GigaOm Radar for Kubernetes Data Protection v6

Data protection is like insurance against data loss risks, ensuring business continuity. It protects against external factors (ransomware, cloud failure, or data center failure) and internal factors (accidental deletion, data corruption, or rogue employees).

Kubernetes is the standard for cloud-native applications, including those with stateful data. It is also gaining a foothold as the platform for traditional enterprise applications running both in the cloud and on-prem. As applications and their stateful data are inseparable, organizations need data protection solutions for applications running on Kubernetes to prevent the loss of that data. This includes traditional backup and recovery, such as leveraging incremental snapshot technologies and policy-based management, as well as disaster recovery workflows, ransomware and other cyberthreat protection, data integrity features, and, increasingly, data copy and migration management to aid in copying data across a multicloud landscape.

These solutions are typically deployed and managed by central IT teams responsible for an application’s recovery time objective (RTO) and recovery point objective (RPO). However, some solutions take a more distributed approach, with developers and application operators as their target audience.

As Kubernetes matures as a platform to run applications, so do data protection solutions. In years past, many solutions focused on supporting just Kubernetes. Today, Kubernetes is just one of many source platforms that modern data protection solutions support. Customers now expect solutions to provide comprehensive protection regardless of where or how applications are run or the cause of data loss.

This shift has driven data protection solutions to support a broad range of environments, including bare metal, virtualization, and Kubernetes on both on-prem infrastructure and cloud platforms. They also extend support to specific SaaS services, databases, and other critical workloads. These solutions have a mature feature set that offers some combination of backup and recovery, disaster recovery, data copy management, ransomware and other cyberthreat protection, and enterprise features for compliance and auditing. In fact, as the market and its solutions mature, the distinctions between data protection, cybersecurity, business continuity, and data copy and migration management are becoming increasingly blurred. 

This is our sixth year evaluating the Kubernetes data protection space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines eight of the top Kubernetes data protection solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading Kubernetes data protection offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

To help prospective customers find the best fit for their use case and business requirements, we assess how well Kubernetes data protection solutions are designed to serve specific target markets and deployment models (Table 1).

For this report, we recognize the following market segments:

• Small-to-medium business (SMBs): In this category, key considerations include ease of use and quick consumption models, like software as a service (SaaS). Simple pricing models, such as subscription-based, are also important. Additionally, SMBs and individual contributors don’t need the full weight of enterprise features for auditing and compliance.

• Large enterprise: For this category, the most effective solutions prioritize flexibility, performance, data services, and security and data protection, as well as extensive data mobility features for various migration scenarios. Scalability and the ability to deploy the same service in different environments are other big differentiators. Also important are enterprise features for compliance and security, like role-based access control (RBAC) and multifactor authentication (MFA), support for a wide range of identity providers, and audit logging.

• Service provider: Service providers utilize a vendor’s solution to deliver services to multiple customers, often through a shared, multitenant environment. We gauge a solution’s suitability for this market by evaluating security features, scaling, and multitenancy. The solution must incorporate most, if not all, of the features required by large enterprises.

• Edge and telco: A new deployment type gaining popularity is edge and IoT-like scenarios, including telco and retail deployments. In these cases, policy-based fleet management of data protection across many clusters is a key differentiator, as are dark deployments.

In addition, we recognize the following deployment models:

• SaaS (managed and hosted): Available only in the cloud and as a managed service, this approach is usually based on a pay-as-you-go subscription model. Users do not need to manage the infrastructure or backup repositories, just backup policies and day-to-day operations. This deployment model includes first-party SaaS (run and managed directly by the data protection vendor) and third-party SaaS (run and overseen by a managed hosting partner). Often, the SaaS deployment model requires an agent or component to run on each protected cluster.

• Self-hosted (on-prem or cloud): While more complex to deploy and manage, these models are more flexible in terms of where and how they are deployed. This deployment type is more suitable for those with stricter requirements for operational control or specific deployment requirements. The architecture of this deployment type can vary among hub-and-spoke, fully per-cluster, and self-contained deployments, as well as a number of other architectures.

Table 1. Vendor Positioning: Target Market and Deployment Model

Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1). 

“Target market” reflects which use cases each solution is recommended for, not simply whether that group can use it. For example, if an SMB could use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for SMBs.

All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

• General-purpose, multivendor solution

• Multicloud and multidistribution

• Multicluster management

• Multitenant access and control

• Native Kubernetes application awareness

• Software consumption models

• Container storage interface (CSI) integration

• Operational security

Tables 2, 3, and 4 summarize how each vendor in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.

• Key features differentiate solutions, highlighting the primary criteria to be considered when evaluating a Kubernetes data protection solution

• Emerging features show how well each vendor implements capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months 

• Business criteria provide insight into the nonfunctional requirements that factor into a purchase decision and determine a solution’s impact on an organization

These decision criteria are summarized below. More detailed descriptions can be found in the corresponding report, “GigaOm Key Criteria for Evaluating Kubernetes Data Protection Solutions.”

Key Features

• Database awareness: Direct integration with and discovery of cloud-hosted databases simplifies the backup process and ensures data consistency at any scale. Depending on the type of database or service, such integration can also accelerate backup and restore operations as well as grant better recovery point objectives. 

• Disaster recovery and business continuity: Disaster recovery and business continuity capabilities rely on replication technology and advanced workflows to protect against major outages. In this key feature, we look at how well a solution performs heterogeneous replication and disaster recovery.

• Application migration and data copy management: The same mechanisms used for application awareness and disaster recovery features can facilitate data and application migration. Snapshots and remote replication can be leveraged to copy data and application configuration seamlessly to a different environment, including dev/test and inter-cluster migration scenarios, as well as technology migrations from VMware to KubeVirt.

