The Winners & Losers of the 2017 Gartner MQ for DRaaS

Each year, Gartner produces its Magic Quadrant report on a wide range of technologies — from firewalls to business intelligence tools — to disaster recovery as a service.  And each year there are clear winners and losers, with a few vendors treading water.

And this year’s Magic Quadrant for DRaaS is no different.

First off, it’s worth noting that even qualifying for the Magic Quadrant is a big deal. According to Gartner, there are now north of 500 vendors in this space.  This year less than 5% of these companies made the cut, so any company on the list is worthy of consideration and is doing something right. It’s also telling that this year, 24 providers met the inclusion criteria, a 20% increase over 2016 and a 43% increase over 2015 (when only 14 vendors were included).

This all means that the market is growing, and growing fast, for organizations with critical systems and data.  Gartner estimates DRaaS  to be a $2.02 billion market currently, and they expecte it to reach $3.73 billion by 2021.

It’s also instructive to see the scoring criteria used by Gartner, as this gives you a sense of how the market is evolving and what would-be DRaaS buyers are demanding.  This year the criteria changed a bit with greater emphasis on affordability, product innovation, vendor focus, compliance, and global reach.


  • Value for the money. The increased emphasis on affordability, in terms of cost reduction or cost avoidance, reflects its growing importance as an adoption driver. The availability of true business continuity capabilities to companies of all sizes is the critical advantage DRaaS brings to the market.
  • Minimum viable product. Now, seamless heterogeneous workload support, orchestrated recovery, and failback are considered table stakes.
  • Degree of vendor focus. How much does the vendor focus on DRaaS? Is it their core business, or an add-on solution used to sell other core data center and cloud migration solutions?
  • Offering (product) strategy. According to Gartner, “as various DRaaS offerings continue to become commoditized across the market, the offering (product) strategy criterion has become more important.”
  • Compliance and Global Reach. Because more and more companies are leveraging DRaaS to meet regulatory requirements, Gartner put more weight on a DRaaS providers’ global reach.
  • Security. Thanks to security triggers like ransomware, vendors got bonus points for having differentiated security features.
  • Portal Functionality for Self-Managed vs Fully Managed. The bar for portal functionality has risen, especially for self-service style vendors, as it pertains to their ability to enable orchestrated recovery of workloads underpinning business processes.
  • End Users Versus Managed Providers. This is an interesting criterium, but it’s trying to get at the extent to which the end customer is getting a consistent positive product experience whether it be from the solution provider or from its partner community.

Now to our assessment.

When we compared the key players and looked at the 2016 vs 2017 results, there were some clear winners and losers.  The relative moves between the two years is important — as it could signal a change in vision, investment, and execution relative to their competitors. For example, vendors that are investing in the DRaaS category, both in terms of R&D and strategic focus, should result in an increase of “completeness of vision” and “ability to execute”, moving up and to the right year-over-year.


The Losers.

We defined a “loser” as any vendor that either fell off the report or that experienced a significant decline, either in terms of ability to execute or in their completeness of vision – usually this manifested in a change of quadrants, too.

  • Verizon. Last year, Verizon was a Challenger but this year dropped off the MQ.  According to Gartner: “Verizon has DRaaS capabilities but better serves customers with other requirements that include DRaaS versus those that have a desire for a DRaaS-only offering.”
  • Axcient. In 2016, Axcient was a strong leader, but dropped to Visionary status this year. Gartner noted as a caution that: “The Fusion service offering does not provide recovery for physical machines or perform automated failback. And pricing for Business Recovery Cloud is above average as compared to similar peers.”
  • Microsoft. Similarly, Microsoft dropped from Leader to Visionary which is surprising given its market heft and technical prowess. Gartner noted as a caution that “Microsoft Planned failover for VMware-based VMs is not supported currently. And physical x86 workloads, following a DR event, can only be failed back as a virtual workload.”
  • VMware. VMware’s vCloud Air was dropped because the tech giant no longer believes that its a significant player in the space due to an acquisition. “On May 28, 017, VMware’s vCloud Air business and associated operational services (including DRaaS) were acquired by OVH. Because VMware is no longer a significant player in the DRaaS market, it has been dropped from the Magic Quadrant,” according to the report.
  • NTT Communications. NTT Communications mad a big move from Visionary to Niche.  This seems to be a result of DRaaS being more of a sidelight for the company than a primary focus: “NTT Com is in the midst of a shift where most of its focus is on multicloud management (i.e., other public clouds such as Microsoft Azure) and consultative transformation — little focus is on DRaaS specifically.”


The Winners

On the positive side of the ledger, there were several vendors who made strong moves either up or to the right…or both.  These include:

  • Infrascale. Infrascale made one of the most impressive jumps, moving from Visionary to Leader. Infrascale has positioned their product to address the intersection of functionality, ease-of-use, and price. Infrascale’s advantage is that they aren’t super complicated and expensive. They are opening up the market to all the companies that couldn’t previously afford it — and who arguably need it the most.
  • Evolve IP. Evolve IP made a big move from the Niche to the Visionary quadrant in this year’s Gartner MQ. Evolve IP allows organizations to migrate multiple cloud computing and cloud communications services onto a single, unified platform. We believe that this had much to do with their favorable move in the Magic Quadrant.
  • Unitrends. Unitrends remained a Visionary but moved much further right (translation: more complete vision). At the core are Unitrends’ Recovery Series appliances, which include replication and orchestration, and automated recovery capabilities that are branded ReliableDR. Unitrends’ services are competitively priced and include automated, monthly full validation tests along with Recovery Time Actual (RTA) compliance reports.


