The Total Economic Impact™ Of Druva Data Security Cloud

Cost Savings And Business Benefits Enabled By Data Security Cloud

A Forrester Total Economic Impact™ Study Commissioned By Druva, July 2024

Businesses face increasingly complex data resilience challenges as security threats multiply across more data sources, regulations proliferate, and the expectations from customers become more demanding. Modern data security solutions need to create an immutable copy of data, enable security teams to leverage multiple sources of information to enhance detection and response, and help companies to comply with new laws. With enterprise data living across data centers, clouds, endpoints and SaaS Apps, organizations require significant automation and AI to respond to data and security problems faster and more accurately.

Druva makes secure data backup and recovery autonomous with a 100% SaaS, fully managed platform to secure and recover data from all threats. Druva’s comprehensive approach leverages real-time insights, powered by its Data Security Cloud, to constantly improve security posture and provide customers with autonomous protection, rapid threat response, and guaranteed data recovery. The company defends business data in today’s ever-connected world.

Druva commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Data Security Cloud.¹ The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Data Security Cloud on their organizations.

Return on investment (ROI)

224%

Net present value (NPV)

$1.20M

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives with experience using Data Security Cloud. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization.

Prior to implementing Druva, interviewees noted their organizations faced complex infrastructure challenges, relying on traditional on-premises data center solutions that required extensive manual management to protect enterprise, cloud, and SaaS data. The prevalence of mobile computing exacerbated endpoint backup difficulties, and interviewees noted their existing data protection strategies hindered cloud adoption while being costly and inefficient. Additionally, the interviewees’ organizations struggled with scalability, routine maintenance disruptions, and vulnerabilities highlighted by a cybersecurity incident, emphasizing the need for more secure and streamlined backup solutions. The interviewees expressed concerns that their organizations’ cyber recovery experience would be slow and cumbersome.

After implementing Druva, the interviewees’ organizations significantly streamlined their infrastructure by adopting Druva’s public cloud SaaS solution, eliminating the need for traditional on-premises hardware and reducing management complexity. Druva’s automated backup solutions addressed multiple backup challenges and facilitated cloud adoption, leading to improved cost efficiency and scalability with a transition to an opex model. Additionally, Druva enhanced cybersecurity, simplified disaster recovery, and strengthened data governance and compliance, resulting in increased efficiency, security, and clarity in data protection practices.

Anatomy Of A Ransomware Attack

According to Forrester Research, ransomware attacks often put the backup infrastructure itself under siege.² It’s not about just recovering from a backup. The resulting nexus requires infrastructure and operations professionals to work closely with their security and risk peers to ensure that they are recovering from an uninfected copy.

The chief information officer in the logistics industry described how their organization implemented Druva to protect the organization’s mission-critical backup sets: “From a ransomware perspective, we’ve implemented a multifaceted approach. On the proactive side, we have a third-party prevention product; on the reactive side, Druva is the solution if [an attack] does in fact happen. At least we know we can do a backup and a recovery, so we do have some reactive components there if we do get a ransomware attack.”

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

Decreased legacy solution and cloud service costs worth $812,000 over three years. Adopting Druva’s solution yields substantial cost reductions for the composite organization by eliminating hardware and software maintenance contracts, reducing storage space requirements, retiring legacy hardware and data centers, and consolidating disaster recovery infrastructure. These initiatives result in significant savings from consolidating data centers and leveraging a single cloud platform for disaster recovery alone. The transition to Druva facilitates efficient cost management by shifting expenses away from outdated systems towards more streamlined and cost-effective solutions.
Averted business loss from ransomware worth $761,000 over three years. Implementing Druva has bolstered the composite organization’s cybersecurity defenses, instilling greater confidence in its ability to fend off ransomware threats. This confidence is underpinned by investments in managed detection and response services post-incident, alongside Druva’s robust ransomware protection features like Ransomware Recovery and Data Lock. These measures enhance operational security by preventing unauthorized data deletions in addition to mitigating the risk of significant business losses from ransomware attacks, positioning Druva as a crucial safeguard against potential disruptions and financial impacts.
Improved backup and restore efficiencies worth $166,000 over three years. Implementing Druva enhances operational efficiency for the composite organization, significantly reducing time spent on daily backup and verification tasks. This newly streamlined process reduces time spent on these tasks from 2.5 hours per day per staff member to just 1 hour, allowing the composite organization to realize substantial time savings. Additionally, managing backups is notably more efficient, reducing from a full day to only 2 hours and resulting in a weekly savings of 60 hours across the team. These improvements extend to faster data recovery and device provisioning — exemplified by recovering data and setting up new devices within 24 hours — and underscore Druva’s role in enhancing overall backup management effectiveness and minimizing operational downtime.

