BackupLABS aims to protect niche SaaS apps

UK startup BackupLABS intends to protect everyday SaaS apps and not just the big providers.

Users of SaaS applications like Salesforce and ServiceNow need to backup and protect their own data as the provider only looks after its own infrastructure. Data protectors such as OwnBackup, Commvault (Metallic), Druva and others offer data protection for Salesforce, ServiceNow, Microsoft 365 and Dynamics, but there are dozens of other SaaS applications in use with unprotected customer data.

Rob Stevenson, BackupLABS
Rob Stevenson

CEO Rob Stevenson says he founded BackupLABS to fill this gap: “I started BackupLABS after becoming frustrated around 2018 when I saw that only a few companies were offering 365 backup – and doing it badly. I didn’t have the knowledge or experience back then to develop a 365 backup platform and it’s annoyed me ever since. The problems back then (MS not backing up 365) are now apparent in all these newer SaaS apps that many organizations use so I started BackupLABS.”

He added: “I also became frustrated that I was only offering out backup services to UK-based SMEs when there is a big worldwide market out there. I didn’t want to miss the boat again basically.”

BackupLABS is now out of stealth and says it offers a simple, always-on facility to protect business-stored data on SaaS platforms against accidental user deletion, nefarious users, unauthorized access and platform errors. At launch it is providing integrations for Trello, GitHub and GitLab. Protection for Notion, Jira, Asana and more will follow soon, we’re told.

The service, according to BackupLABS, provides:

  • Automatic daily backups stored within AWS
  • Setup complete within minutes
  • Rapid restores with granular recovery
  • Compliance with ISO 27001, SOC2 certification and cyber insurance requirements
  • 256-bit AES encryption
  • Backup audit log record
  • Zero Knowledge policy – employees have no access to data
  • Data protection regulation compliance with HIPAA, GDPR, UK Cyber Essentials Plus

Stevenson is also a director at BackupVault, which specializes in protecting SMEs in the UK and uses one of three third-party backup tools (Redstor, N-able and Veeam). “I have been running BackupVault since 2004 and know the cloud backup industry very well. But since 2017 I have ramped up BackupVault having sold an IT support business I used to own. So now I run BackupVault and BackupLABS.”

A third reason for starting up BackupLABS was that “many of our current BackupVault customers were asking us to do so. The most common one was: ‘We use Trello and lost data before, can you back that up?’ Also, we backup quite a few software developer’s server data and they often asked if we can backup GitHub. Asana was another common ask.”

There was a fourth reason as well: “Another reason for customers asking was that they were having an ISO 27001 audit and one of the core aspects of 27001 is to show where you keep data, and demonstrate it is backed up and protected. It’s also surprising how many ISO auditing companies are now only just starting to look beyond office servers and 365 for locations of critical data. Only a handful now are asking if their SaaS stuff is backed up.

“These customers realized many of these platforms are not backed up and when I researched further, only a couple of other backup companies offered it. And the UX/UI and general functionality was terrible,” he claimed. “So we built BackupLABS.”

Q&A

Blocks & Files: Tell us about the gap in the SaaS app customer data protection market.

Rob Stevenson: The big backup boys only concentrate on the main three (365, Workspace, Salesforce), but my experience tells me this is going to be an issue over the next few years. Also, with ISO audits, GDPR, new legislation, insurance, all these organizations actually have to backup this data. And the app providers all say in their T&Cs that they don’t. ‘Cloud is just someone else’s computer,’ as the saying goes.

Blocks & Files: How does BackupLABS build its SaaS app connectors?  

Rob Stevenson: BackupLABS uses the public-facing APIs that all these apps offer to connect and backup/restore the data. They actually have to offer these APIs out as they don’t want the hassle or responsibility of backing up the customer data. The Shared Responsibility Model and their T&Cs sees to that as well.

Blocks & Files: Do you provide deduplication? 

Rob Stevenson: Yes, this happens on S3 at the AWS end. The actual size of customer data on these SaaS apps is surprisingly small – certainly compared to what we backup at BackupVault with VMs, 365, Google Workspace etc.

Blocks & Files: Do you have a (virtual) airgap to defend against ransomware? I see you use AWS so S3 and ObjectLock seems to be one way you would/could have a ransomware protection feature. 

Rob Stevenson: Yes, we use ObjectLock enabled to do this. Ransomware is at the top of our concerns. As you know, it’s an issue with on-prem servers at the moment, but I predict criminals will target where the data is/going very soon. I’ve seen ransomware infect and encrypt 365 OneDrive and SharePoint many times before so its only a matter of time before they do for these SaaS apps. On our roadmap is the ability for customers to increase retention and have more of an archiving feature too.

Blocks & Files: Will you add integrations to protect ServiceNow, Salesforce and Microsoft Dynamics? 

Rob Stevenson: Probably not. We may offer 365 backup at some point, but it’s been done well by a number of providers now so we wouldn’t really be offering anything different. Backing up 365 is also incredibly complex and so therefore not worth the effort compared to established players.

Blocks & Files: How can an SME-focused Bournemouth-based backup shop compete on the global stage? 

Rob Stevenson: I have been in the industry for decades and can see where all the providers have made mistakes. So many providers say they do one thing and then don’t deliver, have sub-par support etc. We will be different.

Also, we have been stalked by three large VC firms already offering ludicrous amounts of funding if we wanted to take it. I am more inclined to be bootstrapped, though, and take on debt financing (such as SaaS-Capital.com) based on our monthly revenues. This is becoming a more popular way of growing recurring revenue tech businesses recently. Plus, statistically, bootstrapped companies have a better outcome compared with VC-backed ones. But it is nice to know that I have the VC funding option on the table, even if I am not actively looking for it.

We are also a fully remote team (UK, Eastern Europe, US, Ecuador so far) and so don’t need to be reliant on funding staff in one place such as SF.

We are also a product-led company instead of a sales-led business. I have seen it many times before in the tech/backup industry when its very hard to purchase a service. We intend on making it very easy to do so and then the customers effectively insist on purchasing. Similar to what Dropbox did initially. We are heavily focused on a great UX/UI and have a specialist onboard to help with this. A lot of larger backup companies have terrible UX/UI as you have probably seen. This all feeds into our product-led growth model too.

We intend to focus on the SMEs to begin with, though, and once we get proper traction, offer it out to larger enterprises that have more specific and custom requirements (we will need a sales team then).

Blocks & Files: How do you price your service? 

Rob Stevenson: It depends on the app. For Trello, we charge based on the number of “Boards” they have, while in GitHub we charge based on the number of “repos” they have. Other apps use different methods of billing and we will tend to follow that. So it may be workspaces, users, items etc.

Blocks & Files: Are you funded from BackupVault’s revenues? 

Rob Stevenson: We were bootstrapped by our sister company and are now self-funded.

Blocks & Files: Will you sell your SaaS backup service to managed service providers? 

Rob Stevenson: Yes, 100 percent. We intend on doing this in the later part of this year, but want to concentrate on getting enough end users on board and the service polished first. We will then roll out a partner plan and also affiliates.

Blocks & Files: How do you position BackupLABS against Clumio

Rob Stevenson: They primarily backup AWS services so not in comparison to us. We will target SaaS apps that have an API that allow us to connect to. A lot of these larger (and well-funded) backup providers can only afford to go for the big stuff. We will focus on the smaller niche apps that still contain critical business data.

Blocks & Files: Your last word is?

Rob Stevenson: The amount of critical data stored on apps like Trello and GitHub is growing as more diverse online tools are adopted. Having external backup in place for SaaS data can therefore make the difference between a business surviving a data breach or having to close completely.