Duplicati: Zero trust, fully encrypted backup

Published: May 13, 2024
By: Erica Lindberg

Open Core Ventures (OCV) is proud to announce the launch of Duplicati Inc., a backup solution built on top of the open source project Duplicati. With funding from OCV, Duplicati’s founder, open source creator-turned-CTO Kenneth Skovhede, plans to expand Duplicati from a personal-use backup client to an enterprise-ready backup and recovery solution.

During the great cloud migration of the early 2020s, backup and data security was largely wrapped into single-point solutions sold by cloud computing market leaders. The COVID-19 pandemic accelerated the transition to the cloud and left many companies scrambling to implement a cloud strategy. As the dust has settled, companies are finding that these “magic bullet” one-size-fits-all solutions sold by the market leaders aren’t cutting it when it comes to backup and data security. “Companies are starting to refine their security portfolios to better match their needs,” said Kenneth. “They need a more sophisticated backup solution.”

Raising cloud costs combined with the growing risk of cyberattacks has prompted a need to re-evaluate how backup and data security are handled. While companies must have disaster plans and be able to quickly restore their data, increased security threats have shifted trust-but-verify security strategies to strict trust-no-one models. “Companies are increasingly prioritizing zero trust security strategies,” said Sid Sijbrandij, General Partner at OCV. “Duplicati is well positioned to serve this need—it’s natively zero trust and highly flexible.” Duplicati implements a least privilege approach by putting access control in the hands of the owner instead of managing data as a third party. Only the person(s) with the keys can access the data. By focusing on targeted use cases, Duplicati is unique in that it can easily be rolled out across cloud, endpoint, or self-managed environments.

According to the 2024 Data Protection Trends report, the majority of organizations surveyed anticipate changing their backup strategy and increasing backup spend in the coming years. “It’s no longer acceptable to tack on backup and data protection to existing security solutions,” said Betty Ma, COO at OCV. “Enterprises need secure, stable options that just work.”

Since its inception nearly 15 years ago, Duplicati’s been focused on providing a zero-trust, open source backup solution that’s easy to use as well as platform and storage destination independent. Over 80 million backups were run by Duplicati in 2023 alone. With the initial $2M funding from OCV, Duplicati plans to hire a small team of engineers to improve the open source core and develop enterprise-ready features.

From personal backup client to enterprise-ready backups

Duplicati was created by Kenneth in 2008 after discovering there weren’t great backup solutions available that his less technically inclined friends could easily use. “I wanted to make something people could easily install without needing to follow a lot of instructions,” said Kenneth. “I found the open source project Duplicity and worked with that for a bit but soon realized it had shortcomings that were not easily fixable. I decided to take on the challenge and design a new way for storing backups.”

An early mover on the zero-trust security trend, Kenneth’s new design meant locking out anyone who didn’t have the key. “If you put your files in a cloud-hosted place someone else could have access to those files,” said Kenneth. “You want to make sure those files are secure. So the design stems from a trust no one architecture. Only you have the key and that’s the only thing that can decrypt it.” To make Duplicati easy to use, Kenneth created a GUI, an uncommon feature for open source backup tools. “It’s been one of our differentiators,” said Kenneth. “Open source tools generally don’t have a friendly user interface.”

When Duplicati started, there were only a few cloud storage options, where S3 was the clear leader. This landscape has changed quite a bit since then. “By creating a company around the open source project we can finally build the capabilities and tools needed by managed service providers and enterprises to leverage Duplicati backup,” said Kenneth. “We want to make it easy for them to monitor and manage their data security while retaining the high configurability of Duplicati.”

Partnering with OCV to create Duplicati Inc. will allow Kenneth to work on the project full-time after 15 years. “Trying to run the project as an open source volunteer but hasn’t been realistic,” said Kenneth. “There’s a limit to how far I could take the project without investment.”