup product, because Symantec hasn't been focusing on endpoint backup and doesn't have a future strategy.
We have modified some categories of critical capabilities based on new product developments and more logical groupings. For example, we combined last year's device diversity and content variety into one category: PC device/OS diversity. We changed heterogeneous restore to PC content restore/migration. Last year, support for mobile devices, such as tablets and smartphones, were blended with PCs; this year, we created mobile device support as a separate category. Another new category is back-end server/storage capabilities, which is useful information for organizations planning to implement endpoint backup on-premises.
Due to many changes in evaluation categories and what is included in each category, we advise against comparing this year's report with last year's report, as they will not be exact comparisons. Additionally, the market is changing as larger-scale deployments progress and vendors refine solutions.
The two use cases remain the same - mobile-workforce-centric versus office-workforce-centric - although weightings for each critical capability against each use case are changed due to new capabilities created in 2013.
Endpoint backup was not adopted widely because traditional products had a lot of performance issues, such as long backup windows and performance degradation during backup, as well as management limitations such as lack of silent deployment and self-restore functions. Some organizations tried and gave up on endpoint backup, while others worked around this problem by requiring users to write to network shares. However, the latter practice is typically not enforced, as many users store their data on their local drives, and road warriors, for example, don't have access to VPNs. With technology advancements, today's endpoint backup has become much more user-transparent1 and user-friendly, and can even increase user productivity with mobile access and sync capabilities. On the security side, some products have remote wipe and geographical tracking capabilities to reduce security risks.
Endpoint backup remains predominantly focused on PC backup for desktops and laptops. The need to backup mobile devices (tablets and smartphones) is limited to photos and documents. Mobile access (read and download, but not upload) to PC backup copies, however, has become widely available as a standard feature. Due to the sandboxed nature of many mobile OSs, version-based file sync has become a convenient way to offer mobile data protection.
During 2012, Druva was the only vendor to offer an endpoint backup product that had a companion file sync product for business organizations. In 2013, EMC (Mozy) added file sync capability based on its previous consumer product. Code 42 Software and CommVault introduced file sync capabilities in October 2013 with different implementations, and their product ratings reflect their upcoming capabilities.
When backup is file-sync-aware, files that have been synced to the server will no longer need to be transmitted over the Internet again, thus reducing network traffic. Moreover, file sync offered by backup vendors may provide the same source-side deduplication used in endpoint backup, further decreasing network traffic and increasing performance. We believe that, over time, enterprise endpoint backup will merge with access/file sync and data loss prevention (DLP) functions more seamlessly to form a total solution to prevent data loss and leak from endpoint devices, and to increase user productivity.
While all products evaluated in this report offer decent PC backup capabilities, key differentiations focus on performance-related metrics, mobile device support and more advanced capabilities, such as file sync, device/OS migration, e-discovery functions, and integration with DLP features, such as remote wipe and remote tracking. While a few products have proven records of large, scalable deployments, others need to improve their presence in large enterprises.
Of the seven products evaluated, five introduced new or refreshed GUIs since our last report. The new or refreshed GUIs have a more intuitive and more modern look than their older versions, and aim to make users' experiences and the administrator's job easier.
Product Class Definition
Enterprise endpoint backup refers to backup of endpoint devices, such as desktops, laptops, tablets and smartphones, which can access corporate content and create business content locally. There are numerous PC backup products in the market, especially for consumers and small businesses. The focus of this report is on the products that have proven ability to meet enterprise endpoint backup support and implementation requirements.
Critical Capabilities Definition
All endpoint backup products profiled here share some basic features and functions, such as centralized management, user transparency in terms of agent deployment and backup, backup of files and email archives, restore to a different device, support for scheduled backup and support for interrupted backup where backup jobs resume where they have stopped.