Unquantified benefits. Benefits that provide value for the interviewees’ organizations but are not quantified for this study include:

Enhanced security and resiliency. Druva’s cloud-based platform improved data security with features like encryption and multifactor authentication. The interviewees’ organizations gained confidence in their cybersecurity posture due to Druva’s ransomware protection capabilities, including Security Posture and Observability, Accelerated Ransomware Recovery, and Data Lock, providing substantial peace of mind.
Simplification of disaster recovery processes. Druva automated the interviewees’ organizations’ previously complex and manually intensive disaster recovery processes, streamlining operations and reducing the risk of human error.
Ease of deployment and management. Interviewees noted the implementation of Druva’s solution was seamless with swift ramp-up time and minimal complexity, significantly contributing to the overall efficiency and effectiveness of the solution.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

Backup service subscription fees of $437,000 over three years. The composite organization adopts backup services at a discounted rate per terabyte (TB) over three years, starting at a lower cost due to lower TBs stored in Year 1. Total costs increase by Year 3 due to storage growth. The cost per TB of warm and cold (archival) storage remain consistent over three years. This investment is tailored to meet the composite organization’s growing archival requirements, as indicated by the rising number of credits annually. The resulting subscription fees over the three-year period illustrate the financial commitment associated with implementing Druva’s backup solution, emphasizing its long-term cost implications for the composite organization.
Third-party professional services costs of less than $32,000 during implementation. The composite organization incurs an initial investment in third-party professional services of $31,500 and is anticipated to be a singular expenditure without recurring in subsequent years. This assumption emphasizes that the expense is a one-time occurrence and highlights its adjusted impact on the overall financial evaluation.
Internal implementation costs of less than $30,000. Forrester’s assessment outlines a three-month implementation period for the composite organization, involving three employees dedicating 40 hours each per month at a fully burdened hourly rate of $75. Over the three-year period, this cost remains consistent, reflecting the calculated impact of upfront implementation expenses on the overall financial analysis.
Management and administrative costs of less than $38,000 over three years. The composite organization maintains two administrators dedicated to backup tasks throughout the analysis period. Each administrator carries a fully loaded hourly salary of $75, committing 8 hours per month to their responsibilities. Projected management and administrative costs are estimated annually and over three years, emphasizing the structured financial outlook on ongoing administrative commitments.

The representative interviews and financial analysis found that a composite organization experiences benefits of $1.74 million over three years versus costs of $536,000, adding up to a risk-adjusted net present value (NPV) of $1.20 million and an ROI of 224%.

“Druva gives me increased assurance around security and data.”

IT director, automotive

“The biggest benefit is time gained back from the operational staff of having to maintain hardware and software configurations.”

Chief technology officer, media

“[Regarding ransomware protection], Druva does all this stuff in the background to keep the backup safe and also [performs] scans to [check] if the backups [are] compromised and then [takes action], such as putting it in a sandbox.”

Senior IT systems engineer, cybersecurity technology

Key Statistics

Return on investment (ROI)

224%

Benefits PV

$1.74M

Net present value (NPV)

$1.20M

Payback

<6 months

Benefits (Three-Year)

Decreased legacy solution and cloud service costs Averted business loss from ransomware Improved backup and restore efficiencies

TEI Framework And Methodology

From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Data Security Cloud.

The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Data Security Cloud can have on an organization.

Due Diligence

Interviewed Druva stakeholders and Forrester analysts to gather data relative to Data Security Cloud.
Interviews

Interviewed four representatives at organizations using Data Security Cloud to obtain data about costs, benefits, and risks.
Composite Organization

Designed a composite organization based on characteristics of the interviewees’ organizations.
Financial Model Framework

Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Case Study

Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

Disclosures

Readers should be aware of the following:

This study is commissioned by Druva and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Data Security Cloud. For the interactive functionality using Configure Data/Custom Data, the intent is for the questions to solicit inputs specific to a prospect’s business. Forrester believes that this analysis is representative of what companies may achieve with Data Security Cloud based on the inputs provided and any assumptions made. Forrester does not endorse Druva or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, Druva and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The interactive tool is provided ‘AS IS,’ and Forrester and Druva make no warranties of any kind.

Druva reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Druva provided the customer names for the interviews but did not participate in the interviews.