• Data integrity: With the growing threat of ransomware and other cyberattacks, protecting data integrity is top of mind for organizations. Data protection solutions must offer specific features to protect against these and other challenges, including immutable backup targets, air-gapping, AI pattern detection, and recoverability verification.

• Operational and security integrations: Data protection solutions do not operate in a void; they are part of a landscape of third-party operational and security tooling. To successfully guard against and prevent data loss and abuse, the data protection solution must integrate and exchange data with these tools, such as SIEM solutions.

• Primary and secondary storage support: Data protection solutions ideally are storage vendor agnostic. We look for those that support a wide array of both primary (source) storage and secondary (target) storage across both on-prem and cloud storage solutions. 

Table 2. Key Features Comparison 

Emerging Features

• Object storage backup: Solutions should support interfaces that enable and enhance storage processes. File and block storage are first-class citizens in the Kubernetes ecosystem via the CSI. The container object storage interface (COSI), a standard for provisioning and consuming object storage in Kubernetes, aims to be the object storage equivalent and is emerging as a way to automatically discover and protect object storage buckets.

• Edge Kubernetes: Supporting Kubernetes at the edge requires solutions that are designed for scalability and often involve thousands of clusters under management, including security, automation, and overall scalability. Edge Kubernetes is optimized for tiny environments with limited resources, and data protection has to follow the same rules. Furthermore, these small infrastructures are usually unattended and distributed across large geographies with limited network bandwidth and may even be air gapped. Local and remote backup repositories, as well as additional automation and security features, are necessary to support such an environment efficiently at any scale. 

• Additional backup source support: In addition to protecting Kubernetes-based workloads, solutions should support additional backup sources (including SaaS services) that are not listed in other categories. As applications increasingly span different technologies and delivery methods, support for a broad set of functionalities becomes more important for organizations that operate across different technologies.

• Heterogeneous recoverability: Heterogeneous recoverability refers to the ability to restore backups to dissimilar clusters. This feature allows solutions to adapt to differences in infrastructure during the restore process, including restoring to clusters other than the original deployment environment. Solutions should be able to handle differences in storage classes, cloud providers, cluster versions, and even a complete change in the anatomy of the application at restore time to cater to test/dev or migration use cases.

• Developer experience: Developers are first-class users of data protection solutions for Kubernetes workloads and must have a first-class experience. Solutions should enable developers to self-serve basic backup and recovery operations from the tooling and workflows they already use without forcing developers to use the backup solution’s own interface.

Table 3. Emerging Features Comparison 

Business Criteria

• Flexibility: Flexibility refers to a solution’s ability to adapt to changing technical and business needs. This requires support for a range of deployment models (self-hosted and SaaS), multiple clusters, a variety of sources (on-prem distros and cloud services), target storage types and protocols, and expanding support for modern virtualization technologies like KubeVirt and platforms like OpenShift Virtualization.

• Scalability: Scalability is determined by the architecture of the solution and its ability to scale up and down as resources are needed for backups and other data migration operations. Scalability also depends on the degree of integration with target storage, as this affects data transfer speed and the overall data footprint. The solution should scale both vertically and horizontally, supporting a few large Kubernetes clusters or many small installations.

• Efficiency: Efficiency is dictated by the level of native integration into target storage to optimize performance and the data footprint. Features like compression and deduplication, for example, are important for saving storage capacity and improving the speed of data transfer to a remote environment.

• Ease of use: Ease of use features dictate how readily users and admins can take advantage of a solution’s capabilities. This includes support for developer self-service capabilities, the maturity of policy-based management, and the quality of workflows in management interfaces (UI, CLI, and API). Effective dashboards provide visibility into operational state, capacity planning, bottleneck detection, fleet management of clusters, quality of documentation, and more.

• Security: Data is the crown jewel of any organization, and data security is a key aspect that must be evaluated. It is important to look at security from both an operational perspective (how secure the data protection solution is) and a data integrity perspective (how secure the backup data is) and consider whether a solution includes security measures for both the data protection solution and the protected data. Ransomware defenses and other tamper protections are important features to evaluate. In data protection solutions, we consider operational security and data integrity separately.

Table 4. Business Criteria Comparison

The GigaOm Radar plots vendor solutions across a series of concentric rings with those positioned closer to the center being judged as having the most complete solution. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s expected evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for Kubernetes Data Protection

The Kubernetes data protection market is maturing rapidly, with solutions reaching feature parity with the broader data protection landscape. As a result, Kubernetes-first data protection vendors are losing their competitive edge as incumbent vendors enhance their Kubernetes functionality on top of existing platform support.

Both purpose-built Kubernetes solutions and those that bolted Kubernetes support onto existing products are moving toward this feature parity. This means the differentiation in this year’s report extends beyond the depth and breadth of Kubernetes support to include the ability to protect application data across a wide range of technologies, including VMware, Kubernetes, KubeVirt, and cloud-native data services. 

Last year’s uptick in demand for data mobility and migration capabilities continues, especially as it relates to KubeVirt and migration of workloads from VMware-based platforms to KubeVirt-based platforms.

As organizations increasingly adopt Kubernetes for both container-based applications and virtual machines, the need for operational control—and thus the ability to migrate stateful data between platforms—is growing because companies no longer have the luxury of dealing only with greenfield projects. Instead, they face the challenge of migrating a complex landscape of applications to Kubernetes. This reality has heightened the need for advanced application migration and transformation tools. This evolution includes features used to create duplicates of application environments for application development and testing.