We concentrate on 11 critical capabilities that differentiate competing endpoint backup products:
- PC OS diversity: Degree of diversity in PC OS platforms and data supported
- PC content restore/migration: Ability to restore individual files to a different OS version or platform, as well as to migrate the entire PC content to a new device
- Mobile device support: The level of data protection support for mobile devices such as tablets and smartphones
- Scalability: Size of the deployment in the real world, as well as based on product design
- Data reduction techniques: Type of data reduction techniques used in the product, such as deduplication and compression, and how they are implemented
- Performance: Performance-boosting techniques from initial seeding options to recovery, as well as default backup intervals, and network and CPU throttling
- Security: Security features such as access control methods, encryption, remote wipe/remote tracking, and mobile containerization support
- User experience: Factors impacting both end-user and administrator experiences, such as user interfaces, self-restore capability, and monitoring/reporting tools
- Back-end server/storage capabilities: Capabilities to implement data integrity checks, HA for backup server and storage, and dynamic client load balancing
- Proven cloud presence: Degree of supporting the vendor's cloud or third-party cloud, including cloud adoption and data center presence
- E-discovery functions: Functions that allow easy e-discovery for compliance, such as full-text indexing and search, federated search, and support for legal hold
Since the use cases have to be supported by all products evaluated, we are rating the endpoint backup products for two use cases:
- Mobile-workforce-centric: Endpoint backup software needs to cater to the dynamic and unpredictable online/offline schedules of the mobile workforce, as well as the unsecure environment outside corporate firewalls. For this use case, heterogeneous OS backup/restore and migration, security-related capabilities and support for mobile devices such as tablets and smartphones and cloud have a higher weighting than the office-workforce-centric use case.
- Office-workforce-centric: Endpoint backup software caters to a workforce that is always online during predictable business hours. These kinds of employees are typically sitting within a company's firewall (office workers) or connected via a secure corporate VPN (telecommuters). For this type of workforce, scalability, user experiences, back-end server/storage capabilities and e-discovery functions carry higher weighting.
Table 1 looks at the weightings of all use cases in this research. Each use case weighs the capabilities individually based on the needs of that case, which impacts the score. Each vendor may have a different position based on its capability and the weighting for each one. The overall use case is the general scoring for the vendor's product, which is the average of the two different use cases.
The inclusion criteria for various endpoint backup products focus on enterprise support with proven field records and a central management console. This year, Gartner showed preference toward the products that focus on protecting endpoint data or have shown solid enhancements and road maps regarding endpoint backup/recovery.
The other detailed inclusion criteria have not changed:
- In addition to desktop backup, the product must support portable endpoint devices (at least laptops, with tablet and smartphone support as a plus).
- The product targets large-enterprise customers, as well as small or midsize businesses (SMBs), with basic enterprise capabilities, such as a centralized common management tool for multiple devices and the capability to support at least 1,000 endpoint devices.
- The product is developed and owned by the vendor. If the product is sourced from an OEM partner, it is not qualified for separate evaluation.
- The product must have an installed base of at least 100 business customers (with at least 100 employees per customer) or have at least 100,000 endpoint devices being managed.
- The vendor must provide at least three reference customers who are using the product's key features.
Critical Capabilities Rating
Each of the products that meets our inclusion criteria has been evaluated on the critical capabilities, on a scale of 1.0 to 5.0 (see the Critical Capabilities Methodology section for details about out methodology):
- 1 = Poor or absent: Most (or all) defined requirements for a capability are not achieved.
- 2 = Fair: Some requirements are not achieved.
- 3 = Good: Meets requirements.
- 4 = Excellent: Meets and exceeds some requirements.
- 5 = Outstanding: exceeds requirements ("best in class").
The baselines for each of the capabilities are:
- PC OS diversity: Products that meet requirements can backup the latest versions of Windows and Mac OSs. Products that have support for open-file backup across multiple OS platforms and additional data type backup receive higher ratings.
- PC content restore/migration: Products that can restore files and email archive files, such as personal storage table (PST) files, meet the basic requirement. Those that can restore local settings and do bare metal restore for device migration, as well as those that can restore to a different OS while maintaining existing structure, receive higher ratings.
- Mobile device support: Mobile access to backup data and mobile apps are basic requirements. Products that can backup select mobile content, auto prevent backup over 3G/4G networks, and/or support file sync among mobile and PC devices receive higher ratings.
- Scalability: Products should support at least 1,000 endpoints per server and have no practical limit on file size and count. Those that have many proven records of large customers or scalable architecture designs receive higher ratings.
- Data reduction techniques: Products that meet requirements support block-level incremental and source-side deduplication and compression. Those that offer target-side global deduplication and offer more efficient deduplication algorithms receive higher ratings.
- Performance: Products that meet basic requirements support online initial full backup, more frequent than daily backup, and backup to local disk, as well as network and CPU throttling. Those that offer additional performance-boosting techniques, such as near CDP by default or local cache, receive higher ratings.
- Security: Products that meet requirements support Active Directory (AD), encryption for data in flight and at rest, and VPN-less backup over the Internet. Those that have more robust implementation techniques and more security features, such as special encryption techniques, remote wipe and remote tracking, receive higher ratings.