Consulting Team:

Roger Nauth

Drivers leading to the Data Security Cloud investment

Interviews

Role	Industry	Geography	Revenue	Number Of Employees
Chief technology officer	Media	United States	$11.5B	1,800
IT director	Automotive	United Kingdom	$2.5B	3,000
Senior IT systems engineer	Cybersecurity technology	United States	Not reported	750
Chief technology officer	Engineering and architecture	United States	Not reported	670

Key Challenges

The interviewees noted how their organizations struggled with common challenges, including:

Data center complexity. The interviewees noted their organizations operated multiple data centers with diverse workloads and technologies, creating a complex infrastructure environment.
Multiple solutions and unwieldy operations. According to interviewees, their organizations’ past and incumbent backup solutions required significant manual management and maintenance.
End-user data backup challenges. The rise of mobile computing and a mobile workforce made backing up end-user data across endpoints and SaaS applications (i.e., M365 and Google Workspace) difficult for the interviewees’ organizations.
Cost and efficiency. Interviewees noted that maintaining on-premises hardware like tape drivers and disk storage in addition to cloud storage was costly and inefficient, prompting their organizations to move from capex to opex models for better spending and scalability. Some of these interviewees’ organizations had previously done air-gapped backups to the cloud or stored backups for long-term retention in the cloud.
System maintenance and downtime. Routine maintenance, software updates, and failures of on-premises systems led to downtime and operational disruptions for the interviewees’ organizations, highlighting the need for a more reliable data protection solution.
Cybersecurity and ransomware recovery. Interviewees noted past cybersecurity incidents underscored vulnerabilities in their organizations’ backup infrastructure, reinforcing the need for secure, off-site backup solutions to mitigate future risks by enabling faster incident response and cyber recovery.
Complexity of IT infrastructure. The interviewees’ organizations faced challenges managing diverse IT environments across multiple offices and data centers, complicating data protection and compliance efforts.
Transition to cloud and compliance. Moving from on-premises to cloud environments required robust solutions for the interviewees’ organizations to ensure compliance and security across hybrid cloud infrastructures.
Legacy backup issues and operational disruptions. Legacy systems, such as tape-based backups, were prone to failures, complex to manage, and costly, impacting operational continuity and compliance efforts.

“Maintaining the systems, [including] updating the code on data deduplication arrays, was always complex. There’s nothing worse from a data protection standpoint than suddenly exceeding your capacity of your backup storage system.”

Chief technology officer, media

“In summary, it was about the high cost of stuff we deploy and maintain, which [comprises] the hidden expenses that go into supporting [activities such as] backing up infrastructure, swapping tapes, and updating the hardware, software, and firmware that go along with all that stuff.”

Chief technology officer, engineering and architecture

“We were spending so much time doing [a number of] things that [were] unrelated to really supporting the technology initiatives of the business.”

Chief technology officer, engineering and architecture

Solution Requirements/Investment Objectives

The interviewees’ organizations searched for a solution that could:

Ensure data availability. Interviewees noted their organizations wanted a solution that could provide reliable and uninterrupted access to critical data and applications.
Simplify management. Interviewees’ organizations sought a solution that could offer an intuitive management interface that reduces the complexity of administrative tasks.
Enhance data security. The interviewees’ organizations wanted a solution that could implement robust security measures to protect sensitive data from unauthorized access and breaches.

All interviewees shared the same, primary solution requirement: a cloud-native system built for — and on — an accessible, data security-sensitive public cloud. As demonstrated in Figure 2, Forrester identified five sources of data that could be protected via one or a combination of four key backup use cases. Interviewees understood this positioning, which allowed them to optimize multiple objectives to harvest maximum protection and efficiency from Druva at a minimum cost.

Additional investment objectives included gaining the ability to:

Centralize data in the cloud. All interviewees cited moving their organizations’ backup infrastructure to the cloud as their main business objective. Their already-lean teams were thinly distributed for constant coverage of their global remit. Interviewees wanted the ability to bring backup management control into central IT operations and monitor their data all from the cloud.
Respond to their organizations’ specific and granular needs. Interviewees were drawn to Druva’s first-to-market, cloud-native data security solution for several reasons. Multiple interviewees discussed the excellent customer service they would have missed with prior vendors. Druva’s responsive product development processes helped them shape the Druva roadmap to align with their specific use cases and allowed the customer to have greater influence on Druva’s product strategy.

“I’m not exaggerating by saying Druva was probably one of the easiest things we’ve ever implemented in my whole career.”

Chief technology officer, engineering and architecture

Customer Data Security Goals

As part of its organizationwide security and retention updates and best practices, interviewees had varying data security goals, ranging from moving completely to the cloud and eliminating all data centers to moving from fully on-premises to a hybrid SaaS model.

Figure 2. Sources and backup options for enterprises span technologies and locations

Composite Organization

Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the four interviewees, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:

Description of composite. The composite is a $6.5-billion enterprise based in the United States with 5,000 employees. The company is a highly complex organization with a requirement for robust data protection strategies and a significant interest in ransomware protection and disaster recovery.

