Data Resiliency Solutions, 3Q17 – Forrester Wave

Commvault and Veritas leaders, in front of IBM, Actifio and Veeam
This is a Press Release edited by on 2017.10.13

AddThis Social Bookmark Button

This report was published on September 21, 2017 by Naveen Chhabra with Glenn O'Donnell, Cheryl McKinnon, Josh Zelonis, William McKeon-White and Bill Nagel, analysts at Forrester Research, Inc.

The Forrester Wave: Data Resiliency Solutions, Q3 2017
Vendors Have Immense Technology Innovation Potential To Help Optimize Operations For Enterprise Clients

Why Read This Report
In our 39-criteria evaluation of data resiliency solution providers, we identified the seven most significant vendors - Actifio, Commvault, Dell EMC, Hewlett Packard Enterprise (HPE, now Micro Focus), IBM, Veeam Software, and Veritas Technologies - and researched, analyzed, and scored them. This report shows how each provider measures up and helps infrastructure and operations (I&O) professionals make the right choice.

Key Takeaways
Commvault And Veritas Lead The Pack
Forrester's research uncovered a market in which Commvault and Veritas Technologies lead the pack. IBM, Actifio, HPE (now Micro Focus), and Veeam Software offer competitive options. Dell EMC lags behind.
I&O Pros Are Looking For Virtualization-Aware Backup, Cloud, And Consolidation
The market for data resiliency solutions is growing because more I&O pros see data resiliency tools as a way to address their top challenges. This market growth is largely due to the fact that I&O pros increasingly trust data resiliency solution vendors to act as strategic partners, advising them on top decisions.
Analytics-Driven Guidance And Cyberattack Prevention Are Key Differentiators
I&O pros and their security and risk (S&R) colleagues increasingly depend on data resiliency solutions. Vendors that provide analytics-driven recommendations, global data views, an information asset dashboard, and data restoration during cyberattacks will position themselves to help customers achieve their SLA commitments and ensure business continuity in moments of crisis.

Data resiliency solutions go beyond data protection and recovery
The fast-paced world of digital business has technology and business leaders scrambling to become competent in areas like cloud computing, development and operations (DevOps), and Agile software development that are essential to the rapid delivery of appealing applications - a prime pursuit in the age of the customer. But the crown jewel of any business is data; lost or corrupted data causes the customer experience to suffer enormously and can balloon into business liabilities. (see endnote 1) Data backup and recovery systems have been a staple of business continuity and disaster recovery since the dawn of the data center; I&O pros at leading enterprises take great care to ensure data resiliency. Today, they use practices and technologies that have evolved far beyond old-school backup to become the tech infrastructure underlying many use cases. (see endnote 2)

These new data resiliency tools help:
Dev-test teams ensure accurate environments. Application development and testing teams rely on real data to perform different kinds of tests at various stages of application development. They rely on quick and immediate access to data - in as close to real time as possible - to build applications that serve customers. For example, a major financial institution that faced unrecoverable loss of testing and development data running on virtual machines can use backup and recovery tools to rebuild the testing data set. (see endnote 3)
Business reporting and analytics teams process data in real time. Historically, business analytics and reporting functions used relatively cold data sets. But today's businesses aim to offer insights in (near) real time, so they expect I&O pros to deliver copies of production data with much shorter turnaround times.
Legal and compliance teams protect the business with immediate insights. Businesses need the ability to discover data in an archived data set at any time. Legal and compliance teams have a critical need to recover data quickly from heaps of protected and archival data in order to respond to law firms in a timely manner. Along with speed, I&O pros are also responsible for bringing over relevant data extracts that serve business interests.
Security and risk teams safeguard customers and other stakeholders. As the intensity, frequency, and impact of security incidents increase, S&R pros depend on data resiliency tools to help them recover lost data. (see endnote 4) The paramount need is to recover data from an infection-free data set while minimizing the impact on the RPO. In ransomware attacks, having a clean, uninfected version of the backup is the only weapon I&O and S&R pros have to recover their data without paying the attacker. (see endnote 5)

Multidisciplinary Resiliency Innovation Empowers I&O Pros To Be Productive
Data resiliency solutions have long been part of the back-end technology operations domain, and as such have remained devoid of great innovation. But cloud, the internet of things, and the explosion in data volumes now give vendors great opportunities to drive thought leadership, innovation, and differentiation in a crowded market. To serve new use cases, look for innovation that can help you deliver faster and better. Today's data resiliency technology is highly automated, requires little or no administrative intervention, and protects everything in real time.