Treading Water

There were several vendors that remained in the approximate same location within the MQ, including:

  • IBM. IBM Resiliency Services remains the gold standard and offers a full breadth of resiliency and high-availability related professional and managed services, including consulting, design, migration, implementation, business continuity management and cloud backup. Not surprisingly, given their enterprise focus, their “prices were significantly higher than the median.”
  • SunGard Availability Services. Sungard has been a perennial lead with a long history in this space, spanning more than 30 years. But, like other fully managed services their service is expensive – “prices offered by Sungard AS for the scenarios averaged 46% higher than the median price of other fully managed providers in this Magic Quadrant.”
  • Datto. Despite a pretty big marketing push in 2017, Datto remained a Visionary, moving slightly North within the quadrant. According to Gartner, “Datto does not mandate pricing control mechanisms. Consequently, prospective Datto customers may want to vet more than one MSP as each will vary in approach and cost.” Plus, “There are no guarantees with respect to uptime or recovery times. End users should be aware of this when discussing SLAs with the chosen MSP.”

Gartner’s Critical Capabilities Report

Gartner quietly produces another valuable piece of research called the Critical Capabilities Report which is an essential companion to the Gartner Magic Quadrant. The Critical Capabilities methodology provides deeper insight into providers’ product and service offerings by extending the Magic Quadrant analysis. You should use this research to further investigate product and service ratings based on key capabilities set to important, differentiating use cases.

The Critical Capabilities Report allows would-be buyers to further investigate product and service ratings based on key differentiators.  In the case of the DRaaS, each vendor was stack ranked on 15 criteria within four specific use cases:

  • Low complexity customer environment: Single data center with fewer than 75 instances; two targets (15-minute RPO/four-hour RTO and 12-hour RPO/12-hour RTO); and, with market-leading hypervisors, 100% virtualized.
  • Medium complexity customer environment: Single data center, with 75 to 150 instances; three targets: 15-minute RPO/four-hour RTO, one-hour RPO/10-hour RTO and 12-hour RPO/12-hour RTO.
  • Small enterprise complexity customer environment: Two data centers with more than 150 instances; four targets: 15-minute RPO/four-hour RTO, one-hour RPO/10-hour RTO, 12-hour RPO/12-hour RTO and 24-hour RPO/48-hour RTO.
  • Mid Enterprise complexity customer environment: Two or more data centers with more than 150 instances; four targets: 15-min. RPO/four-hour RTO, one-hour RPO/10-hour RTO, 12-hour RPO/12-hour RTO and 24-hour RPO/48-hour RTO.

While we cannot share the results of the Gartner Critical Capabilities Report, there were also some clear winners here too.

For low and medium complexity environments, Infrascale, Unitrends, Recovery Point, and Microsoft were the top performing vendors.  For small and midsize enterprises, Recovery Point, SunGard, IBM and C&W Business were the standouts (but Infrascale and Unitrends were nipping at their heels).

Many of these vendors we’ve also highlighted in our DRaaS-Comparison site (which does not require a subscription;). It’s interesting to see how well our rankings dovetailed scoring Gartner’s rankings and MQ placements.

We look forward to see how this market evolves over the next year and encourage you to leverage this research to help you develop your own short list of vendors for consideration.

Your Best Insurance Policy Against WannaCry Ransomware

Why DRaaS is Your Best Contingency Plan

The recent WannaCry ransomware attack infected nearly 300,000 systems in over 150 countries – all within a matter of hours. What’s more, many of us are left with a false sense of security simply because we’ve patched our Microsoft systems.

This is leaving everyone at risk to future attacks; but when we look at the WannaCry attack – the ransom demanded was only $300. Here’s the kicker: it’s not the ransom itself that’s so damaging to a business, it’s the cost of downtime associated with the attack. Let’s look at the numbers:

  • When you factor in operational downtime, staff resources, system replacement – ransomware is costing businesses more than $75 billion per year.
  • WannaCry alone, at conservative estimates, resulted in over $800 million in downtime and lost productivity.
  • With cloud backup solutions, it would take 4-5 hours to restore a production database.

So, what was learned?

Traditional approaches to backup simply don’t work against ransomware. The fact is, there is no single solution for ransomware, it instead requires a comprehensive approach. There are several factors in defense against these cyber criminals:

  • First is with your end users. Train and test end users to know how to recognize phishing attacks and suspicious links or attachments. Admins can use simulated attacks to ensure they’ve been properly conditioned to resist these threats.
  • Secondly is an anti-virus solution. You want to try to catch the threat before it takes root in your systems. Keep your software up-to date to always have protection in the background.
  • Your third line of defense is to have a DRaaS solution in place that allows for a backup of that data and systems (not just files and folders) along with the ability to roll back to a date before the ransomware hit and let you recover a clean version of the entire environment.

Generally speaking, any backup system will do, but keep in mind: You want it to allow you to roll back to a date before the ransomware hit, so you need file history or versioning capability built into your solution. Don’t get stuck with a backup solution in place that doesn’t keep versions of your files, that will be of no use to you when it comes time to recover. Also, you want it to backup your data and systems, not just files and folders on your individual machine – since we know ransomware will work itself through your network and spread like wildfire to the entire organization.

All organizations need a comprehensive data protection plan in place. Make sure to address security and compliance concerns, orchestration requirements, and RTO/RPO needs. Once you have a mitigation plan in place, you’ll be able to isolate the infection when it hits and utilize a disaster recovery as a service solution to quickly recover your files and running systems when you get infected, without having to pay that ransom.

Need to decide which DRaaS solution is your best defense against ransomware? Check out our vendor comparisons to learn more about each solution.