AI-Driven Data Protection Company Alcion Closes $21M Funding Round
‘Alcion is a modern data protection company. At the very nuts and bolts, it is AI-driven and built from the ground up for security. Our central thesis is that the vast majority of data loss is now going to be cyberthreat-related. So we’ve really looked at how do we reimagine data protection from a backup, disaster recovery, security-oriented point of view for the climate that our customers live in,’ says Niraj Tolia, Alcion’s co-founder and CEO.
Building A Modern, AI-driven Data Protection Capability
Startup data protection technology developer Alcion, which came out of stealth mode in June, this week unveiled the closing of its Series A round of funding, bringing it an additional $21 million with which to build its technology and go-to-market strategies.
Alcion is building technology that combines data protection with data resiliency capabilities that not only keeps a company’s backup data safe from loss or a disaster but which also provides ransomware protection to protect data from a cybersecurity attack, said Niraj Tolia, co-founder and CEO of the Santa Clara, Calif.-based company.
Tolia and Vaibhav Kamra, Alcion’s other co-founder, know something about modern data protection. The two were also co-founders of Kasten, which developed Kubernetes-native container backup and data protection technologies. Kasten, in turn, was acquired by Veeam Software, one of the original pioneers in the protection of cloud and virtual machine data.
[Related: The 40 Coolest Data Protection/Management/Resilience Vendors: The 2023 Storage 100]
Veeam, in fact, was an investor in Alcion’s seed funding round and led the investment in the series A round.
The company’s first offering, already available, is an AI-driven Backup-as-a-Service platform for Microsoft 365 environments.
By combining data resiliency capabilities with data protection, Alcion joins a growing list of storage vendors looking at expanding how they protect customers’ data. This includes pure-play data protection vendors like Rubrik and Cohesity, which added data resiliency to their data protection technology from the start, as well as most legacy vendors that are in the process of doing so.
Legacy storage vendors tend to build their technology and then expand as new use cases emerge, Tolia told CRN.
“We saw that at Kasten, where people sometimes try to bolt on solutions to the legacy product but it does not work very well in practice for a number of reasons, as you would imagine,” he said. “In particular, look at ransomware. What we’ve seen is it is really hard to do ransomware detection and define granularity in a cost-effective manner unless you rethink how you do it.”
Alcion uses AI-driven technology to look at multiple ways ransomware can attack backed-up data and stop it before the data is disrupted, Tolia said.
“We are always observing and learning from normal user behavior,” he said. “We look for multiple signals because there are different ransomware swings. Some are slow attacks. Some are very fast. Some will replace the entire file. Some will encrypt in place. Some will encrypt only a small part of the file.”
Alcion is just starting but is on course to build a channel-first go-to-market model, particularly targeting the MSP space, Tolia said.
“When a customer says they want to work with a channel partner, we say ‘Yes,’” he said. “And we don’t have a preference to do direct sales, to be clear. The channel is extremely important to us. But as a young company, and this is how things work, we know some customers will prefer to transact directly. We are seeing that, especially on the smaller end of the SMB scale. But once they get a little larger, they usually have some MSP working with them.”
There’s a lot going on at this data protection startup. To learn more, read this CRN exclusive interview with Tolia.
What is Alcion?
Alcion is a modern data protection company. At the very nuts and bolts, it is AI-driven and built from the ground up for security. Our central thesis is that the vast majority of data loss is now going to be cyberthreat-related. So we’ve really looked at how do we reimagine data protection from a backup, disaster recovery, security-oriented point of view for the climate that our customers live in. We started off in a specific area, which was doing all of this for Microsoft 365 customers. And then we hope over the course of next year to expand from there.
What other products and services are you looking at for next year?
I can’t commit to anything right now. But what I can tell you is we’re getting pulled in two directions by customers. And we always are extremely customer-driven to expand to other parts of the Microsoft 365 ecosystem. In particular, we see a lot opportunity with Microsoft Dynamics. And that is somewhat obviously biased by the large number of customers we’re working with in this ecosystem. The other thing, we’re also getting asked from admins, especially admins in midmarket companies, who are saying, ‘Look, I’ve already given you access rights to protect all my data. But can you do more for me? Can you do more live email security, as an example, expanding on the security perspective?’ We can cover a little bit more of the customer surface area, getting closer to the customer. So those are things in the adjacency bucket, still similar things, but different kinds of workloads. And the first bucket would be to expand to backup at least initially to focus on other SaaS services because we feel that that is an underserved market. Business-critical data sitting in Salesforce, Dynamics, etc., is not always properly backed up today.
A lot of data protection vendors and storage vendors are moving into protect data, add cyber resilience on data backups, and so on. Why is there a need for a new stand-alone company like Alcion?