As illustrated in Figure 1, the market is maturing and consolidating, with roughly the same positioning of vendors year over year. This year, however, we’ve expanded the table stakes slightly to include some additional vendors.

A split can be seen in this year’s roster of included vendors, mostly based on whether or not they solely lean on Velero. Vendors that take that approach and didn’t develop features or functionality on top of it remain on the Feature Play side of the Radar; other vendors with more differentiation are on the Platform Play side.

The market for Kubernetes backup solutions is slowing down slightly, with the pack of leaders (Veeam, Catalogic Software, and Trilio) continuing to compete and innovate, but leaving a large gap behind them. In the coming year, KubeVirt is sure to push the backup market forward once again.

While repatriation is underway, backup vendors are also starting to support cloud-native databases more broadly. Both of these trends have driven vendors to prioritize a consistent experience across multiple clouds and source technologies (VMs, containers, and cloud services) while providing advanced application and data mobility. 

We are seeing different approaches to data protection within the market. Some vendors offer simple SaaS solutions with an emphasis on ease of use and a frictionless user experience, appealing to smaller organizations and teams. On the other end of the spectrum are more complex, feature-complete solutions aimed at larger enterprises, which require all-in-one solutions that include (and are exclusive to) primary or secondary storage and that integrate with certain platforms. Finally, we see a category of vendors that only support the absolute minimum.

In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; every solution has aspects that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.

INSIDE THE GIGAOM RADAR

To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.

Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.

For more information, please visit our Methodology.

Catalogic Software: CloudCasa

Solution Overview
Catalogic Software is a data protection and disaster recovery company that offers a range of products for on-prem infrastructure and applications, as well as cloud databases, with various ransomware protection and data migration features.

CloudCasa is Catalogic Software’s SaaS service designed to back up, restore, migrate, and secure Kubernetes-based applications. In 2024, the platform expanded to include self-hosted options. CloudCasa strongly focuses on the Kubernetes ecosystem, offering support for many Kubernetes-based platforms, including AKS, AWS EKS, GKE, and DigitalOcean. It also extends support for OpenShift, Rancher, Tanzu, and other platforms. CloudCasa is part of Catalogic Software’s broad portfolio of data protection products, which consists of more traditional backup and data protection software.

CloudCasa features deep, native integrations with the three major cloud providers for cloud database backup (currently RDS and Aurora) and supports cloud cluster and storage autodiscovery. Recent enhancements include support for capturing cluster and networking configurations in EKS, AKS, and GKE, allowing for disaster recovery, migration, and replication workflows through automatic cluster creation.

CloudCasa can be layered on top of the open source Velero data protection software for Kubernetes, adding additional features and paid support options. Similarly, CloudCasa integrates with Rancher’s UI, allowing SUSE platform users to perform common CloudCasa functions directly in Rancher. Additionally, CloudCasa DR for Storage is a new functionality that enables the use of storage-based snapshots for Disaster Recovery, currently available for SUSE Storage/Longhorn.

Over the last year, CloudCasa developed deeper support for KubeVirt, including file-level restores.

Catalogic Software is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the Kubernetes data protection Radar chart.

Strengths
Catalogic Software scored well on a number of decision criteria, including:

• Database awareness: The solution offers strong support for discovering and protecting cloud-based database services, including RDS and Aurora, making it easier to protect applications that run across on-prem and cloud environments.

• Heterogeneous recoverability: The solution offers above-average capabilities for capturing and protecting configuration data from cloud resources, including tenant and networking information in the major cloud providers’ services, allowing for quicker recovery of those sources.

• Disaster recovery and business continuity: The tool offers solid workflows for heterogeneous restores, including the ability to spin up cloud-based Kubernetes clusters on demand based on runtime configuration information (noted in the bullet point above). Note that due to its lack of synchronous replication, the solution is less suitable for low RPO and RTO disaster recovery scenarios.

Opportunities
Catalogic Software has room for improvement in a few decision criteria, including:

• Data integrity: Some common data integrity and immutability functionality (including air-gapping backups) is provided, but it lacks full support for all data integrity features, including backup verification.

• Operational and security integrations: Customers benefit from many operational security features (including RBAC, SSO, MFA, and encryption) but are unable to use their own security keys to protect backups. Additionally, the solution lacks out-of-the-box integrations into security operations tooling, requiring customers to integrate the backup solution into their operational security landscape of SIEM and other tools manually.

• Additional backup source support: The solution supports backing up some cloud databases directly but leans on other products in the company portfolio to protect additional backup sources, making Catalogic more complicated to implement for customers with more complex requirements.

Purchase Considerations
CloudCasa is available as SaaS by default, but there is a self-hosted option. Licensing is subscription-based, with pricing calculated by worker node count. CloudCasa is also available through various cloud marketplaces. It is a point solution for Kubernetes but lacks integration with the larger portfolio of Catalogic Software data protection products that include support for non-Kubernetes workloads.

Use Cases
CloudCasa caters to Kubernetes data protection, ransomware protection, disaster recovery, and migration use cases for smaller, less complex environments. Additionally, CloudCasa has support for protecting and restoring cloud-native database workloads running in AWS. Finally, it can be used on top of existing Velero installations to manage Velero across multiple clusters and cloud environments.

Cohesity Data Cloud*

Solution Overview
Cohesity is a data protection platform. The company focuses on simplifying hybrid and multicloud data operations through its SaaS product, Cohesity Data Cloud. It has various services for backup, disaster recovery, air-gapped storage, file/object services, and threat detection.