Several developments are transforming the market for data resiliency solutions:
Enhanced reporting is evolving to root-cause analysis. Reporting should not be limited to presenting operational SLAs, capacity planning, and historical reporting of what happened and when. A 99% backup success rate may seem excellent, but the last 1% is critical - a fact that engineers realize only when they can't recover it. Worse, they rarely have enough time to investigate, diagnose, and resolve the problem. For I&O pros to be able to resolve an issue as it happens, they need to know why it's happening - root-cause analysis (RCA) - and how to remediate it. Event logs alone are insufficient given today's need for speed.
Analytics-driven recommendations guide actions and eventually automate them. All data resiliency tools retain historical and performance data that companies rarely use. But firms can put this data to good use by applying analytics to make recommendations, such as how to configure a policy so I&O can achieve its RPO and - RTO for a given workload in a given data center. Recommendations based on historical data can guide whether operational SLAs will improve by storing data in the public cloud — and if so, in which one. Will it save or cost money? I&O should first perform a RCA to find out whether SLAs were historically achieved; if not, why not; and how to achieve them. More and more, analytics is the secret to operational excellence.
Tools ensure continued business operations, even when a firm is under attack. During security events such as ransomware attacks, data resiliency tools can only help recover data via trial and error - a probabilistic, not deterministic, approach. Today, no vendor solution - alone or in tandem with a security tool — can tell for sure whether a particular point-in-time snapshot or backup instance is infection-free. But better integration with data protection and security tools will soon enable quicker, more reliable recovery.
Unified management of data sources will simplify operations - but not yet. No single solution today addresses the gamut of data sources, so I&O pros must implement multiple tools in a data center. (see endnote 6) They will find value in moving toward unified management of all data sources — within data centers, public cloud infrastructure-as-a-service, or public cloud software-as-a-service (SaaS). This demand will drive vendors to unify management by 2019.

Data resiliency solution evaluation overview
To assess the state of the data resiliency solutions market and see how vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top data resiliency vendors. After examining past research, client inquiries, user needs assessments, and vendor and expert interviews, we developed a comprehensive set of evaluation criteria.

We evaluated vendors on 39 criteria, which we grouped into three high-level buckets:
Current offering. We assessed each provider's current offering using seven criteria groups. Platform support includes operating systems, databases, and applications and support of the public cloud as both a source and a storage target. Backup options include features to optimize and secure the backup environment. Manageability includes policy management, dashboards, and reporting. Continuity is the ability to help businesses continue to operate in the face of ransomware or malware attacks. The remaining criteria capture capabilities such as the initial setup time for a vendor's solution to become operational; restoration and recovery; and scalability.
Strategy. We assessed each vendor's strategic positioning using two evaluation groups. Product strategy includes value proposition and vision, planned service enhancements, and support. Corporate strategy includes R&D resources, R&D spending, licensing options, maintenance and operating costs for enterprises, and average revenue.
Market presence. Our assessment of each vendor's market presence included eight factors: its installed base and how many customers it acquired in the past 12 months, data resiliency solution revenue, revenue growth over the past three years, geographic presence, customer feedback, technology vendor partnerships, go-to-market partnerships, and professional services and consulting. Revenue and growth rates are Forrester estimates unless the vendor publicly reports revenue derived solely from the data resiliency solutions evaluated.

Evaluated vendors and inclusion criteria
Forrester included seven vendors in the assessment: Actifio, Commvault, Dell EMC, HPE (now Micro Focus), IBM, Veeam Software, and Veritas Technologies. Each of these vendors has (see Figure 1):
A software offering for data resiliency. The solution is available as standalone software and does not necessarily depend on an appliance to deliver backup functionality. The vendor does not depend solely on its (storage) cloud as a target.
Support for heterogeneous platforms. The product supports backups of all major versions of Windows; major versions of Linux like Red Hat Enterprise Linux, SUSE, and Ubuntu; Unix versions like HP UX, AIX, and Solaris; and VMware or Hyper-V.
Support for backing up enterprise applications to multiple storage targets. The solution supports the backup of data from enterprise business applications. It natively supports writing to disk and/or tape targets and optionally supports writing to a hyperscale public cloud storage target.
Software available with a perpetual license. The solution is available for purchase on a perpetual license and is deployable on-premises, not delivered as a service by MSPs.
Many clients with petabyte-scale data sets under protection. The vendor must have more than 100 current customers with more than 1PB each of backup data under management and at least one customer with more than 10PB of backup data under management. It must also have provided 10 active references for which it protects at least 1PB on heterogeneous platforms and data sources.
Significant revenue from data resiliency solutions. The vendor has garnered more than $30 million per year in revenues from its data resiliency solutions in the past two years.
Presence in at least two geographic regions. The vendor markets its data resiliency solution in at least two of the three regions of the Americas, Europe, and AsiaPac.

Figure 1: Evaluated Vendors: Vendor Information And Selection Criteria

Vendor inclusion criteria

Vendor profiles
This evaluation of the data resiliency solutions market is intended to be a starting point only. We encourage clients to view detailed product evaluations and adapt criteria weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison tool (see Figure 2).

