Alcion Exits Stealth As ‘Modern AI-Driven Company’ Focused On Data Protection, Security, CEO Says

‘You will be seeing a lot more work on the security side. We know very well how to do core backup and disaster recovery. ... But we have also been spending a lot of time on the security side to bring those worlds together. I think we will see this fundamentally be the market shift in the next couple of years,’ says Alcion co-founder and CEO Niraj Tolia.

Data Protection Or Security?

The storage business in the past couple of years has embraced some key IT security functionality as a way to act as the last defense of data. This is most commonly seen in the adoption of ransomware protection by most if not all of the large storage vendors and data protection developers. Indeed, some traditional data protection companies are starting to label themselves as security companies, although they are quick to note that they don’t want to compete with more traditional security offerings.

Enter Alcion. The Santa Clara, Calif.-based company at the end of May exited stealth mode with a plan to be a “modern” data management company combining data protection and security as a single integrated offering.

Alcion was founded by storage veterans Niraj Tolia and Vaibhav Kamra. The two were co-founders of Kasten, a developer of backup and disaster recovery technology for Kubernetes-native workloads that in October 2020 was acquired by Veeamn Software, the data management and protection technology developer. Tolia also spent years at other storage vendors including EMC and Hedvig, while Kamra spent years at EMC and Microsoft.

Alcion provides an intelligent and secure SaaS platform to protect Microsoft 365 users against ransomware, malware, corruption and accidental data loss, Tolia told CRN.

The company’s data protection technology also comes integrated with ransomware and malware protection, he said.

Alcion, which uses technology based on the open-source Corso platform and is a lead developer on the project, takes advantage of AI to add automation to data protection and security, as well as make it easy to use, Tolia said.

“How do we be intelligent in terms of how we do backups, not just doing backups based on user activity or native scheduling, so when users are likely to be most active, you reduce recovery time objectives?” he said. “But also, how do you respond to the world around you? We do automatic integration against, for example, XDR systems where if something is attacking your VMs or your laptops, the odds are they’re going to get to your Microsoft 365 data sitting in SharePoint and OneDrive.”

There’s a lot of movement to bring key data management, data protection and security technologies together, and Alcion is that rare company born right in the middle of that movement. Here is more of what Tolia had to say about the company and its approach.

Define Alcion.

Alcion is a modern AI-driven company. We’re solving the problem of data management and data protection. Traditionally, data protection has only meant backups. But in this case, we are looking at a combination of backups as well as security. We’re starting in the area of modern SaaS services—how to protect people whose data is now in the cloud. We started with Microsoft 365 just because of how quickly it’s growing an underserved market. But in a nutshell, we are AI-driven data protection for Microsoft 365.

You said ‘modern’ SaaS services. What are you doing differently than some of the other companies that may not be startups anymore but are relatively new to the market?

First of all, ‘modern’ is a funny word. I always look at ‘modern’ as a point in time. What is modern today might not be modern three years from now, as an example. But let’s talk about differentiation. I believe what Vaibhav [Kamra], my co-founder, believes. We’ve been working in backup and data protection for 20-plus years. My Ph.D. dissertation was on deduplication. …

You said your Ph.D. dissertation was on deduplication?

Right. So I’ve been working in this space for a little while now. But honestly, it does not matter what I do. It matters what our customers feel. And to give you context, we’ve been live with customers since January. We officially launched May 31, but we’ve been live with customers since January. … I’m going answer in the context of how our customers believe we are differentiated, where they see our value. Essentially what we provide is three legs of the stool in terms of differentiation. Each is valuable enough, but the way they combine is the way we look at it.

What are the three legs?

First of all, there is a security aspect. A fundamental thesis is a lot of the digital disruption is going to be cyberthreat-related. So malware, ransomware, etc. And how do you build something like this? Do you do this inline? How do you do it in an API-first manner so you can integrate with XDR [extended detection and response] and SIEM [security information and event management] systems? Already coming out of the gate, we have some of that. So that is one core angle. That’s where a lot of the business need is coming from.

When you look at the MSP, SMB, midmarket segments, a lot of our customers have to wear many hats. They may be managing multiple pieces of IT, or they are an MSP working with different players in the space, or they have multiple products under their portfolio offering and they want something extremely easy to use they can rely on. So ease of use is another very big deal for us.

And a large component of combining security and ease of use is combining it with AI. How do we learn user behavior? How do we take ‘control’ away from the user? How do we be intelligent in terms of how we do backups, not just doing backups based on user activity or native scheduling, so when users are likely to be most active, you reduce recovery time objectives? But also, how do you respond to the world around you? We do automatic integration against, for example, XDR systems where if something is attacking your VMs or your laptops, the odds are they’re going get to your Microsoft 365 data sitting in SharePoint and OneDrive. To detect threats in the broader environment, we will go to intelligent backups and proactive backups. We’ll mark last-known good backups without the user having to do anything.

Today, there’s a data protection business and a security business. And it sounds like you’re trying to do both. Are you trying to supplant security protection?

The short answer is yes. And this is not how we started off thinking about it. When we founded the company a year and a half ago, we did a lot of research. We talked to multiple customers before we wrote the first line of code. And we found out in the minds of the end user that there was less differentiation than even three years ago. And so our approach is to not say, ‘Look, we’re going to compete with CrowdStrike or Palo Alto Networks.’ To be clear, our core business is in data management. This is about what we call a ‘batteries included’ approach. That is, we have core functionality that will detect ransomware, as an example. But if the user or customer has other ransomware systems in place doing some of this, we’ll integrate with that.

