Copenhagen, Denmark — December 16, 2025 — Keepit, the SaaS data protection company, today announced its recognition as a Leader in the IDC MarketScape: “Worldwide SaaS Data Protection 2025-2026 Vendor Assessment” (document #US52971725, December 2025).

Keepit Platform Core Capabilities

Keepit’s positioning is rooted in key platform differentiators that address modern enterprise data risks:

• Vendor-Independent Cloud Infrastructure: Keepit operates its own dedicated cloud centers across multiple regions (EU, Switzerland, UK, US, Canada, Australia). This ensures full data sovereignty and eliminates reliance on public cloud providers for storage.
• Immutable by Design Architecture: The proprietary object storage uses a blockchain-like Merkle tree structure, guaranteeing immutable data integrity. Logical air-gapping and anomaly detection protect data from ransomware.
• Unified Multi-SaaS Protection: The platform offers comprehensive protection for all major SaaS workloads, including Microsoft 365, Entra ID, Salesforce, Google Workspace, and Atlassian, all managed through a single interface.
• Advanced Recovery and Search: Features like point-in-time snapshots, smart search with preview, and cross-user restore options are designed to reduce downtime and streamline disaster recovery during critical incidents.
• Predictable, Transparent Pricing: Seat-based pricing includes unlimited data retention, zero egress fees, and no volume-based charges. This removes cost uncertainty and simplifies budgeting.

Focus on Innovation and Independence

Keepit differentiates itself by owning the entire technology stack and avoiding third-party infrastructure. This independence allows the company to innovate quickly and meet evolving market demands:

• API-Driven, Vendor-Neutral Architecture: Built modularly to enable the rapid onboarding of new SaaS applications as business needs evolve.
• Multi-tenant, MSP-Ready Capabilities: Includes white-labeling and advanced tenant management features tailored for managed service providers, enabling scalable service delivery.

“Organizations rely on SaaS more than ever, and they need protection that is independent, resilient, and easy to use,” Schouboe added. “We believe this recognition from the IDC MarketScape reinforces our commitment to delivering a platform that meets those needs—today and as the ecosystem evolves.”

Keepit, the only vendor-independent cloud platform dedicated to SaaS data protection, has been honored as the “Business Continuity Cyber Solution of the Year” in the 9th annual CyberSecurity Breakthrough Awards. This prestigious award, presented by the independent market intelligence organization CyberSecurity Breakthrough, recognizes the world’s most innovative information security companies and products.

Keepit’s award-winning platform provides robust protection for twelve key SaaS applications, including Microsoft 365, Salesforce, Google Workspace, and Okta. Built specifically for the cloud, it combines an intuitive design with enterprise-grade security and scalability. The platform ensures that critical data is secure, compliant, and rapidly recoverable. Features like its Data Protection and Anomaly Detection Dashboards empower organizations to maintain backup integrity and proactively identify, investigate, and remediate data risks before they escalate.

“Data resilience is the cornerstone of business continuity, and this award from CyberSecurity Breakthrough is a tremendous honor,” said Michele Hayes, Chief Marketing Officer at Keepit. “We provide ‘intelligent resilience’—enabling customers to make smart choices to protect their data and keep their business running, no matter what. Our goal is to help businesses not only recover from data loss but also stay ahead of risks in the first place.”
The annual CyberSecurity Breakthrough Awards program attracts thousands of nominations from over 20 countries, celebrating the most groundbreaking innovations in the global cybersecurity industry.

“With business-critical data increasingly moving to SaaS applications, the risk and cost of cloud data breaches are higher than ever,” said Steve Johansson, Managing Director at CyberSecurity Breakthrough. “Keepit’s vendor independence, broad application coverage, and rapid recovery capabilities are exactly what businesses need to ensure continuity. Their dedication to security makes them a clear choice for our ‘Business Continuity Cyber Solution of the Year’ award.”

Keepit, a leading provider of SaaS data protection, has been recognized as a winner in the Security category of the 2025 Stratus Awards for Cloud Computing. The awards, presented by the Business Intelligence Group, honor companies that are at the forefront of cloud innovation.

This award acknowledges Keepit’s excellence in using cloud technologies to deliver secure and transformative outcomes for its customers. The company’s platform provides vendor-independent data backup and utilizes seven global data center regions to help businesses with data sovereignty requirements. 