- User experience: For end users, products should at least offer silent deployment and backup, simple GUI for self-service restore, and a mobile app. For administrators, products that meet requirements support solid AD integration, useful dashboard, a good monitoring/reporting tool and offline restore support. Those that support a more intuitive GUI and real-time monitoring/reporting receive higher scores.
- Proven cloud presence: Products that mainly are delivered via cloud services with key customers are rated higher than those that are deployed mostly on-premises. Among cloud service providers, their number of global data centers is factored into their rating as well.
- E-discovery functions: Products that meet requirements offer flexible retention policies. Those that offer embedded full-text indexing and search, federated search, and legal hold receive higher ratings than those that require a stand-alone product.
Table 2 shows the numeric ratings for each endpoint backup product.
To determine an overall score for each product in the use cases, the ratings in Table 2 are multiplied by the weightings shown in Table 1. These scores are shown in Table 3, which also provides our assessment of the viability of each product. Figure 1 shows the product ratings for the seven products in this report.
Source: Gartner (October 2013)
Each product is rated on a 5-point scale from poor to outstanding for each of these four areas (strategy, support, execution and investment), and is then assigned an overall product viability rating (see Table 3).
The weighted capabilities scores for all use cases are displayed as components of the overall score (see Figure 2, Figure 3 and Figure 4).
Source: Gartner (October 2013)
Source: Gartner (October 2013)
Source: Gartner (October 2013)
Asigra, a private company based in Toronto, Canada, is known in the industry for its server and endpoint backup and recovery solutions designed for MSPs, although a few companies also use its product as an on-premises implementation. The endpoint support of its cloud Backup stands out in its iOS and Android backup capabilities, in addition to mobile access to both PC and file server backup. Its mobile apps have native look and feel. The product supports source-side deduplication, as well as target-side global deduplication. In 2013, Asigra introduced a Windows RT/Metro style GUI for administrators. However, Asigra's customer references only have small deployments. Asigra's cloud Backup does not have other advanced features, such as integrated file sync, remote wipe and e-discovery capabilities. A few examples of Asigra management service provider (MSP) partners that offer endpoint backup services include storage in New York City, Phoenix IT Services in the U.K., and Matrix in Germany.
Code 42 Software (Code 42) is headquartered in Minneapolis, MN. Founded in 2001, the company has raised more than $55 million in private equity. In addition to its consumer and small business offerings, it has an enterprise offering called CrashPlan PROe, with its largest customer supporting 160,000 devices. Code 42 has gained many large customers, including two leading mobile OS vendors, most of which deployed CrashPlan on their own premises. Code 42 has six global data centers (two in the U.S., one in Europe and three in AsiaPac and Japan), which store backup data of nearly 1 million endpoint devices, many of them from consumers or small businesses. Many customers use its default 15-minute backup intervals with little performance issues. In addition to its capability of mobile access to backup, Code 42 recently introduced a file sync and share product called SharePlan, which is integrated with backup with a single data transfer and a single management console. CrashPlan has an intuitive interface. However, unlike many competitive products, CrashPlan doesn't backup system and application settings and can't be used for PC migration or upgrades. It supports very granular source-side deduplication, but doesn't support global deduplication at the target side. Other advanced features beyond backup, such as remote wipe and full-text search, are not supported.
CommVault is best known for its Simpana enterprise server backup suite. A small percentage of its customers use Simpana Edge today, with the largest customer protecting over 28,000 laptops. Unlike many leading enterprise server backup vendors that treat endpoint backup as an afterthought, CommVault shows strong commitment to its endpoint data protection development beyond basic backup, including client access, file sync and e-discovery (additional cost) from a single data repository. CommVault's newly launched capability of mobile uploads allows documents and photos created on a mobile device to be uploaded to a PC and then to be backed up by the PC agent. Edge's Web console and mobile app can access/download backup data from Simpana Content Store (which is positioned as a personal data cloud), and the backup data could be from a PC, a file server or an Exchange server. Since our 2012 report, Simpana v.10 added enhancements to Edge, including new GUIs, workflow management and integration with Windows Explorer for user self-restore without having to open the Web console. It also supports a file modification option to enable backups to occur in a near continuous mode and when there is changed data. The new GUI has a useful preview feature before restore. On the down side, some customers commented that CommVault's Edge may require more scripting to manage endpoint backup and that some VPN remote users have performance issues. CommVault's cloud presence is relatively low, compared with competitors, as it is typically installed as an on-premises solution.
