Keepit has a unique approach to SaaS data protection

Keepit founders
Keepit founders

Backup-as-a-Service outfit Keepit features blockchain and private datacenters with a single disk storage tier and no archiving. How did this come about?

The Keepit Group was founded in 1996 in Copenhagen, Denmark, by Frederik Schouboe and Morten Felsvang, high school friends who previously co-founded and sold web hoster Surftown and outsourcer Cohaesio. The hosting background meant that they were experienced in operating their own datacenters. The Keepit Backup-as-a-Service (BaaS) business started in 2007. It has around 7,500 customers in 74 countries, with some 300 customers in the UK, and is profitable. The service is sold by channel partners.

“We think that all software in the future will be delivered as a service,” says Morten Felsvang, co-CEO and co-founder in a YouTube video. The two started Keepit to back up user files to Keepit datacenters, rather than public clouds such as AWS or Azure. That meant they had to provide their own backup and data storage software.

Keepit founders
Frederik Schouboe (left) and Morten Felsvang

They took the decision that user data had to be available quickly all the time and in a granular, per-file fashion. That meant it was disk and not tape-based. Keepit concentrated on backing up popular cloud software services such as Microsoft 365 and developed a backup engine onto which they could layer connector software to add protection for new SaaS apps, and now supports eight: 

  • Microsoft 365
  • Microsoft Dynamics
  • EntraID (formerly Azure AD)
  • Azure DevOps
  • Microsoft Power Platform (BI)
  • Salesforce
  • Google Workspace
  • ZenDesk

Clients can only access the service via an API.

Keepit operates twelve privately operated datacenters in six countries: USA, Canada, UK, Germany, Denmark, and Australia. Many are based on Equinix or Global Connect facilities, and the US and EMEA ones are powered by renewable energy. Each region is isolated from other regions, and each has an active:active pair of mirrored datacenters.

By having datacenters located in specific geographies, Keepit can satisfy data sovereignty requirements in the territories where it operates.

The backup software is an object store that prohibits the deletion of any data object or backup set. Every backed-up item is an object like a file or email. That means customers can restore files at the same speed whether they are a minute, a week, a month, a year or older. All objects are immediately addressable. There is no separate archive section for older data. Customers sign up for retention periods, with many having 99-year retention deals.

Customers’ backup objects are stored in a blockchain, specifically a Merkle tree-like structure, which ensures that it is immutable and tamper-proof. If data is deleted by a customer or bad actor, it is retained for a default period of one month or longer if a customer wishes to help defeat ransomware attacks.

Keepit uses the Merkle tree hash structure
Merkle tree hash structure

Each backed-up item is treated as a data block, an object, hashed and added to a blockchain. All backups are incremental forever. Any duplicated backup items are referenced via the hash for the original object. Object-level deduplication is inherent in the architecture but there is no sub-object-level deduplication.

Each fresh incremental backup is verified and added to that customer’s protected item or file blockchain. Incoming and at-rest objects are encrypted. File deletion is accomplished by deleting its root hash. There is a periodic refresh of the object store to recover deleted space.

An object is stored on a single disk and not split across disks, meaning it needs only a single read. Larger objects are split into 8 GB chunks to ensure they fit on a single drive. A full backup of a data set is the total set of the component incremental objects. Where item group restores are needed, the disks involved are read in parallel to prevent a long and slow sequence of successive disk reads.

Disk drives are protected in RAID groups. Keepit says it keeps an equivalent of two copies (or more) of customer data in each of the two datacenters, making a total of four (or more) copies of the data throughout its entire backup history. There is no cross-region protection.

CTO Jacob Ostergaard told an A3 Technology Live briefing audience that Keepit will extend its base platform to cover ServiceNow and other SaaS apps. It will write its own connectors around the base engine. A year from now, there should be much more than eight supported SaaS apps.

Ostergaard said Keepit thought about providing an SDK for SaaS vendors so that they could write their own connectors, but decided not to as they couldn’t see how to monetize it. It charges by seat at present. This marks it out as different from HYCU and Asigra.

Keepit says its USP versus other backup suppliers is that it’s more secure and reliable because it backs up to its own datacenters and better supports data sovereignty.