Cohesity is a broad player in the data protection space, supporting many technologies across on-prem and cloud environments, consolidating multiple point solutions under a single policy and data plane. Recent M&A activity, such as the integration of Veritas’s enterprise data protection business, including NetBackup, has expanded Cohesity’s agent-based and application-specific capabilities. However, technical integration is incomplete, resulting in a fragmented experience across products. The company’s architecture supports both on-prem clusters and cloud-native deployment, with Helios, its SaaS-based management plane, serving as a global multicluster control layer.

For Kubernetes, it leverages Velero. It lacks mature multicluster and multicloud management and has limited secondary storage target support and limited granular capabilities. It does not support heterogeneous restores between distributions and environments and only backs up Kubernetes metadata and persistent volumes, relying on container image registries for container image protection. Notably, Cohesity does support KubeVirt.

Cohesity is positioned as a Challenger and Forward Mover in the Maturity/Feature Play quadrant of the Kubernetes data protection Radar chart.

Strengths
Cohesity scored well on a number of decision criteria, including:

• Additional backup source support: The solution provides an extensive range of backup source support, covering many applications (including Microsoft 365) and cloud services (including Amazon EC2 and similar services in other clouds).

• Database awareness: The tool excels in its support for transaction-aware logging and quiescing of various databases, including some clouds such as AWS RDS.

• Operational and security integrations: The solution provides comprehensive integrations into the enterprise security and monitoring landscape, enabling quick ransomware detection and recovery, security threat and breach detection, and other SIEM practices.

Opportunities
Cohesity has room for improvement in a few decision criteria, including:

• Disaster recovery and business continuity: For Kubernetes workloads, support for sophisticated disaster recovery workloads lacks many key workflows and features such as on-demand cluster creation at restore or capturing and replicating crucial operational information, including Operators or Helm chart metadata. 

• Application migration and data copy management: The solution offers limited breadth and depth of workflows for heterogeneous recoverability, migration, and data copy management, diminishing flexibility to move, migrate, restore, or copy data.

• Developer experience: The solution lacks integration into DevOps and developer workflows and tools, reflecting Cohesity’s focus on storage and backup admins rather than cloud-native shops.

Cohesity was classified as a Forward Mover given the slow rate of change in its Velero-based implementation. While building more sophisticated solutions on Velero is possible, Cohesity has so far kept its approach relatively vanilla, making only minimal technical changes to the open source base and resulting in an undifferentiated position among vendors.

Purchase Considerations
Cohesity primarily targets large enterprises; smaller organizations may find its architecture excessive. Organizations already leveraging Cohesity’s platform may find the inclusion of Kubernetes support beneficial. However, Cohesity’s approach to Kubernetes data protection is limited compared to the maturity of its protection for other technologies, so customers not already using Cohesity may be better served by a fit-for-purpose data protection solution for Kubernetes.

Use Cases
Cohesity is suitable for large organizations with complex and diverse data protection needs, especially in regulated industries such as healthcare and finance where data security and compliance are critical.

Commvault

Solution Overview
Commvault is a data protection company focused on preventing and remediating cyberthreats. Commvault Cloud is a backup solution that goes beyond Kubernetes support to protect hybrid applications running across Kubernetes, VMs, and cloud services, enabling organizations to consolidate backup operations on a single platform. Recent product updates include improvements to its Kubernetes support with regard to application discovery, namespace-level protection, and CSI-based snapshot integration.

Commvault’s solutions include backup and recovery software and Commvault Cloud for SaaS, which provide very broad support for data sources. These sources span on-prem and cloud-hosted databases, file and object stores, and compute instances, including VMs, Amazon EC2 instances, and Kubernetes-based containers. 

The Commvault solution is available across various cloud marketplaces. It employs a specialized access node (previously deployed as a VM and more recently deployed as a container) that interacts with the Kubernetes API server to discover and protect applications across clusters. Data movers are deployed on a cluster only during a backup or restore, with no other parts of the backup application running on-cluster. 

For edge use cases, Commvault offers a physical appliance-based solution called HyperScale X, which supports Azure Stack, AWS Outpost, EKS Distro, and Google Anthos Bare Metal. Notably, Commvault also backs up various object storage services through its recent Clumio acquisition.

Security and ransomware controls hint at Commvault’s long history in data protection and current focus on cyber resilience. The solution incorporates multiple layers of protection against cyberthreats, including air-gapped backups, backup target immutability, and deep support for anomaly detection. 

Commvault is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the Kubernetes data protection Radar chart.

Strengths
Commvault scored well on a number of decision criteria, including:

• Data integrity: The solution provides extensive support for ransomware prevention, detection, and remediation, including its cleanroom functionality for Kubernetes, providing isolated recovery environments for validation and ransomware mitigation.

• Additional backup source support: Market-leading support is offered for SaaS backup sources, including many SaaS services (including Microsoft 365) and cloud and on-prem databases.

• Object storage backup: The vendor stands out after its recent Clumio acquisition, which enables backup of S3 repositories, a unique feature among this roster of vendors. This allows Commvault to back up S3 buckets as a source. These are often critical parts of an application but notoriously difficult to back up as part of an application’s regular backup strategy.

Opportunities
Commvault has room for improvement in a few decision criteria, including:

• Developer experience: The platform doesn’t integrate well with cloud-native workflows and isn’t as developer-friendly as other solutions. This makes Commvault harder to integrate into cloud-native and developer-oriented workflows, forcing users to use Commvault’s admin interfaces instead of familiar CI/CD or terminal consoles.

• Database awareness: While the solution can back up numerous databases, it has only limited support for protecting database workloads with native quiescing and transaction-aware logging, deferring to customer-provided and manual scripts in many cases.