Key Assumptions

$6.5 billion in revenue
5,000 employees
Highly complex organization
Requirement for robust data protection strategies
Significant interest in ransomware protection and disaster recovery

Quantified benefit data as applied to the composite

Total Benefits

Ref.	Benefit	Year 1	Year 2	Year 3	Total	Present Value
Atr	Decreased legacy solution and cloud service costs	$280,250	$330,695	$377,324	$988,269	$811,563
Btr	Averted business loss from ransomware	$290,395	$307,819	$322,287	$920,501	$760,530
Ctr	Improved backup and restore efficiencies	$66,690	$66,690	$66,690	$200,070	$165,848
	Total benefits (risk-adjusted)	$637,335	$705,204	$766,300	$2,108,839	$1,737,941

Decreased Legacy Solution And Cloud Service Costs

Evidence and data. The combination of eliminating maintenance contracts, reducing storage requirements, retiring hardware, consolidating disaster recovery infrastructure, and shifting expenses highlighted the significant cost reduction benefits the interviewees’ organizations experienced after adopting Druva’s solution.

Elimination of hardware and software maintenance costs. The chief technology officer at a media company told Forrester that adopting Druva allowed their organization to eliminate hardware maintenance contracts, spare part delivery services, and software maintenance contracts. Although specific dollar amounts were not provided, the implication was that these costs were significant and their removal resulted in substantial savings: “With Druva, we eliminated all of the hardware maintenance contracts and 1 hour of spare part delivery services coming in. Software maintenance contracts going away and not having to perform those.”
Reduction in storage space requirements. The IT director at an automotive company highlighted that with Druva, their organization no longer needed as much storage space for backups: “We have savings right now because we’re backing up in the cloud. We don’t need so much space for storage, so we haven’t had to purchase extra storage because we don’t store backups.” This reduction in storage requirements directly translated into cost savings for the interviewee’s organization, particularly in terms of decreased expenses for additional storage capacity.
Retirement of backup hardware and infrastructure. The chief technology officer at an engineering and architecture firm stated that their organization was able to retire existing backup hardware and related infrastructure. This retirement involved significant cost savings associated with not having to maintain and operate outdated systems and facilities. The interviewee noted that by consolidating from two data centers to one and leveraging a single cloud platform for disaster recovery, their organization estimated savings of around $3 million in hardware costs alone. This consolidation and shift to cloud services with Druva contributed to decreased overall costs related to disaster recovery infrastructure.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization achieves substantial savings from reduced legacy solution and cloud service costs across a three-year period.
Savings are realized from avoiding costs associated with backup and disaster recovery hardware, data center expenses, and offsite storage, totaling $150,000 in Year 1 and escalating to $201,957 by Year 3.
Additional savings stem from avoided expenditures on software, maintenance, and other services, starting at $100,000 in Year 1 and reaching $134,638 by Year 3.
The composite organization benefits from efficiencies in cloud backup services, saving $20,000 in Year 1 and increasing to $26,928 by Year 3, alongside optimized cloud consumption savings of $25,000 in Year 1, growing to $33,660 by Year 3.

Risks. The value of this benefit can vary across organizations due to the following:

Variability in the actual implementation and adoption of cloud services and optimizations may lead to lower-than-expected savings in cloud consumption costs.
Changes in the organization’s IT strategy or business requirements could affect the extent to which legacy hardware and data center costs are avoided, potentially reducing overall savings.
Economic factors or market conditions influencing cloud service pricing and terms could impact the anticipated savings from cloud backup services, leading to fluctuations in cost benefits.

Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $812,000.

$812K

Three-year present value savings

Decreased Legacy Solution And Cloud Service Costs

Ref.	Metric	Source	Year 1	Year 2	Year 3
A1	Avoided legacy hardware, data center, and offsite storage costs	Composite	$150,000	$177,000	$201,957
A2	Avoided software, maintenance, and other services costs	Composite	$100,000	$118,000	$134,638
A3	Savings from cloud backup services	Interviews	$20,000	$23,600	$26,928
A4	Savings from optimized cloud consumption	Composite	$25,000	$29,500	$33,660
At	Decreased legacy solution and cloud service costs	A1+A2+A3+A4	$295,000	$348,100	$397,183
	Risk adjustment	↓5%
Atr	Decreased legacy solution and cloud service costs (risk-adjusted)		$280,250	$330,695	$377,324
Three-year total: $988,269		Three-year present value: $811,563

Averted Business Loss From Ransomware

Evidence and data. Interviewees claimed their organizations averted business loss from ransomware due to improved cybersecurity confidence, investment in additional security measures, and specific Druva features. They also noted:

