Danish SaaS backup vendor Keepit is expanding its DACH business with a strategy centered on identity protection and data sovereignty, responding to a shifting threat landscape and regulation such as NIS2 and DORA, as shown at Munich 2026 edition of Technology Live!
Ransomware attacks that specifically target identity systems such as Microsoft Entra ID, combined with a growing political debate over digital sovereignty in Europe, are reshaping requirements for backup and recovery strategies. Danish vendor Keepit positions itself in this environment as an independent cloud alternative to the backup tools offered by the hyperscalers themselves, and continues to expand its business in the DACH region.
Keepit was founded more than 20 years ago on the premise that enterprise software would increasingly run as a cloud service, and that the resulting data would need to be protected independently. That premise led to a self-built object storage architecture that, according to the company, is now used by more than 20,000 customers across 15 countries. Keepit says it employs around 600 people, works with more than 1,000 partners and managed service providers, and operates its own data centers, including in Germany.
CTO Jakob Østergaard, who originally designed the company’s storage architecture, describes identity as the central risk factor: attackers increasingly attempt to lock organizations out of their own Microsoft or other cloud environments, for instance through compromised credentials or manipulated configurations. A cross-tenant restore capability, separated from the original tenant, is meant to let customers access protected data even when the original tenant is no longer available. On artificial intelligence, Østergaard says Keepit is deliberately taking a cautious approach.
Group CISO Kim Larsen, who previously worked for the Danish National Police and the domestic intelligence service PET and represented Denmark on NATO and EU security committees, also identifies identity as the leading attack vector. Larsen points to talks with the EU in Strasbourg on digital sovereignty and to a shifting threat landscape that he also describes as a form of hybrid warfare. Many disaster recovery plans, he says, are outdated or untested; upcoming regulation such as the EU’s NIS2 directive will add further pressure on companies to review their continuity planning.
According to Michael Heuer, who is responsible for the DACH region as Area VP, protecting data within SaaS applications remains fundamentally the customer’s responsibility, since providers such as Microsoft do not guarantee full data recovery as part of their availability commitments. He says this gap between availability and recoverability is increasingly being recognized even by large enterprises. Heuer also points to regulatory requirements such as the EU’s DORA regulation for the financial sector. In Germany, Keepit says it serves around 1,000 customers and works with roughly 200 partners, including SVA, Cancom, and Eric Sterck. At the start of the year, the company says it also moved its regional distribution to a two-tier model involving distributors TIM and Ingram Micro.
On the product side, Product Director Mark Groves says Keepit plans to expand its platform from 17 to 23 supported SaaS applications this year, including work on connecting Nextcloud and the European public-sector software OpenDesk. Groves also cites repeated incidents at platforms such as GitHub as evidence that developer tools, too, are increasingly becoming targets of attacks or outages.
On the partner side, Steffen Polenz, Head of ARC at Keepit partner all4cloud group, based in Viernheim, frames digital resilience as a distinct business capability that goes beyond classic backup. Polenz cites biotechnology company MorphoSys as a customer example and describes a tiered approach that combines Keepit with the SAP LeanIX software management solution. Compared with competitors such as Commvault, he says, Keepit is considerably simpler to administer.
The company’s most recent external recognition comes from its customer base: in early June, Keepit was named a TrustRadius Top Rated vendor for the fifth consecutive year in the SaaS Backup, Data Loss Prevention, Disaster Recovery, and Enterprise Backup categories, based entirely on verified user reviews. Earlier in June, the Business Intelligence Group also awarded the company the 2026 Fortress Cybersecurity Award in the Cloud Security category.
Heuer adds that Keepit’s positioning is also informed by its presence in analyst assessments such as Gartner’s coverage of backup and recovery platforms, which he says reflects a market that has matured significantly since SaaS applications became central to daily business operations. He argues that because Keepit has focused exclusively on SaaS data protection for years, rather than adapting infrastructure-era backup products, it is better placed to respond as new applications and threat patterns emerge.
Whether Keepit’s strategy of full independence from hyperscalers and European data residency proves to be a lasting competitive advantage will likely depend on how quickly regulation and market behavior in Europe actually move toward digital sovereignty.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de