Figure 2: Forrester Wave: Data Resiliency Solutions, 3Q17



  • With the most comprehensive support for technologies that enterprises deploy - applications, databases, operating systems, public cloud, containers, big data platforms, and storage infrastructure - Commvault also offers archive management and eDiscovery capabilities. It can move data between tiers - from on-premises to hyperscale public cloud and within the cloud - depending on enterprise policy and offers easy scalability both within and outside of the data center. Customers have had issues implementing and managing Commvault's complex solution environment, but recent version updates include changes that make the user interface more intuitive - one that I&O pros find easy to use. The vendor offers copy data management that can help in a DevOps initiative. Documentation is well-structured and clearly articulated.
  • Commvault can improve its offering by building an engine that will help admins set up the environment and create policies to help achieve SLAs and service-level objectives (SLOs). In all deployments, the tool has a lot of historical operational data that can be used to perform analyses and offer recommendations. Current and potential customers will be more receptive to the solution if Commvault clearly communicates the solution's capabilities and the value it delivers. The solution will better serve clients if it can detect ransomware or malware early and issue alerts or warnings.

Veritas Technologies

  • Veritas NetBackup is the core of Veritas 360 Data Management, a unified data protection solution that has broad capabilities across heterogeneous workloads and can be managed from a single console. While outside of the scope of this evaluation, Veritas' integrated appliances offer a flexible deployment model that delivers enterprise-class scale. Since going private in 2016, Veritas has accelerated solution development; it focuses on macro trends affecting the data resiliency market and has a well-rounded strategy for the 360 Data Management platform to serve enterprise data resiliency requirements. Veritas Information Map helps firms create a single global view of important metrics like data center locations, storage capacity, protected data types, existing capacity, utilization levels, data ownership, data age, and cost to help customers that want to optimize their tech spending. Execs can stay at the dashboard level while ops teams drill down into the same information.
  • NetBackup can get better by adding capabilities like SLA fulfillment reporting, a dashboard for app-dev stakeholders, and an integrated eDiscovery capability, which is becoming more important. A predictive analytics and recommendation engine for backup operations will add significant value. While Veritas has a well-rounded cloud strategy that supports using cloud as a storage tier, it needs to execute the rest of the cloud strategy: protecting cloud-native workloads and SaaS data. It also needs to improve the user experience, as it still has the same thick client user interface that admins have used for more than a decade.

Strong Performers


  • IBM offers Spectrum Protect as a software-only data resiliency solution; partners build appliance-based solutions on top of it. Spectrum Protect, one of the base tools in a solution that has separate modules for virtualization, copy data management, archive management, and analytics and reporting, has many large enterprise deployments to its credit. IBM has invested significantly in making its solution more usable by improving the interface to enable easy, intuitive operational management; the well-designed dashboard highlights some operational metrics. Spectrum Protect is integrated into VMware ESX; its tasks appear as options in the VMware admin console, enabling admins to seamlessly perform backups from the VMware interface. IBM has strong strategic plans to improve its competitiveness.
  • IBM will improve Spectrum Protect by supporting cloud-native workloads, policy-based data movement within cloud storage tiers, and SaaS apps. While IBM offers Catalogic's copy data management solution to augment its portfolio, it has yet to integrate the two. Customer references indicate that IBM needs to accelerate innovation and improve its support services. The solution can improve by using historical operations data to drive insights and offer recommendations on what changes to make to achieve planned or desired SLAs.


  • Positioned as an enterprise data-as-a-service software vendor with a fundamentally different way to back up and instantly recover data, Actifio uses a block-level incremental-forever method to deliver point-in-time 'virtual full' synthesis for instant access. The vendor pioneered copy data management, accelerating testing for DevOps and improving backup and recovery SLAs. Actifio stores backups in native format to ensure speedier recovery and instantly mounts backup images from physical or virtual systems, either on-premises or in the cloud. Customers can bring a complete file system or database service on line in a few minutes and use it for data integrity checks or to run data and metadata validity tests. Actifio enables admins to apply SLAs in a global manager with a single pane of glass for the enterprise in one or more data centers and the cloud. It can keep data in on-premises or cloud object storage in such a way that I&O pros can access data instantly from a point-in-time backup a few hours or a few years old.
  • Actifio can improve its solution for enterprises by introducing storage snapshot support and policy-based data location in the public cloud to help reduce storage costs. It will also be more attractive if it adds a dashboard to present operational metrics like RPO achievement for protected assets.