• Edge Kubernetes: Commvault’s solution is not optimized for airgapped edge deployments, requiring a centralized access node running outside the Kubernetes cluster.

Purchase Considerations
Commvault Cloud for SaaS is aimed at organizations seeking to move away from self-managed data management platforms toward those that include support for Kubernetes. 

The company provides flexible purchasing options that range from traditional perpetual licensing to subscriptions. Licenses are transferable between VMs and containers. 

Commvault’s broad support for VMs, containers, and cloud data services and databases in a single platform make it a great choice for hybrid and complex applications, but its lack of KubeVirt support is notable. Its security and ransomware controls are extensive, making it suitable for larger enterprises, and many of its state-of-the-art features are now suitable for Kubernetes.

One of Commvault's challenges is its legacy architecture, which limits its ability to provide a fully Kubernetes-native experience. The platform's lack of Kubernetes-compatible APIs and the need to run certain components outside of Kubernetes as a virtual machine create operational inefficiencies. A complex portfolio of products, features, and UIs make operating a Commvault solution relatively cumbersome, especially for smaller enterprises with less complex environments.

Use Cases
Commvault’s portfolio is great for organizations with complex environments across on-prem, cloud, and SaaS, with a wide mix of technologies. Its main focus is on cyber resilience and business continuity through ransomware prevention, detection, and remediation using backup and recovery technologies.

Dell Technologies: PowerProtect Data Manager

Solution Overview
Dell Technologies’ PowerProtect Data Manager includes support for Kubernetes. It is deployed as a virtual machine in a VMware-based virtual environment, leveraging Velero for Kubernetes, including multicluster (and multicloud) deployments.

It offers limited support for secondary storage targets and granular recovery and only has limited support for heterogeneous restores across distributions and environments. The solution also cannot back up container images—leaving that task to container image registries—backing up only Kubernetes metadata and persistent volumes.

Optionally, PowerProtect Data Manager can be extended with appliance-based deduplication and compression using PowerProtect Data Domain appliances, which can be physical or virtual (running on top of cloud object storage).

The VM-based manager deploys the data movers automatically on protected Kubernetes clusters. It also deploys as a VM in public cloud environments to protect cloud-based Kubernetes environments. The solution can connect to multiple on-prem or cloud-based Kubernetes clusters from a single manager.

PowerProtect Data Manager uses Velero components to capture the Kubernetes-level objects while it leverages its own data movers (running in their own namespace). Backups run at the namespace level. Restores include remapping of storage classes, but no additional heterogeneous restores are supported.

It supports various cloud-based Kubernetes services, including AKS, EKS, and GKE. In the on-prem world, it supports VMware Tanzu Guest Clusters, Tanzu Kubernetes Grid Integrated Edition, Red Hat OpenShift, and SUSE Rancher (including RKE and RKE2).

PowerProtect includes at-rest and in-flight encryption, as well as target immutability with retention locks. Optionally, it can be integrated with Dell Technologies’ Cyber Recovery Solution for air gapping and advanced ML and anomaly detection to combat ransomware.

PowerProtect Data Manager comes with built-in support for agentless, application-consistent backups of MySQL, PostgreSQL, and nonsharded MongoDB and Cassandra. 

Dell Technologies is positioned as an Entrant and Fast Mover in the Maturity/Feature Play quadrant of the Kubernetes data protection Radar chart.

Strengths
Dell Technologies scored well on a number of decision criteria, including:

• Data integrity: The solution provides good support for data integrity functionality, including backup immutability and air-gapping on its own physical secondary storage appliances.

• Operational and security integrations: The solution has good baseline first-party support into the enterprise operational and security landscape, enabling ransomware detection and recovery and security threat and breach detection, helping organizations proactively manage data security and integrity.

• Additional backup source support: The solution provides high-level support of the PowerProtect platform for various other backup sources, including Microsoft Exchange, SAP HANA, and other enterprise applications.

Opportunities
Dell Technologies has room for improvement in a few decision criteria, including:

• Disaster recovery and business continuity: There is room for improvement in the solution’s support for disaster recovery workflows and scenarios for Kubernetes; workflows for Kubernetes workloads are lacking and incomplete.

• Application migration and data copy management: The vendor lags behind competitors in this criterion due to incomplete and insufficient workflows for application migrations and data copy management, including VMware-to-KubeVirt migrations.

• Developer experience: The solution lacks integration into DevOps and developer workflows and tools, indicating that the product is positioned for storage and backup admins, not cloud-native shops.

Purchase Considerations
To reap the full benefits of Dell Technologies’ data protection approach, multiple products (including physical secondary storage appliances) are needed. Dell Technologies’ approach to Kubernetes data protection is limited relative to the overall maturity of the market, so customers may be better served with a fit-for-purpose data protection solution for Kubernetes.

Use Cases
Dell PowerProtect Data Manager is suitable to protect general-purpose, on-prem Kubernetes workloads for large organizations already using PowerProtect for enterprise-grade backup, restore, and disaster recovery across physical, virtual, cloud, and containerized environments with more traditional on-prem workloads such as Oracle, SQL, SAP HANA, and Exchange.

Portworx (Pure Storage): Portworx Backup

Solution Overview
Portworx is Pure Storage’s cloud-native storage solution. Portworx Backup is a data protection solution for Kubernetes. It’s compatible with any Kubernetes cluster on-prem and in the cloud, including OpenShift, Tanzu, EKS, AKS, and GKE. It supports any Kubernetes-compatible storage provider, including Portworx Enterprise, Pure’s distributed storage solution for Kubernetes. Notably, it also enables backup and restore for VMs running in KubeVirt, as well as any database that runs as a Kubernetes operator. Backup supports pre- and post-backup hooks, and it has built-in support for Cassandra, Elasticsearch, Jenkins, MongoDB, MySQL, PostgreSQL, and RabbitMQ. 