Confidence in cybersecurity posture. The senior IT systems engineer at a cybersecurity technology organization described their increased confidence in their organization’s cybersecurity measures after implementing Druva. They noted their organization felt more secure against potential ransomware threats, which in turn implied a reduced risk of business loss due to such incidents. This interviewee said, “Druva does all this stuff in the background to keep the backup safe [including performing] scans to see if the backups [are] compromised and then puts it in the sandbox and [among other actions] like that.”
Investment in ransomware protection offers peace of mind. The chief technology officer at an engineering and architecture company, which had experienced a ransomware incident, told Forrester: “Druva’s ransomware protection is ... a peace of mind. ... Through the process of discovering what the payload was, we can create our own hashes for the ransomware. We can scan all of our backups for that.” This proactive approach indicated a commitment to preventing future ransomware attacks, further supporting the notion that Druva contributed to mitigating the risk of business loss.
Operational security benefits. Interviewees mentioned enhanced operational security benefits, including Druva’s ability to prevent unauthorized deletion of backups, underscoring the interviewees’ organizations’ improved resilience against ransomware attacks. This resilience directly correlated with the potential to avert business losses caused by data breaches and system downtimes. The senior IT systems engineer at a cybersecurity technology company told Forrester: “Druva provides us the answers on how they handle the data. … I have more time to do other stuff, or each member of our team has more time to do other stuff. So, we can help our own people be faster, which is a huge impact.”

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization faces a high probability of experiencing breaches each year, estimated at 90% annually.³
The mean cumulative cost of these breaches is projected to be $4,621,000 in Year 1, rising to $5,128,482 by Year 3.⁴
Of the breaches, 49% are expected to involve both external and internal attacks on organizational data.⁵
The annual risk exposure from these attacks is calculated to be $2,037,861 in Year 1, increasing to $2,261,661 by Year 3.
Druva addresses 20% of these external and internal attacks related to ransomware incidents.⁶
The implementation of Druva’s solution results in averting 75% of potential losses from these ransomware attacks.

Risks. The value of this benefit can vary across organizations due to the following:

Variability in the effectiveness of Druva’s ransomware protection features across different organizational IT environments may lead to differing levels of ransomware attack mitigation, potentially affecting the amount of business loss averted.
Changes in the frequency or severity of ransomware attacks over time could impact the assumptions around the probability and cost of breaches, thereby affecting the projected savings from averted business losses.
Inaccurate estimation of the percentage of breaches addressed by Druva’s ransomware protection capabilities (20%) could result in overestimating or underestimating the actual impact on mitigating ransomware-related losses.

Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $761,000.

$761K

Three-year risk averted ransomware business loss

“Druva’s ransomware protection [provides] peace of mind.”

Chief technology officer, engineering and architecture

“We have worked with Druva and evaluated the [company’s] security [capabilities], especially around ransomware protection and recovery. It’s really what I’m most interested in. It all goes back to my being able to sleep at night.”

Chief technology officer, media

Averted Business Loss From Ransomware

Ref.	Metric	Source	Year 1	Year 2	Year 3
B1	Probability of experiencing one or more breaches per year	Forrester research	90%	90%	90%
B2	Mean cumulative cost of one or more breaches per year	Forrester research	$4,621,000	$4,898,260	$5,128,482
B3	Percentage of breaches external and internal attacks on organizational data and folder assets	Forrester research	49%	49%	49%
B4	Annual risk exposure from external and internal attacks on organizational data	B1B2B3	$2,037,861	$2,160,133	$2,261,661
B5	Percentage of external and internal attacks addressed by Druva — ransomware	Forrester research	20%	20%	20%
B6	Percentage of loss from these ransomware attacks avoided with Druva	Interviews	75%	75%	75%
Bt	Averted business loss from ransomware	B4B5B6	$305,679	$324,020	$339,249
	Risk adjustment	↓5%
Btr	Averted business loss from ransomware (risk-adjusted)		$290,395	$307,819	$322,287
Three-year total: $920,501		Three-year present value: $760,530

Improved Backup And Restore Efficiencies

Evidence and data. Interviewees stated backup and restore efficiencies improvements included reduced time spent on daily backup and verification tasks, decreased time required for backup management, and faster data recovery and device provisioning. These efficiency gains contributed to overall operational effectiveness and cost savings. Furthermore, reclaimed time enabled the interviewees’ organizations’ staff to focus on innovation rather than routine maintenance.