According to Michele Hayes, Keepit’s Chief Marketing Officer, this recognition validates the team’s commitment to building meaningful, cloud-first solutions. The award is one of several accolades the platform has received this year, including wins at the Global Infosec Awards and a Data Breakthrough Award.

This press release announces that Keepit, the only vendor-independent cloud for SaaS data protection, has appointed Jan Ursi as its new Vice President of Business Development. This move is part of the company’s strategy to expand its global reach and strengthen its channel partnerships.

New Leadership for a Growing Market 

Jan Ursi brings over two decades of experience in the IT and cybersecurity sectors, with a strong background in channel development and leadership. His past roles have involved building and managing global partnerships, which aligns with Keepit’s mission to enhance its channel-first go-to-market strategy. Ursi will be responsible for leading the company’s business development efforts, fostering new alliances, and expanding its presence in key markets.

Strategic Vision and Company Growth

According to the press release, the addition of Ursi to the leadership team is a significant step in reinforcing Keepit’s commitment to its partners and customers. His expertise will be crucial in helping the company scale its operations and deliver its unique data protection solution to a broader audience. Keepit’s platform is designed to offer simple, secure, and vendor-independent backup and recovery for a wide range of SaaS applications, helping organizations ensure business continuity and compliance.

Keepit, the only vendor-independent cloud solution for SaaS data protection, has been recognized with the 2025 Cloud Computing Security Excellence Award from TMC, a global media company. This prestigious award highlights companies that leverage cloud technology to deliver powerful and innovative cybersecurity offerings to the market.

Ensuring Data Resilience and Business Continuity

The award acknowledges the effectiveness of the Keepit platform in providing a critical solution for business-critical SaaS data. The article notes that many businesses have not kept pace with the need for robust backup and recovery as they migrate key data to SaaS applications, leaving them vulnerable to data loss.

The Keepit platform addresses this gap by offering a single solution to protect data across eleven major SaaS applications, including Microsoft 365, Google Workspace, Jira, and Okta. Its unique, separate, and immutable storage ensures data resilience, helps organizations maintain compliance, and mitigates the impact of ransomware attacks.

Industry Validation and Trust

Rich Tehrani, CEO of TMC, also praised Keepit, stating that the award is a testament to the company’s commitment to innovation and excellence in the cloud security market.

Headquartered in Copenhagen, Keepit continues to expand its global footprint with offices and data centers worldwide, building on the trust of its customers through its dedication to providing secure, reliable data protection.

Digital sovereignty as a strategic imperative

In recent years, digital sovereignty has shifted from a niche concern to a core strategic priority — especially in Germany, where trust, data protection, and independence have long been valued. The latest  — based on a Q2 2025 survey of more than 800 IT and cybersecurity leaders across Germany, France, Belgium, and the Netherlands — underscores this shift. Seventy-eight percent of European executives surveyed say their company’s leadership is more concerned about digital sovereignty today than a year ago. That awareness is particularly strong in Germany (81 percent) and France (83 percent). At the same time, 70 percent believe European companies are too dependent on foreign technologies and should reduce this reliance — prompting seven in ten organizations to consider switching to European cybersecurity providers.

This shows a growing awareness of the legal and geopolitical dimensions of digital infrastructure — and rising expectations for providers and operators.

What happens in a crisis or conflict?

It’s no longer enough to focus only on technical performance or the feature sets of cloud providers. Decision-makers are increasingly asking: Where is our data physically located? What laws apply? Who could theoretically or practically access it — and what happens in a crisis or conflict?

For many companies, these are no longer abstract questions. They’re central to risk management and long-term digital strategy.

These questions resonate strongly in Germany, where the  runs deep. Strict data protection laws were in place well before the . This makes Germany well-positioned to lead the current debate on digital sovereignty in Europe. Regulations like the GDPR and the  Directive provide a clear and binding framework — pushing decision-making toward greater responsibility, transparency, and long-term resilience.

The impact of extraterritorial laws

Another critical issue is the impact of extraterritorial laws like the U.S. CLOUD Act. This law allows U.S. authorities to access data from U.S.-based companies — even if that data is stored on servers outside the U.S., including in Germany. For many companies, that’s a contradiction: How can you control your own security architecture if foreign governments can  your sensitive data?

This reality shows that technical security isn’t enough — what’s needed is control over the contractual, technical, and legal frameworks.