Portworx Backup is available as a self-hosted Helm-based application in a Kubernetes cluster. It’s also accessible via the AWS, GCP, and IBM Cloud marketplaces.

Portworx Backup is a multicluster solution, capable of protecting any Kubernetes cluster across on-prem and cloud environments. Portworx Central, a manager-of-managers, can also oversee multiple on-prem backup instances centrally.

Additionally, Portworx Backup enables fast, application-consistent backups by supporting any CSI-compatible storage and offering integration with a variety of cloud-based block storage services. Recent updates introduced the ability to copy cloud provider snapshots (like EBS snapshots) into an S3 bucket. Security is a critical aspect of the product, with data encrypted at rest and in transit. Portworx supports immutable backup targets for ransomware protection.

Portworx (Pure Storage) is positioned as a Challenger and Fast Mover in the Maturity/Platform quadrant of the Kubernetes data protection Radar chart.

Strengths
Portworx scored well on a number of decision criteria, including:

• Disaster recovery and business continuity: Robust disaster recovery capabilities through its Portworx DR are provided, although these features are only available in Portworx Enterprise. PortworxDR is an add-on solution to Portworx Enterprise, specifically designed for disaster recovery, leaning on synchronous, near-sync, and asynchronous data replication.

• Additional backup source support: The solution provides impressive support for databases if used in conjunction with Portworx Data Services, a self-service portal for database deployment and lifecycle management. 

• Primary and secondary storage support: Robust integration with Portworx Enterprise is provided, enabling first-class support for and deep integration with primary and secondary storage, leveraging the advanced data services offered by the Pure platform, including data footprint optimization and replication.

Challenges
Portworx has room for improvement in a few decision criteria, including:

• Application migration and data copy management: The solution lacks comprehensive workflows for application and data migrations, including VMware-to-KubeVirt migrations. Although Portworx Enterprise supports these capabilities, customers using only Portworx Backup may struggle to move data into Kubernetes virtual machines. The solution also lacks flexibility to move, migrate, restore, or copy data.

• Data integrity: While the solution offers the table stakes data integrity and immutability features, it does not offer recoverability verification features, nor does it have advanced ransomware protections like air-gapping or pattern detection.

• Operational and security integrations: The vendor lacks comprehensive integrations into the enterprise operational and security landscape for third-party tooling, requiring customers to manually integrate the backup solution into their operational security landscape of SIEM and other tools.

Purchase Considerations
Portworx Backup is one of the few solutions in this report without cloud data services backup functionality. As applications are increasingly fragmented across on-prem, cloud, containers, and SaaS, this could be a factor worth considering.

However, Portworx Backup is the go-to solution for those already running Portworx and is valued by organizations requiring self-service capabilities while adhering to fine-grained authorization that enforce compliance in multicluster environments.

Use Cases
Portworx Backup is suited for general-purpose, on-prem Kubernetes data protection and disaster recovery use cases, especially if those environments include Pure Storage or Portworx storage. 

Rubrik

Solution Overview
Rubrik delivers a unified data security and protection platform designed to safeguard enterprise workloads across on-prem, hybrid, and cloud environments. The company’s portfolio has evolved from its original Cloud Data Management (CDM) appliance into the Rubrik Security Cloud, which combines backup, recovery, data discovery and classification, ransomware detection and recovery, and threat analytics. 

Rubrik’s architecture is built on a zero trust data protection model, emphasizing immutability, encryption, and secure access. The company focuses on aligning data protection with cybersecurity, integrating tightly with SIEM, SOAR, and identity management platforms. Its Feature Play approach consolidates secondary storage, backup, and data governance under a single control plane, leveraging APIs and cloud connectors for extensibility.

It offers robust backup, recovery, archiving, and disaster recovery across on-prem, cloud, and hybrid environments. Rubrik uses a policy-driven approach to simplify data protection workflows, reducing administrative overhead and ensuring data integrity. The solution integrates seamlessly with major cloud providers like AWS, Azure, and Google Cloud, providing flexible and scalable storage options. Rubrik also leverages advanced technologies such as data deduplication, encryption, and machine learning for efficient and secure data management.

Rubrik is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the Kubernetes data protection Radar chart.

Strengths
Rubrik scored well on a number of decision criteria, including:

• Operational and security integrations: The vendor offers machine learning capabilities that provide predictive analytics and anomaly detection, helping organizations proactively manage data security and integrity, which is especially useful in capacity management and planning.

• Additional backup source support: The solution provides an extensive range of backup source support, including many applications and cloud services, allowing customers with more complex application landscapes to back up entire applications from a single backup solution, simplifying application backup management.

• Data integrity: It provides comprehensive features for ransomware protection, including detection capabilities, allowing organizations to recover from attacks more quickly.

Opportunities
Rubrik has room for improvement in a few decision criteria, including:

• Application migration and data copy management: Rubrik could improve its support in this area by implementing more mature, robust, and complete application migration and data copy management workflows for Kubernetes workloads, including mature VMware-to-KubeVirt workflows.

• Heterogeneous recoverability: Rubrik lags behind competitors due to its lack of mature recoverability across heterogeneous environments.

• Developer experience: Rubrik is not a cloud-native, developer-friendly data protection solution for Kubernetes, lacking integration into devops and developer workflows and tools.