Having been in the startup space for a little bit, I have seen this in play. When you look at legacy companies, they build a product out, and then a new use case emerges. We saw that at Kasten, where people sometimes try to bolt on solutions to the legacy product but it does not work very well in practice for a number of reasons, as you would imagine. In particular, look at ransomware. What we’ve seen is it is really hard to do ransomware detection and define granularity in a cost-effective manner unless you rethink how you do it. So to give you an example. One of the top five enterprise backup vendors, I think this was last year, said no vendor has done very fine with file-level ransomware detection because they claim, and I’m quoting here, the delay and resource penalty would outweigh any benefits. We strongly disagree with that. What we do in our case, and I think we are one of the first to do this, is we normally do things at the user level. So we’re talking about not the entire company, not the entire backup, but for each user, each SharePoint site. We look at ransomware at the per-file level. And in a modern data protection system, you can do that. We also learn online, too, so we are always observing and learning from normal user behavior. We look for multiple signals because there are different ransomware swings. Some are slow attacks. Some are very fast. Some will replace the entire file. Some will encrypt in place. Some will encrypt only a small part of the file.
So today, what we do is, for each user and each file, we have multiple models that tell us is there a high chance of a ransomware attack happening at this point in time? And that’s not to say, in theory, you can’t do this. But in practice, how do you do it so that it’s quick, it’s efficient and delivers value to the customer? And that is just one example of what we see. We have AI in our domain. But a lot of companies have quote-unquote ‘AI’ in their domain, but was it really built from the ground up internally as what we call an ‘AI-native architecture?’ So we looked at how do we pair AI from the ground up with a data protection platform? What does that look like if we didn’t have legacy backup with us?
That’s just one example. There’s a lot of things that we do under the hood where we benefit from an extremely efficient data pipeline that we can do in the cloud. How we spin things down, how is it tied to serverless, how we scale things. Today, we are managing a petabyte of logical data. Since the last time we spoke, the number of tenants we are handling and the amount of data we are handling has gone up materially. But it requires you to rethink how to do that at scale because these are computationally expensive things. Apart from the dedupe, compression, etc., there’s scanning for malware, scanning for ransomware, and learning so you can take more intelligent actions, and learning continuously. So we don’t deploy models once a month, or we don’t deploy models once every two months. In fact, on every backup we learn and we update the models for that particular user. And we are proud of some of the things that we’ve done in that space.
What is Alcion’s go to market in terms of channels?
Right now, we do have a direct bot. We believe we will be heavily channel-focused. Right now, given where we are as a company, the channel will be seeing some of the more interesting things we’re doing. Where we’re seeing the most pull from is the MSP market. Obviously, as we broaden out, we’ll do more of the traditional CDWs and other channel partners. And we’re happy to work with them. When a customer says they want to work with a channel partner, we say ‘Yes.’ And we don’t have a preference to do direct sales, to be clear. The channel is extremely important to us. But as a young company, and this is how things work, we know some customers will prefer to transact directly. We are seeing that, especially on the smaller end of the SMB scale. But once they get a little larger, they usually have some MSP working with them. We already have MSP partners that we’re working with across the U.S. on our platform.
With this new round of funding of $21 million, Veeam led the round. Was Veeam also in the seed round?
I will tell you that everyone in the seed round also came in on the Series A round [including Veeam].
What is Veeam looking for by investing in Alcion?
This is a very interesting one. Normally, it is somewhat unusual for a company to take a large strategic round at this stage. And we have other options. This is not something that we did lightly. And if it had been someone else, I would not have done it. And just to be clear, there’s no IP agreement or anything of that sort here.
Veeam has led this round interested in lots of things we’re doing from the security perspective. And that also speaks to the size of the round. And I think that is one of the reasons why they did invest in us. There’s a shared amount of trust. We know the leadership team there. We’ve worked with them in the past, me and my co founder, they’ve worked with us
The amount of trust there was high, which led to this investment. Our focus does remain on our independent path, to be clear, on growing the company. There’s no promise of IP sales, marketing, anything of that sort from Veeam. It is about taking our independent path forward. Obviously, if there’s any potential for collaboration and strategic growth, etc., we’ll go figure that one out. But again, the round was structured in a way that maintains Alcion’s autonomy and the ability to make the right decisions for our customers.
Does Alcion have any other strategic investors?
No.
How about sales partnerships with a company like Veeam?
Alcion does not. Obviously, this could change. But as of today, we do not. Obviously, as a part of the funding, we did discuss this. But one of the reasons that made me comfortable with taking this funding is we have an independent path that includes go to market. We’ve seen this in terms of customer traction. And we’ve seen this in terms of how well the team is executing. So we did sign any sort of go-to-market agreement.
Good. Anything else we should know about Alcion?
We have our SOC 2 Type II certification. This is early for most companies, but we handle a lot of critical data. So we prioritized that.