Reduction in time spent on backup and verification. Before adopting Druva, interviewees noted the backup and verification process took 2 to 3 hours per day for two staff members. After adopting Druva, this time was reduced to about 1 hour per day. Assuming an average of 2.5 hours previously, this means each staff member saved approximately 1.5 hours per day. Over a typical five-day workweek, this resulted in a time savings of 7.5 hours per week per staff member at the interviewees’ organizations.
Reduction in staff time spent on backup management. Prior to Druva, interviewees noted two full-time employees spent their entire day (approximately 8 hours) managing backups. With Druva, these employees now spent only about one-quarter of their day on these tasks (approximately 2 hours). This resulted in time savings of 6 hours per day per staff member. For two staff members, this totaled 12 hours saved per day. Over a 5-day workweek, this equated to 60 hours saved per week. The chief technology officer at an engineering and architecture firm told Forrester: “We were spending way more time managing backups than we should have been just because of all the stuff that I mentioned earlier. ... We don’t really do that anymore. So that is huge.”
Time savings for operational staff. The operational staff at interviewees’ organizations gained back approximately one-quarter of their time, which, assuming a 40-hour workweek, translated to 10 hours per week per staff member. This time was reallocated to other tasks, contributing to overall efficiency improvements. The chief technology officer at an engineering and architecture firm told Forrester: “If I need to restore something, I can do it from one place, I don’t have to go to six different locations or try to think of okay, where’s this data, or how do I get that back? It’s all in one spot and I have the confidence that I can get it back pretty easily.”
Faster data recovery and device provisioning. The IT director at an automotive company noted they provided an employee with a new laptop within one day and recovered all their data. This interviewee estimated that without Druva, it might have taken around 48 hours to recover the data, with potentially 8 hours of their team’s time involved. The interviewee said: “Within 24 hours, we’d provisioned him with a new laptop and recovered all of his data onto the new laptop, so he was back up on operation within 24 hours. And that, for me, is a really a great testament to our own process of getting him a new laptop, but of the Druva backup process.” This example illustrated a significant improvement in restore efficiency and reduced downtime.
Improved overall backup management. The chief technology officer at an engineering and architecture firm told Forrester that they spent significantly less time managing backups compared to before Druva. They estimated that their company has reduced the amount of time spent managing backups by half despite the company doubling in size over the past five years. This suggested a major improvement in efficiency as a result of using Druva.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization employs two full-time equivalents (FTEs) dedicated to managing backup operations throughout the analysis period.
Druva’s implementation leads to a 75% reduction in the hours spent managing backups, translating to a total of 1,170 work hours saved annually.
The fully burdened hourly rate for FTEs responsible for managing backups is $60 per hour, reflecting standard industry compensation.
These calculations assume a consistent reduction in workload due to Druva’s deployment, maintaining a stable hourly rate for FTEs managing backups throughout the analysis.

Risks. The value of this benefit can vary across organizations due to the following:

The anticipated 75% reduction in work hours may vary depending on the complexity of the organization’s IT environment and the effectiveness of Druva’s implementation. Factors such as existing infrastructure complexity or integration challenges could impact the extent of efficiency improvements achieved.
The fully burdened hourly rate for FTEs managing backups is $60. This may not accurately reflect real-world costs if productivity levels or compensation structures change over time. Variations in FTE availability or additional duties assigned could affect the overall cost savings projected.
Unforeseen difficulties during Druva’s implementation, such as integration issues with existing systems or data migration complexities, could delay the realization of efficiency gains. These challenges might require additional resources or time, potentially impacting the expected cost savings outlined in the analysis.

Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $166,000.

3,510 hours

Three-year total of work hours avoided because of Druva

$166K

Three-year, risk-adjusted backup and restore efficiencies

“The time savings is one of the biggest benefits of having Druva.”

Senior IT systems engineer, cybersecurity technology

Improved Backup And Restore Efficiencies

Ref.	Metric	Source	Year 1	Year 2	Year 3
C1	Number of FTEs managing backups	Interviews	2	2	2
C2	Number of hours per day required to manage backups prior to Druva	Interviews	3	3	3
C3	Number of workdays per year	TEI standard	260	260	260
C4	Number of hours per year managing backups prior to Druva	C1C2C3	1,560	1,560	1,560
C5	Percentage of reduction in work hours because of Druva	Interviews	75%	75%	75%
C6	Work hours avoided because of Druva	C4*C5	1,170	1,170	1,170
C7	Fully burdened hourly rate for an FTE responsible for managing backups	TEI standard	$60	$60	$60
Ct	Improved backup and restore efficiencies	C6*C7	$70,200	$70,200	$70,200
	Risk adjustment	↓5%
Ctr	Improved backup and restore efficiencies (risk-adjusted)		$66,690	$66,690	$66,690
Three-year total: $200,070		Three-year present value: $165,848

Unquantified Benefits

Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:

Enhanced security and resiliency. The interviewees emphasized enhanced security and resiliency, with Druva’s cloud-based platform providing superior data resiliency and security through advanced features such as built-in air-gapped backup, encryption, and multifactor authentication. The interviewees’ organizations also experienced heightened confidence in their cybersecurity posture due to Druva’s cyber response and recovery capabilities, which include robust features like a managed data detection and response (MDDR), Data Lock, Unusual Data Activity, and Curated Recovery, offering substantial peace of mind.
Simplification disaster recovery processes. The simplification of disaster recovery processes was another key benefit for the interviewees’ organizations. Druva automated what was previously a complex and manually intensive disaster recovery strategy, thereby streamlining operations and reducing the potential for human error.
Ease of deployment and management. Ease of deployment and management was highlighted as a notable benefit. The interviewees described the implementation of Druva’s solution as seamless with a swift ramp-up time and minimal complexity. This simplicity in deployment contributed significantly to the overall efficiency and effectiveness of the solution for the interviewees’ organizations.