Datacastle is a private software company headquartered in Seattle, WA. It has raised $16 million of its funding since 2008. Datacastle Red (the company's endpoint backup offering) is sold primarily to user organizations through cloud services. Its largest service provider partner supports hundreds of thousands of devices in a single vault. It has been certified by Microsoft Azure and IBM SmartCloud, and Microsoft's Enterprise Partner Group is actively selling Datacastle Red as part of its Azure solution promotions. Among the assessed products, Datacastle Red has some strong capabilities: Patented ability to encrypt data blocks before they are deduplicated; QuickCache, a centrally managed, encrypted local cache on a Windows Storage Server for fast LAN backup and restore/migration; RoamSmart, a function that can autodetect 3G/4G networks even for PCs tethered to a smartphone; and global deduplication, which could be applied across companies/tenants in the same vault with each company owning a different encryption key for the same data block. Many of these features are appealing to cloud service providers. It supports near CDP, with many customers using the recommended 15-minute intervals, and has solid remote wipe and tracking capabilities. However, it lacks support for mobile devices, as it doesn't have a mobile app and doesn't offer file sync. The Datacastle Red interface looks somewhat outdated compared with competitors' offerings, and its e-discovery/legal hold capabilities are weak.
Druva is a private software company located in Sunnyvale, CA. It launched inSync in 2010. It raised $30 million venture capital funding in October 2013 for a total of $47 million. Its largest customer has deployed more than 30,000 devices. Druva has increased its brand awareness among enterprises by leading the movement toward an integrated endpoint data protection and management solution. It was the first vendor to offer a unified platform for integrated endpoint backup, sync and share, mobile support and DLP. Its product is one of only two products among those profiled in this report that support backup of select iOS and Android local content. Druva's backup is file sync aware, so data doesn't need to be sent out twice from the client, and storage quotas can be shared for backup and sync. Its DLP features, such as remote wipe and GPS tracking, and its analytics functions are now part of the standard offering. Druva's inSync client-side cache and server-side cache reduce disk input/output (I/O) and enables many parallel backup jobs. On the cloud front, the product is available as a service running in the Amazon cloud with single pricing for customers. In the past year, it added support for five additional Amazon international data centers. Druva doesn't support near CDP, and the default setting for backup schedule is every two hours. Although it supports object storage, such as Amazon S3, EMC Atmos and OpenStack Swift, and added dual backup destination support for HA in 2013, it relies on back-end storage's native capabilities to do automated load balancing.
After the 2007 acquisition by EMC, Mozy experienced some uncertainties associated with internal organizational changes between EMC and VMware. Since becoming part of EMC's Backup Recovery Systems Division, which oversees the rest of the EMC data protection products, Mozy has begun refocusing on its product development. In the past year, Mozy added pooled storage quota and caught up in the areas of AD support with federated ID and single sign-on capabilities and resuming backup where it's left off (instead of starting from the beginning). Its mobile apps for iOS and Android can now upload photos to the cloud for backup via its enhanced Personal Sync function. It increased the standard 30-day retention period to 90 days. However, it still lacks important features such as CDP/near CDP scheduling and block-level deduplication and compression, as well as advanced functions such as remote wipe and e-discovery. Although Mozy offers cloud services, its global presence is limited and doesn't offer cross-geographical storage redundancy.
HP Autonomy Connected PC backup has been around for many years, and has established good enterprise presence with its Iron Mountain legacy. Iron Mountain sold this business in May 2011 to Autonomy, which was bought by HP in 4Q11. Today, Iron Mountain still offers this service as an HP reseller. However, the two ownership changes in a short period, followed by HP's internal changes, slowed down product development. As a result, the Connected product has lagged behind competition in many areas, notably the lack of CDP/near CDP, block-level deduplication, no CPU or disk I/O throttling, file size limitation, and mobile device backup capabilities. HP doesn't have advanced feature functions such as file sync and remote wipe. On the positive side, the product has proven its scalability with large deployments (HP itself is a customer backing up 250,000 devices to the Connected cloud). It offers full-text index/search and federated search through its integration with Autonomy's Intelligent Data Operating Layer, a common information platform for structured and unstructured information that provides conceptual understanding of information. Connected is also one of the data sources for Autonomy Legal Hold. In 2013, HP added federated ID support, introduced a migration mode where a user could download the newest content first to a new device for access, reducing downtime during migration. It also refreshed its GUI and updated its mobile access app for Android to support more Android OS versions.