Purchase Considerations
The solution’s subscription-based licensing model offers flexibility and cost predictability, making it suitable for enterprises looking to manage operational expenses effectively. 

Its Kubernetes protection features are best suited for organizations already using Rubrik and seeking to include container workloads in a broader data security strategy rather than as a standalone container-native backup solution. The solution’s scalability and advanced data protection features make it particularly suitable for large enterprises with complex data management needs.

Use Cases
Rubrik’s platform supports a broad range of enterprise use cases, including ransomware recovery, compliance reporting, long-term retention, and hybrid cloud protection. It is widely deployed across industries such as healthcare, financial services, and the public sector, where data classification and immutability are key.

Trilio: Trilio for Kubernetes

Solution Overview
Trilio is a data protection company focused on OpenShift and OpenStack. It offers seamless integration with Red Hat OpenShift, including a dedicated backup UI directly within the OpenShift console for simplified data protection policy management. Trillo also extends support for OpenShift managed services with AWS (ROSA), Azure (ARO), and OpenShift Virtualization (KubeVirt), providing comprehensive protection across diverse OpenShift deployments. 

Trilio supports backups for a wide range of databases (including MongoDB, PostgreSQL, InfluxDB, MySQL, Redis, Cassandra, and AWS RDS-based databases) and automatically applies the right data management and quiescing policies. It boasts native support for operators and Helm charts, including the ability to back up and restore history and context. 

Trilio is built as an autoscaling application, dynamically allocating resources as needed for every backup job, ensuring scalability and performance for environments of all sizes. 

Data protection and security are integral to Trilio’s design. Backups are stored in the open QCOW2 format and data is encrypted using the open source LUKS, providing end-to-end security for both data at rest and data in transit with user-supplied secrets (bring your own keys). It also applies immutability on a per-file basis, but only on S3-compatible storage. Trilio supports bring-your-own-keys for data encryption and can be integrated with third-party key management systems like HashiCorp Vault.

Continuous Restore, while still snapshot-based, enhances disaster recovery capabilities by providing low RTO and RPO. This feature leverages built-in (storage- and cloud-agnostic) replication functionality to stage data continuously across multiple heterogeneous clouds. 

Trilio supports granular, file-level recovery for KubeVirt VMs.

Trilio is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the Kubernetes data protection Radar chart.

Strengths
Trilio scored well on a number of decision criteria, including:

• Data integrity: The solution has an established set of data integrity features, including anomaly detection and some support for airgapped scenarios, allowing customers to safeguard their backups from ransomware attacks and respond quickly during an attack, potentially limiting damage.

• Database-aware backups: The vendor offers a large number of out-of-the-box integrations for backing up databases, as well as the ability to back up and restore operator state, which is useful in DR and compliance scenarios.

• Disaster recovery and business continuity: The solution offers superior continuous restore functionality, which creates hot-standby replicated clones of applications in the cloud, allowing quick disaster recovery workflows and limited downtime during failovers.

Opportunities
Trilio has room for improvement in a few decision criteria, including:

• Additional backup source support: The solution provides lackluster support for additional backup sources, including cloud services. As applications are increasingly fragmented across on-prem, cloud, containers, and SaaS, this could be a factor worth considering. 

• Application migration and data copy management: Trilio leans on the default backup-and-restore workflow for all use cases, including on-prem-to-cloud or cloud repatriation. This leaves some of the configuration for more advanced migration workflows to the end user, without out-of-the-box support for common migration scenarios. 

• Primary and secondary storage support: Support is lacking for first-party integrations into primary and secondary storage, leveraging only CSI on the source side and NFS or S3 as backup targets, leaving some performance and data footprint optimization on the table.

Purchase Considerations
The disaster recovery feature set is established and storage agnostic. The company’s roots in kernel-based virtual machines (KVM) set it apart with regard to future KubeVirt advancements.

In addition to the enterprise subscription (licensed per worker node, vCPU, or core), the product is available for a free POC upon request.

Use Cases
Trilio for Kubernetes is uniquely positioned to cater to the data protection needs of those already running OpenShift or adopting OpenShift Virtualization. It offers broad support for managed cloud solutions, distributions, major databases, and application platforms. 

Veeam: Kasten

Solution Overview
Veeam is a global leader in data protection and disaster recovery, having established its reputation as a top vendor in the virtualization space. With the acquisition of Kasten, it is also a leading vendor in the Kubernetes space.

Veeam Kasten is a cloud-native data management platform for Kubernetes. It includes backup, restore, disaster recovery, and migration functionality for container-based and KubeVirt-based applications. It is increasingly integrated into Backup and Replication (Veeam’s solution for virtual environment) as the container, legacy virtualization, and modern virtualization worlds continue to converge. Kasten is well suited to protect large and complex applications spanning container, cloud-native, and VM-based deployments. Kasten’s focus on security and compliance, especially in governmental environments, is notable, and the company continues investing in this area through further privilege restrictions of Kasten pods, obtaining ISO 27001 certification, and making Kasten available on DoD Platform One.

Kasten supports a wide range of Kubernetes flavors and helps protect VMs running in KubeVirt. There is growing support for changed block tracking (including AWS EBS and, more recently, Azure Managed Disk volumes) and block mode backups on OpenShift Virtualization.

Kasten natively discovers data services (including MySQL, MongoDB, PostgreSQL, Amazon RDS, Kafka, and Cassandra) within the broader applications context. Using Kanister, an open source data management framework originally developed by Veeam to create an industry standard for stateful data management, Kasten automatically applies the appropriate data management policies, such as quiescing during backups to ensure data consistency. These blueprints are continuously updated and expanded, adding support for more database technologies and improving existing integrations. 