In this context, it’s no surprise that many organizations are revisiting on-premises models or hybrid architectures. But the desire for control mustn’t stall innovation. There are alternatives to full in-house management. At Keepit, we’ve  purpose-built for the needs of European companies. We run our own independent infrastructure across several global regions — including the EU, in Germany and Denmark — and enforce strict separation between zones. Data stored in Germany stays in Germany. Access from other regions — even within our own systems — is technically impossible.

Our independence from hyperscalers like AWS, Microsoft Azure, and Google Cloud is also key. This strategic choice protects our users from global dependencies and indirect access paths. By owning and operating , we guarantee not only where data is stored but also who controls access — with full transparency. Our users know where their data is, what jurisdiction it falls under — and who isn’t allowed to see it.

No need to compromise

For Keepit,  isn’t a theoretical ideal. It’s a cornerstone of modern cybersecurity. The latest HarfangLab report makes it clear: Companies in Germany and across Europe are no longer willing to compromise when it comes to control over their data. The path to a sovereign and secure digital future may not be simple — but with the right partners and carefully chosen infrastructure, that future can be shaped.

At Keepit, we’re here to support that journey — with transparent, compliant, and self-operated solutions. Because digital sovereignty isn’t just about data protection — it’s the foundation of resilience and the ability to act in an increasingly complex digital world.

Modern Cyberattacks and the Power of Immutabil

Modern cyberattacks are measured in minutes, not days. The line between a contained incident and a catastrophe is often drawn before the security team even receives the first alert. In a recent Black Hat webinar, we deconstructed a real-world breach where sophisticated attackers, later attributed to the threat actor Silk Typhoon, compromised a network in minutes. Their attack was swift, silent, and effective—until they hit one unbreakable defense: immutability.

The Timeline of Compromise

Minute 0-1: The Initial Breach It began with a single, deceptive link clicked by a support admin. The phishing page quietly stole a valid session token, allowing the attackers to bypass multi-factor authentication and conditional access policies as if they were the legitimate user. The perimeter was gone in under 60 seconds. Minute 2: Privilege Escalation With the stolen token, the attackers exploited a zero-day vulnerability to deploy a web shell inside a Kubernetes pod within an Azure cluster. A single command dumped Microsoft 365 service principal secrets, instantly granting them delegated administrative rights across dozens of tenants. No alarms were triggered.

The Attacker’s Playbook: Destroy the Safety Net

With high-level credentials secured, the attackers initiated a classic anti-forensics strategy designed to make recovery impossible. They knew that as long as backups exist, the victim has a path back. Their objectives were simple and brutal:

• Purge Audit Logs: Erase any trace of their activity.
• Delete Backups: Send bulk deletion commands to wipe out all restore points.

By removing the evidence and the safety net, they aimed to leave the organization with no choice but to negotiate.

The Turning Point: The Immutable Wall

At approximately minute five, the attack unraveled. When the attackers’ high-privilege delete commands hit the backup storage repository, the system responded not with compliance, but with a hard stop: Error 403, Object Locked. The backup storage layer was configured with WORM (Write Once, Read Many) immutability, applied at the moment of data ingest. This meant that once a backup was written, it could not be altered or deleted by anyone—regardless of their administrative permissions—until its predefined retention period expired. The attackers’ stolen credentials were useless. They were bouncing off a digital wall that refused to honor their commands.

The Aftermath: The Gift of Time

The attackers’ failure to destroy the backups was the critical break in the kill chain. While the initial breach moved at machine speed, immutability stretched the incident response window from minutes into days. In cybersecurity, that is a lifetime. This gift of time allowed the defenders to:

• Investigate the breach without pressure.
• Rotate all compromised secrets.
• Confidently contain the scope of the incident.
• Restore clean data and resume business operations.

Instead of negotiating with attackers on a leak site, the team was executing a controlled recovery.

Key Takeaways for Security Leaders

This case study offers a clear lesson: your backups are a primary target. A determined attacker will not stop at your perimeter; they will go after your last line of defense first. When backups are truly immutable, even the most powerful stolen credentials cannot lead to their destruction. In this real-world scenario, the difference between containment and catastrophe was immutability, full stop.

Disaster recovery isn’t a one-time task—it’s an ongoing commitment. Mounting cyber threats, hybrid attacks, and strict regulatory oversight means recovery planning is no longer optional. It’s the foundation for business resilience. 