HPE (now Micro Focus)

  • HPE Data Protector, one of the market's longest-tenured data protection software solutions, is now available from Micro Focus as the Adaptive Backup and Recovery (ABR) Suite, which adds Backup Navigator, Storage Optimizer, and VM Explorer to Data Protector. (see endnote 7) Some of the largest global organizations use scalable Data Protector for their data protection needs; it manages one of the world's largest tape library deployments and has one of the most expansive support matrices. ABR Suite offers a good collection of predefined reports, but lacks an operational dashboard for SLA fulfillment. It recently updated the UI, which is a work in progress; planned updates will improve usability. Through Backup Navigator, a companion product, ABR Suite offers a great capability to perform RCA that Micro Focus will refine as it is tested across customer deployments and use cases.
  • Micro Focus must integrate new products and technologies and make operational improvements; HPE lagged in that aspect of innovation. It needs to protect cloud-native workloads, data movement across public cloud storage tiers, and SaaS deployments. Micro Focus will be well placed if it can mine available operations data to drive predictive analytics, as customers need proactive guidance for the complex environments they manage. The vendor should build capabilities to serve enterprises during outages due to cyberattacks. Surprisingly, the solution road map does not address these major customer adoption trends.

Veeam Software

  • Veeam focuses on delivering availability, not just backup. Clients told us that it is a simple, easy-to-manage solution that works as promised. While Veeam manages virtual environments seamlessly, it has broken away from its image as a virtualization-only vendor and can now protect Windows- and Linux-based physical servers. Up to now, Veeam has mostly served small and medium-size businesses with a small proportion of enterprise clients, primarily through channel or service provider partners; large enterprises also use it, but only to protect virtual infrastructure. Veeam is the only data resiliency vendor with an audacious goal to achieve $1.5 billion in revenue by 2020. Recently announced partnerships with Cisco, Microsoft, HPE, and VMware show its commitment to addressing enterprise requirements. Veeam has extensive reporting capabilities and supports a broad range of storage vendors.
  • Veeam needs to invest more in R&D in strategic areas such as support of hyperscale public cloud and enterprise infrastructure and applications, strengthen its go-to-market strategy and channel partnerships, and build a policy management and enforcement engine. Currently, policy enforcement is in the form of backup tasks that admins create and manage manually. Veeam needs to build a predictive data resiliency model to strengthen its futuristic policy management framework. Today, it neither supports Unix environments nor protects public cloud-native workloads aside from MSP cloud deployments. To serve enterprise clients, Veeam will need operational dashboards to drive quick value for operational teams and to build capabilities to serve enterprises during outages due to security incidents.


Dell EMC

  • Dell EMC has the power of portfolio and integrates it nicely to achieve business outcomes that can confer great advantage, although it comes with some degree of lock-in. We evaluated NetWorker and other Data Protection Suite software assets, like CloudBoost, Data Protection Advisor, ProtectPoint, and RecoverPoint for VMs; we did not consider Avamar or Data Domain. Dell EMC's solution offers broad infrastructure support and greater scale in enterprise deployments. It added "protection compliance," a capability that serves clients needing a dashboard with a quick compliance view of how protected infrastructure is performing against SLOs. Dell EMC also offers the ability to build an 'isolated recovery solution' that creates an air gap between production data and its related protection storage.
  • The Data Protection Suite has a few shortcomings. It mandates that customers use a full Dell EMC stack; for example, NetWorker depends on Data Domain for deduplication. Dell EMC offers no single pane of glass for all Data Protection Suite components, exacerbating the challenge in enterprise environments by forcing engineers to deal with multiple operational consoles. Protection Compliance, a SaaS offering, requires on-premises NetWorker, Data Domain, and Avamar to upload operational metrics to create protection compliance reports. Customer references said that Dell EMC needs to improve its implementation services. One challenge is to develop an integrated solution approach while retaining modularity.

1 Equifax is facing a lawsuit over its recent data breach. Source: Julia Horowitz, Massachusetts will hit Equifax with first state lawsuit over data breach, CNN Money, September 13, 2017
2 Forrester defines data resiliency as the ability of data storage and retention technologies to absorb the impact of any unexpected occurrence without data loss and with minimal perceived impact by customers. See the Forrester report Brief: New Data Resiliency Approaches Render Backup Obsolete
3 Fujitsu Australia's data center lost bank data in an outage. Source: Sam Clark, Fujitsu Australia data centre suffers outage, loses bank data, The Stack, August 21, 2017
4 Forrester predicts that attacks will intensify in the future. See the Forrester report Predictions 2017: Cybersecurity Risks Intensify
5 Forrester recommends that S&R pros work with I&O to build, develop, and continuously test backups. See the Forrester report Ransomware Protection: Five Best Practices
6 Today, I&O pros struggle with multiple tools because no one tool vendor offers enterprise wide coverage and support. See the Forrester report Vendor Landscape: Data Resiliency Solutions, Q3 2016
7 HPE is accelerating its strategy by spinning off software assets and merging them with Micro Focus. Source: "HPE Accelerates Strategy With Spin-Off and Merger of Software Assets With Micro Focus," HPE press release, September 7, 2016