New in 2025 is Kasten’s support for file-level recovery of KubeVirt-based virtual machines, as well as a deeper integration of Kasten with Veeam Data Platform (notably, the ability to ship incremental backups to Veeam Backup and Replication).

Veeam is positioned as a Leader and Outperformer in the Innovation/Platform Play quadrant of the Kubernetes data protection Radar chart.

Strengths
Veeam scored well on a number of decision criteria, including:

• Database awareness: The solution excels here due to Kasten’s application and database autodiscovery and awareness powered by the Kanister framework, giving organizations an exceptional out-of-the-box experience for database- and application-aware backups.

• Data integrity: The vendor provides robust ransomware protection, tamper analytics and protection, and deep integrations with various SIEM solutions. It offers verified recoverability in isolated recovery environments and instant recovery for workloads from those environments.

• Edge Kubernetes: Kasten’s architecture and policy-based approach lend it well to edge use cases, including centralized policy management, low resource usage, and optimized deployment for decentralized and edge clusters.

Veeam was classified as an Outperformer given its continued pace of innovation in the market, especially in the security and compliance arena, delivering many market-leading features and certifications.

Opportunities
Veeam has room for improvement in a few decision criteria, including:

• Application migration and data copy management: The solution offers various workflows for application migrations and data copy management, including file-level recovery for KubeVirt, but misses deep integration into Operators and CRDs, requiring manual work to protect these and making it harder to restore operator state.

• Disaster recovery and business continuity: The tool’s nondifferentiating features for disaster recovery protect against cluster and availability zone failures, as well as storage system failures in on-prem scenarios. However, it lacks some of the native storage integrations offered by some competitors. The absence of a SaaS version that runs independently of protected resources complicates disaster recovery workflows somewhat, as Kasten is deployed within the resource it protects. 

• Database awareness: While the solution offers a top-scoring Kanister framework, it lacks the breadth and depth of support for natively protecting cloud-native databases and cloud constructs compared to some competitors. This reflects Kasten’s focus on protecting on-prem resources rather than cloud-native resources.

Purchase Considerations
Veeam is a comprehensive solution for Kubernetes environments and has great integration into Veeam Backup and Recovery for protecting applications across VMs and containers, bringing together the legacy and modern virtualization worlds.

Its application-aware data management framework, Kanister, has Kasten- and community-provided blueprints for application-consistent backups. The instant recovery feature has been ported from Veeam’s B&R suite to Kasten, making Kasten stand out as a recovery tool.

Kasten is designed to support large-scale environments, whether they consist of a few large clusters or many small clusters, making it suitable for development, edge, and SMB scenarios. As a complete solution, Kasten is beginning to experience some of the challenges of a first-mover, and the product, while full of features, is becoming somewhat bloated. At the same time, Kasten is aimed exclusively at Kubernetes environments, so it requires additional tools in the Veeam portfolio to support other technologies.

Veeam leaves the delivery of a SaaS version of Kasten to its network of partners but recognizes the market need for such deployment models and is investing in its Data Cloud offerings. Kasten currently supports Veeam Data Cloud Vault as a backup target to store backups on first-party immutable cloud storage.

Use Cases
Kasten caters to Kubernetes data protection, ransomware protection, disaster recovery, and migration use cases for both small and large environments across KubeVirt and container-based workloads. It’s especially suited for highly-regulated and governmental use cases.

Data protection for Kubernetes continues to be a hot topic for practically every organization with container-based applications in production or those migrating VMware-based VMs to KubeVirt platforms. While early industry narratives portrayed containers as inherently stateless, reality has proven otherwise. Many users tried to transform their applications to stateless architectural models, but the technical and organizational complexity of enterprise applications put a wrench in the works. The IT industry is also paying close attention to VMware’s future and the rise of KubeVirt, and the market for Kubernetes Data Protection will once again heat up in the coming year because of it.

Since Kubernetes isn’t natively capable of handling data protection for stateful applications, a broad ecosystem of vendors has emerged to fill the gap. These range from table stakes backup and restore to more sophisticated multiregion disaster recovery and even fully fledged data copy management solutions for test/dev environments, as well as data storage solutions. We see an uptick in support for native cloud database services like Amazon’s RDS and expect the trend toward protecting application data across technology boundaries to continue and intensify.

No single solution is perfect for all use cases. That means that if you’re looking for a data protection solution for Kubernetes, you need to assess your current application and infrastructure situation, taking into account existing investments in data protection and data storage and considering what kind of data you need to protect across VMs, containers, cloud databases, and other cloud services. Such an analysis will help define the must-have features for a data-protection solution, allowing organizations to focus on what matters most to their specific use case. The best solution isn’t necessarily the one that ticks the most boxes in our research for this Radar—or even all of them. It’s the one that ticks the right boxes at the right price point for you.

Even though the market is starting to consolidate, we haven’t yet reached feature parity with the leaders in data protection for VMware-based environments. However, 2026 will see the leaders in the Kubernetes data protection space work toward that parity with regard to changed block tracking, storage snapshots, and data deduplication.

*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.

For more information about our research process for Radar reports, please visit our Methodology.

Joep is a technologist with team building and tech marketing skills. His background as a CTO, cloud architect, infrastructure engineer and DevOps culture coach. He has built many engineering and architect teams and culture.

Founder of TLA Tech, a tech marketing firm focusing on cloud-native. Co-hosts TheCUBE sometimes. Blogs at VirtualLifestyle.nl

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

© Knowingly, Inc. 2025 "GigaOm Radar for Kubernetes Data Protection" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.