Analysis A conversation with Barracuda CEO BJ Jenkins revealed a company whose customers are heading steadily towards the cloud – where the full stack approaches of Dell, HPE and others can’t hold sway – and where Barracuda, natch, thinks it can grow and grow.
As a reminder, the company reported revenues of around $90m in its latest quarter with $1.8m profits, and quarterly revenues have been steadily growing year-on-year, but not dramatically. But then that’s partly the nature of the subscription biz.
BJ said email security was growing for Barracuda, with ransomware alerts constantly raising the appreciation of how necessary it is. The move to the public cloud is accelerating: “Over the past three quarters it has been faster than we thought it would be.” Over 1,000 customers use Barracuda’s cloud offerings. The more on-premises IT a Barracuda customer has, the more likely they are to use backup appliances.
Its customers are mid-market ones; that’s where its focus is, although it has some 50 Global 100 customers, running via the public cloud.
The competitors Barracuda says it sees the most are Veritas/Symantec, Dell EMC and Veeam, the latter of which Barracuda says it is seeing much more frequently. The firm says it doesn’t see Acronis much but it may well see Commvault in larger deals, and Barracuda wants to play more in the larger deal market.
In email security, it meets Mimecast and ProofPoint while it encounters Fortinet and CheckPoint in network security.
According to Jenkins, the big IT vendors are going full stack, with hyperconverged and converged systems aspects of that. Such full-stack approaches make life difficult for independents, like Barracuda, until the customer starts a move to the public cloud, and that tends to kill full stack customer control.
Jenkins said, appropos of the cloud: “Amazon and Microsoft will bring us in. Their customer wants to move to the public cloud but doesn’t know how to service it. We do. The long-term future for us is the public cloud and virtual services rather than physical ones.”
He says the big incumbents have a sales rep and sales infrastructure culture centred on big deal commissions. Subscription-based deals, typical with the cloud, are alien to that and traditional sales reps shy away from them. He says: “Our public cloud customers all had on-premises systems, and then they moved. … We don’t have any reps fighting against it. We want customers to move to the public cloud.”
And such moves tend to be a one-way street. “It’s a ball running downhill,” with very few coming back.
The move to the public cloud takes time and hybrid-on-premises/public cloud IT results. Barracuda itself exemplifies this. Eighteen months or so ago it had one SaaS app; now it has 10: “We’re moving to Office 365. We’re running things in AWS and Azure.”
There are very few customers all-in with the public cloud, Jenkins citing “Silicon Valley startups with no legacy IT. Most companies will have IT all over the place.”
All of this seems eminently reasonable, and it got us thinking about the nature of the backup and data protection market.
The El Reg storage desk is struck by how stable the data protection market is. Apart from Veeam, there has been no sustained dramatic growth by anyone, and there seem to be myriad suppliers; actually we pay attention to more than 20. There are few pure-play backup providers, with many offering security features, archiving, file sharing, business continuity, disaster recovery and analytics to their backup and recovery offerings.
There are ones focussed on VMware, others having a different hypervisor focus or a multiple hypervisor coverage. There are ones providing hardware, such as purpose-built backup appliances, media servers, and backup software; some using snapshots, some not; some using agents, some not. It’s a tremendously complicated product and service offering area and DIY product/supplier comparisons can result in massive spreadsheets.
Looking for external help we’ve seen DCIG has a 42-page hybrid backup appliances document describing some purpose-built backup appliance offerings, and also tracks SME integrated backup appliances and general integrated backup appliances. Gartner has an MQ looking at data centre backup and recovery. IDC tracks the purpose-built backup appliance (PBBA) market.
Why is it so complicated and why haven’t two or three massive suppliers grown to dominate the market – as is the case with servers, processors and cloud computing?
It seems to us that the market is intrinsically niche, with huge amounts of scope for specialised data product offerings in specific niches to be better than general purpose offerings. Customising products for files, or for VMware, KVM, Hyper-V, and for protecting on-premises IT infrastructure and public cloud IT, for focusing on business continuity or providing backup as part of a secondary data silo convergence story mean that it is very hard for a single supplier to grow and take share.
A contact said that, when choosing and comparing vendors: “You also need to factor in $/TB, on-premise, cloud, appliance, ease of use, on-going maintenance. Backup, Archiving, Compliance.” And more no doubt.
Data protection products are sticky, some very much so. A Datto contact said: “Long-term-retention/archive is as sticky as welded steel.” Well, yes, you could see how that works.
The bigger incumbents tend to offer full-stack combinations. Here’s an HPE contact supporting Jenkins' view on this happening: “What we are starting to see is customers deploying a vertically oriented stack which combines primary all flash storage with an integrated data protection approach for secondary storage. This is what we offer our customers with 3PAR and StoreOnce. This stack provides app consistent snaps, replication, backup and long term archival to cloud. Essentially copy data managed through the primary storage interface.”
The smaller players do not always – although they can – provide integrated backup, archive, analytics, secondary data sprawl reduction and so forth – think of Commvault, Actifio and Cohesity as examples.
We can loosely group data protection vendors into three cohorts, which also represent their market size, generally speaking:
Cohort 1 - The backup/DP big beasts - Veritas, Dell-EMC (Networker DataDomain/Avamar, etc), Veeam, IBM Spectrum Protect (TSM) and Commvault - call them the enterprise incumbents.
Cohort 2 - HP, Quantum, Barracuda, Exagrid, Carbonite, Acronis - the enterprise independent and mid-market players.
Cohort 3 - Actifio, ArcServe, Asigra, Backblaze, Code 42, Cohesity, Datto, Druva, Mozy, Nexsan (Assureon), Rubrik, Spanning, StorageCraft, Stormagic, Unitrends, Zetta - think of them as the strivers.
This is not meant to be an exhaustive list, and almost certainly isn’t, and it's also rough and ready.
The surprising thing is that we can envisage all these vendors growing, because their customers almost always get new applications and are subject to new threats as they develop and evolve their IT infrastructure. As long as each vendor looks after its customers and develops its offering as its customers’ needs develop, then they have a stable and growing business.
The data protection vendor landscape is not likely to get simplified or show dramatic changes in vendor size and importance. It was Veeam’s genius to discern that VMware was going to be big, and capitalise on that with its product set. Gaining 4,000 customers a month is something other players would die for.
But they aren’t likely to be in that position, nor are they likely to fade away, like Seagate’s now-offloaded EVault unit, unless impractical business plan meets unimpressed customers. Carbonite picked it up and is doing nicely, by the way.
And that’s the thing: data protection is a nice, stable market to do business in, boring even. Few suppliers fail. Virtually every one can prosper and grow. Which brings us back to Barracuda, which will likely just keep swimming... ®