“We had a cyber incident two years ago. We had a big virtual environment where we backed up a lot of central files to the virtual environment, which we lost. [With Druva], I don’t lose sleep anymore about whether [we have] people’s data backed up.”

IT director, automotive

“We’ve really increased our security footprint or security posture. Druva really fit in nicely with that.”

Chief technology officer, engineering and architecture

Flexibility

The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Data Security Cloud and later realize additional uses and business opportunities, including:

Scalability. Scalability emerged as a significant advantage for the interviewees’ organizations, with Druva’s cloud-based solution offering their organizations greater agility. This allowed for seamless adaptation to evolving requirements and facilitated the rapid deployment of new workloads, enhancing overall operational efficiency. Additionally, the platform’s ability to centralize data management further streamlined operations, making the interviewees’ organizations faster and more agile.
Ability to focus on strategic initiatives. Druva’s solution improved operational efficiency, enhanced data protection, provided flexibility for future growth, and simplified disaster recovery processes, thereby enabling the interviewees’ organizations to focus on more strategic initiatives.
Decommissioning data centers and other hardware. The divestment of hardware and infrastructure was mentioned by several interviewees as a major benefit.⁷

Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).

“From a resiliency standpoint, we are able to be more agile now. If we need to do a project around data and analytics and we need to stand up a new test environment and restore gigs worth of data, we know that we can expand.”

Chief technology officer, media

Druva: Optimization And Sustainability In Data Centers

Forrester research highlights how sustainability and infrastructure optimization go hand in hand, since optimization leads to efficiency.⁸

Interviewees reported they have prioritized efforts around tech stack rationalization or backup and recovery tools.

Traditional data storage was tied to data gravity, which mandates that the backup technology be in close physical proximity to the mission-critical data being backed up. As data shifts out of data centers and organizations seek to secure resilient cloud data environments, they may unlock many sustainability-related advantages in the future.

Information technology is already under scrutiny for its growing carbon footprint; it’s also becoming the backbone of every industry, and firms are taking notice. Forrester analysis shows a recent 30% to 40% rise in sustainability-related RFP questions from our clients across various industries, with top four as:⁹

1. Scope 1, 2, and 3 emissions and carbon capture.
2. Roadmap and carbon goals.
3. Data center efficiency — power usage effectiveness and water usage effectiveness.
4. Infrastructure operations-specific initiatives.

According to the International Energy Agency (IEA), global data center electricity demand in 2022 was about 460 terawatt-hours (TWh), a figure that could rise to more than 1,000 TWh by 2026 in a worst-case scenario.¹⁰

Quantified cost data as applied to the composite

Total Costs

Ref.	Cost	Initial	Year 1	Year 2	Year 3	Total	Present Value
Dtr	Backup service subscription fees	$0	$152,640	$176,299	$203,626	$532,565	$437,452
Etr	Third-party professional services costs	$31,500	$0	$0	$0	$31,500	$31,500
Ftr	Internal implementation costs	$29,700	$0	$0	$0	$29,700	$29,700
Gtr	Management and administrative costs	$0	$15,120	$15,120	$15,120	$45,360	$37,601
	Total costs (risk-adjusted)	$61,200	$167,760	$191,419	$218,746	$639,125	$536,253

Backup Service Subscription Fees

Evidence and data. Interviewees reported their experiences with Druva’s backup subscription fees. In Year 1, the initial cost for Druva’s backup subscription was $152,640. By Year 2, the cost increased to $176,299, reflecting the annual subscription fee. In Year 3, the subscription fee further rose to $203,626. The total cost over three years amounted to $532,565, with a present value of $437,452.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization invests in backup services at a discounted rate per terabyte.
Backup service subscription fees are calculated by multiplying the investment per terabyte by the total credits required, resulting in $152,640 for Year 1, $176,299 for Year 2, and $203,626 for Year 3.
There is no risk adjustment applied to these costs.

Risks. The value of this cost can vary across organizations due to the following:

Variability in data growth rates within the organization may impact the total credits required for backup services. Higher-than-expected data growth could lead to increased costs beyond initial projections, especially if data retention policies or regulatory requirements change.
Any changes in the pricing structure or discounts offered by the backup service provider could affect the investment per terabyte assumed in the model. If the organization fails to negotiate similar discounts in subsequent contract renewals, it could lead to higher subscription fees than anticipated.
Advancements in technology or shifts towards more cost-effective storage solutions could potentially reduce the per terabyte cost of backup services over time. Failure to capitalize on such advancements might mean missed opportunities for cost savings compared to the assumed pricing in the model.

Results. To account for these risks, Forrester adjusted this cost upward by 0%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $437,000.

