I read in the news recently that Veeam has bought Securiti AI, which is going to have a direct impact on its data protection offering. This deal is a game-changer for Veeam's strategy, combining data resilience with data security.
But what does Securiti AI do, and why did Veeam decide to buy it?
Securiti AI is a big name in the industry, and they focus on Data Security Posture Management (DSPM), privacy and data governance. With a spent about £1.725 billion in total Veeam's big plan is to bring together their data resilience (which they're really good at – backup and recovery) with data security (Securiti AI's thing).
So, why's this important for Veeam?
I think this purchase is meant to create one command centre where they can use DSPM on data in use and on backup files as well. This means that sensitive data (PII, GDPR-compliant data) can be easily identified in backups, and the compliance and security posture of the backup data itself can also be verified.
So not only can customers restore data (thanks to VBR v13), but they also know for sure:
- They're protecting sensitive data that's been classified by Securiti AI.
- How the data is protected in terms of security and compliance, using Securiti AI's DSPM.
- Where do you go to restore the data, and how do you do it (VBR v13 engine).
All this using AI to make data management and cyber defence more effective and reliable, but above all to have a complete and unified view of all data wherever it's stored: We're talking cloud, SaaS, virtual, physical, and making sure we're following the rules and regulations. It's a real lifesaver for the various ISO27000 and subsequent audits.
At the moment, we don't know about what will be integrated, and I don't think it'll be immediately (unless I'm proven wrong on 19 November with Veeam On, which can be followed online), but reading the info on the securiti.ai website, I can speculate on additions to the security and resilience features integrated into next VBR v13.x with those resulting from the acquisition of Securiti AI.
Veeam v13 + Securiti AI = Security and Data
| Features | Focus and solutions of v13 | Focus and solutions Securiti AI (Data Platform) |
| Main target | Operational resilience + active protection: Make sure the backup server and repositories are always available and that data can't be changed. | Data security and governance: Make sure you know what you're protecting, where your sensitive data is, and how it's managed and compliant. |
| Key Technologies | High availability (HA): Active/passive clusters for the VBR Server. | Data Security Posture Management (DSPM): what we need to do is look at how secure all the data is and then analyse that. |
| Advanced immutability features: like hardening of repositories and the dual control principle (also known as the 4-eyes principle). | AI-powered Data Intelligence: Use AI to identify and manage unstructured data. | |
| Integrated Threat Hunting: Checking for malware and indicators of compromise (IoC) tools is important before, during and after backup. | Data Privacy & Governance: Here are some tools to help you stay on the right side of the law (GDPR, CCPA, etc.). | |
| Scope of application | Secondary Data (Backup) and Infrastructure (VBR Server). | Entire Information Asset: Production data, backup data, cloud, SaaS and endpoints. |
| Benefit for the Customer | Fast and secure recovery: Reduced risk of data loss and minimised downtime in the event of an attack or failure. | Total Control, Awareness and Compliance: Complete understanding of where sensitive data is located, who can access it and whether it is being managed securely. |
What's the DSPM?
I will try to satisfy the curiosity of those who are asking themselves this question. DSPM (Data Security Posture Management) is one of the most important and rapidly growing trends in cybersecurity and is used as a security approach that shifts the focus from infrastructure to the data itself.
Data is the most valuable digital asset for companies and must be secured by applying a series of security practices that often become confusing and may even be undocumented. Data scattered in different places (cloud, on-premises, SaaS) is compounded by a series of risks arising from human negligence or uncertified workflows (unauthorised access, incorrect configurations, etc.). Data Security Posture Management (DSPM) is used to keep all these variables under control.
It provides a “data-first” approach that identifies, assesses and protects sensitive data based on its location, context and associated risks.
The 4 Essential Functions of DSPM
An effective DSPM platform, such as the one provided by Securiti AI and integrated into Veeam, is based on four pillars:
| Feature | Details | Security Utilities |
| 1. Discovery and Classification | Continuously scans the entire environment (Cloud, SaaS, Database, Backup Storage) to find and catalogue all data archives. | Know what you are protecting: Identify exactly where sensitive data (GDPR, HIPAA, PII, etc.) resides, including unstructured data (e.g., documents, emails). |
| 2. Mapping the context and access | It traces who (users, apps, services) has access to that sensitive data, how they are using it, and where it can be accessed from. | Identify Exposure Risk: Highlight misconfigurations such as over-permissive access or sensitive data in public cloud buckets. |
| 3. Risk assessment (Posture) | Compare your current data security posture with best practices and compliance regulations (e.g. GDPR, NIS2, DORA). | Prioritise: Tells you which data is most exposed and at risk, enabling security teams to take action before a breach occurs. |
| 4. Driven mitigation and remediation | Provides alerts and recommendations to fix vulnerabilities. | Act Efficiently: Proactively resolve misconfigurations (for example, revoke access for an inactive user who had too many permissions on sensitive data). |
So, to sum things up, DSPM is going to be really important for Veeam. It'll help make sure data protection covers the whole lifecycle, especially for production data, and then for backup data too.
Veeam's resilience and Securiti AI's security are a perfect match.
I hope I've got the right idea about what's going to happen with future implementations after this acquisition, and that I've explained it in a way that most people will get.
Thanks for your time!