 

Disasters are broader than you think 

Natural disasters still top the list of major disruptions—fires, floods, earthquakes, and storms can cripple operations by severing infrastructure. But increasingly, it’s not just nature that brings systems down. 

 

Recent examples show how vulnerable businesses are to the failure of underlying services. A severed submarine cable, a telecom outage disabling emergency lines, or a botched software update that halts transportation—these aren’t hypothetical scenarios. They’re modern-day reminders that global infrastructure dependencies are fragile and easily disrupted. 

 

To mitigate this, organizations must identify their most vulnerable points and build redundancy into systems—both technically and operationally. 

 

The silent threat: Human error 

While cyberattacks and natural events make headlines,  Misconfigured retention policies, accidental deletions, and administrative oversights continue to plague enterprises of all sizes. The most sophisticated IT environments are not immune. 

 

Often mistakes aren’t discovered until it’s too late. And when data is lost, relying on SaaS vendors for recovery is a gamble. Native restore features may exist, but they’re typically limited, difficult to test, and not built to guarantee full-scale business continuity. 

 

Having independent, regularly tested backups is the only reliable way to safeguard against the full range of human-induced incidents. 

 

Culture is a security tool 

Mistakes happen. What matters is how organizations respond. A mature security culture ensures that employees feel empowered to report issues promptly—without fear of blame. The worst-case scenario isn’t a mistake—it’s a mistake that goes unreported and escalates. 

 

Security isn’t just about firewalls and patches. It’s about communication, education, and trust. Training must be real, relevant, and engaging. Employees should understand what phishing looks like in their specific business context. Developers should practice spotting malicious code. Security isn’t a one-size-fits-all effort; it’s a cultural investment. 

 

When vendors fail 

Cloud vendors aren’t perfect. History shows that even the largest players occasionally lose customer data due to bugs, misconfigurations, or internal errors. From lost security logs to deleted pension data, these incidents underscore a hard truth: shared responsibility doesn’t mean guaranteed protection. 

 

Whether it’s a coding bug deep within a service stack or a botched update affecting core systems, customers bear the brunt when data is lost—and they’re often powerless to recover without third-party backups. The only remedy is to assume failure is inevitable and prepare accordingly. 

 

Rising risks: Shadow IT, AI, and supply chains 

Security perimeters are dissolving. Shadow IT introduces unmanaged apps into corporate networks, often housing sensitive data unknown to IT teams. Employees, in a bid for productivity, may upload proprietary data into generative AI tools without realizing the risk. 

 

Supply chains also present growing vulnerabilities. Software delivered through trusted channels can be compromised, as seen in high-profile breaches where malicious updates slipped past defenses undetected. 

 

The antidote? Intelligent monitoring, rigorous classification, and a thorough understanding of where sensitive data resides. 

 

The case for testing—and testing again 

Every plan is theoretical until it is tested. Recovery strategies must be validated in real-world conditions—not just once, but regularly. Testing isn’t an inconvenience. It’s how businesses discover gaps before attackers do. 

 

Regulations like  and  now demand evidence of effective, recurring testing. It’s not enough to have a plan on paper—organizations must prove their ability to recover. Fortunately, with the right tools and automation, testing can be simple, even mobile-friendly. 

 

Modern disaster recovery must be as agile as DevOps. Recovery tests should be frequent, frictionless, and minimally disruptive. 

 

Defining what matters most 

You can’t protect everything. But you can protect what matters most. —identifying the systems, data, and applications that are most critical to business continuity. 

 

With hundreds of SaaS applications in use across a typical enterprise, organizations must prioritize recovery based on business impact, not just IT ownership. Recovery isn’t a single push-button event. It’s a sequence. Knowing what to bring online first—whether it’s payroll, CRM, or security tools—is key to minimizing downtime and revenue loss. 

 

Ownership also matters. Risk needs to be assigned, not just acknowledged. When system and data owners are accountable, they’re more likely to engage in the planning process. 

 

What good looks like 

A robust recovery strategy includes: 

 

• Clear classification of critical systems and data 
• Prioritized recovery plans that reflect actual business dependencies 
• Regular, automated testing of restore capabilities 
• Tamper-proof, immutable backups in a separate, secure cloud 
• Risk ownership embedded in every department 
• Training programs that are engaging, continuous, and context-specific 

 

Recovery is more than just technology. It’s culture, governance, and foresight.