As an example, because we’re starting with the Microsoft 365 ecosystem, if a customer has Microsoft Defender in place, we will integrate against Microsoft Defender’s APIs to pull additional information into us. So there’s some functionality that comes out of the box with the product, the ‘batteries included’ component, and then there’s what we can supplement it if the customer chooses to do so. We don’t want to boil the ocean. This is about what the customer really wants to see in a product like this. Everything has been customer-driven for us.

Will the security side be more important going forward? In other words, do you expect to add more security functionality in the future?

Yes. This is a continuing effort for us. We have a lot of big plans in that area because this is what everyone is asking for. This is not just a marketing thing. So we like saying ‘AI-driven.’ We like to say, ‘security first.’ But this is what customers really care about because the vast majority of them have been impacted by something malicious. We call it the inevitability of ransomware. It is somewhat sad, but that is where the industry finds itself today. So what do we do from a holistic angle? How do we close the security loop? How do we do it with ease of use? That’s where the AI components come in. Because you don’t want to have incident fatigue, especially for a backup administrator or an IT administrator wearing multiple hats. So how we combine all of these is going to be the focus.

But in short, yes, you will be seeing a lot more work on the security side. We know very well how to do core backup and disaster recovery. As I said, my co-founder and I have been doing it for a couple of decades now each. So we know that side well. But we have also been spending a lot of time on the security side to bring those worlds together. I think we will see this fundamentally be the market shift in the next couple of years.

Who are your main competitors? How would you describe your competitive advantage over Veeam and those type of companies?

In terms of the biggest competitors we see out there, there are Veeam and Commvault Metallic. They occupy somewhat different segments of the space. In terms of Veeam, it’s a very different go-to-market motion. We are a complete SaaS platform, which I believe is a better fit for some of the workloads we’re going to protect first versus Veeam being a product for different needs. We love the folks at Veeam, to be clear. They’ve done a great job. But I believe there’s a lot of space here. And it’s not a zero-sum market. The market here is growing.

With Veeam, we see a definite difference in offerings. Veeam also recently announced a couple of things on monitoring security. But given our core security focus, I think that will be a differentiator from the AI and security perspective. And there’s how the product runs. We’ve built a product to be very easy to use. If you try our product today and your first backups aren’t running within 10 minutes of you hitting our website for the first time, we’ve done something wrong. I think it literally takes six clicks from the first time you visit our website to start your backup. Something along those lines, don’t hold me to that. It might be eight.

How about competition with Commvault Metallic? Metallic is very focused on SaaS.

Between the AI and security aspects of things, there’s the somewhat harder-to-quantify things when talking about ease of use, AI, security, features, road map, things of that sort. Ease of use is somewhat more qualitative than quantitative, but we hear about that, too.

What is Alcion’s go-to-market strategy in terms of channels?

Our focus initially will be resellers. But it’s a little bit blurrier with SaaS when compared to more traditional on-prem product. We’re seeing interest from the MSP community, so we’ll have a lot more focus on that in the second half of this year. We’re definitely already engaged with MSPs. We have an open-source project called Corso. Where we talk about product, we have a Microsoft 365 backup product we’re focusing on for backup and recovery. Completely open source. So we’ll definitely be working more with MSPs in terms of channels. We’ll do whatever the customer needs to procure the product.

Kasten was pretty much all-channel by the time we got acquired. I think we were doing the vast majority, if not all, via channels. With Alcion, we’re seeing a lot of customers, especially the smaller ones, saying, ‘Give me a credit card swipe option.’ People look at that for a SaaS business because they want to say, ‘I want to sign up, make sure it works. That’s great. I’ll pay.’ And then move on with life. So we will offer a direct sales option here.

But we will be engaging with MSPs and resellers first. Distributors will come a little bit down the line when the company’s bigger and has a proven growth path. We don’t believe we can do everything ourselves independently. Our goal, especially as we grow, is engage more with the channel, support the channel, see what we can do. We’ve done it in the past. We can do it again.

On the MSP side, will you be working with MSP platforms like ConnectWise or Kaseya?

Kaseya is interesting. They somewhat compete with us their acquisitions. Some of the integrations into companies like ConnectWise as an example might be more later down the line. Initially, if we wanted a direct engagement with an MSP, what does that mean? We don’t take this lightly. That includes everything from billing APIs, API integration into their own console, and not just say, ‘Hey, we give you an API.’ Our initial focus, I think, will be direct MSP relationships. Later on, we might do it more through what I look at as the distributor for MSPs.

Alcion exited stealth with a seed round funding of $8 million. Is that the total funding in the company so far?

This is one of those things where, until something is complete, I don’t want to talk about it. But we have a few interesting things in play right now. But nothing that I can unfortunately talk about today. Yes, $8 million in the bank. And most of the investors we’ve been working with for many, many years now across many companies.

Any strategic investments?

This again is something I cannot talk about right now. But you will likely see announcements in the next few months. Because I look at strategic [investments] not from a funding perspective, but from a go-to-market perspective. And so I think it’s a separate bucket there for me. But this investment was an angel round.