Backup Service Subscription Fees

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
D1	Backup subscription fees for Druva	Interviews and Druva		$152,640	$176,299	$203,626
Dt	Backup service subscription fees	D1	$0	$152,640	$176,299	$203,626
	Risk adjustment	0%
Dtr	Backup service subscription fees (risk-adjusted)		$0	$152,640	$176,299	$203,626
Three-year total: $532,565		Three-year present value: $437,452

Third-Party Professional Services Costs

Evidence and data. Interviewees noted upfront costs for third-party professional services that averaged $30,000.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization incurs an initial cost of $30,000 for third-party professional services.
This cost is only incurred initially, with no additional third-party professional services costs in Years 1, 2, or 3.
A 5% risk adjustment is applied to the initial cost.

Risks. The value of this cost can vary across organizations due to the following:

Changes in business requirements or unforeseen circumstances may necessitate additional third-party professional services beyond the initial engagement. This could lead to higher costs than originally budgeted if the organization requires specialized expertise or support not initially anticipated.
Variability in pricing or changes in the service provider’s fee structure could impact the cost of professional services. If the service provider increases their rates or introduces new fees during subsequent engagements, it could result in higher costs than the 5% risk-adjusted initial estimate.
Any delays or inefficiencies in the delivery of third-party professional services could prolong projects or increase the amount of time billed by the service provider. This could potentially inflate costs beyond the risk-adjusted initial estimate, especially if project timelines are extended due to unforeseen complexities or resource constraints.

Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $32,000.

Third-Party Professional Services Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
E1	Third-party professional services costs	Interviews	$30,000
Et	Third-party professional services costs	E1	$30,000	$0	$0	$0
	Risk adjustment	↑5%
Etr	Third-party professional services costs (risk-adjusted)		$31,500	$0	$0	$0
Three-year total: $31,500		Three-year present value: $31,500

Internal Implementation Costs

Evidence and data. The interviewees described a three-month implementation period with three employees dedicating 40 hours per month to implementation.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization requires a three-month implementation period involving three employees.
Each employee works 40 hours per month on the implementation. The fully burdened hourly rate for implementation employee is $75.

Risks. The value of this cost can vary across organizations due to the following:

Unforeseen delays in the implementation process, such as technical issues, resource constraints, or changes in project scope, could extend the originally estimated three-month timeline. This could result in additional hours billed by employees or increased costs associated with prolonging the implementation period beyond what was initially budgeted.
Fluctuations in labor costs or changes in the fully burdened hourly rate of employees involved in the implementation could impact the overall cost. If there are salary adjustments, benefits changes, or unexpected overtime hours required during the implementation phase, the total internal implementation cost could exceed the 10% risk-adjusted estimate of $29,700.
Complexities arising from integrating new systems or software with existing infrastructure could pose risks during implementation. If compatibility issues or technical hurdles arise that require specialized expertise or additional resources to resolve, it could lead to higher costs than initially anticipated, affecting the budgeted internal implementation expenditure.

Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $30,000.

Internal Implementation Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
F1	Number of months for implementation	Interviews	3
F2	Number of employees working on implementation	Interviews	3
F3	Fully burdened hourly rate for an implementation employee	TEI standard	$75
F4	Number of hours devoted to implementation per person	Interviews	40
Ft	Internal implementation costs	F1F2F3*F4	$27,000	$0	$0	$0
	Risk adjustment	↑10%
Ftr	Internal implementation costs (risk-adjusted)		$29,700	$0	$0	$0
Three-year total: $29,700		Three-year present value: $29,700

Management And Administrative Costs

Evidence and data. Interviewees noted that their organizations employed two administrators who were dedicated to backup tasks consistently post-implementation.

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization employs two administrators dedicated to backup tasks throughout the analysis period.
The fully burdened hourly rate for an administrator is $75 with an assumed workload of 8 hours per month per administrator.
Management and administrative costs are projected to be $14,400 annually.

Risks. The value of this cost can vary across organizations due to the following:

Variability in the number of personnel dedicated to backup administration could impact management and administrative costs, potentially altering the financial outlook.
Fluctuations in fully burdened hourly salaries due to market conditions or organizational changes may affect overall costs over the analysis period.
Changes in the workload or efficiency of backup administrators, influencing the hours allocated per month, could lead to unforeseen adjustments in management and administrative expenses.

Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $38,000.

Management And Administrative Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
G1	Number of people working on backup administration	Interviews		2	2	2
G2	Fully burdened hourly rate for a backup administrator	TEI standard		$75	$75	$75
G3	Hours per month per backup administrators	Interviews		8	8	8
Gt	Management and administrative costs	G1G2G3*12	$0	$14,400	$14,400	$14,400
	Risk adjustment	↑5%
Gtr	Management and administrative costs (risk-adjusted)		$0	$15,120	$15,120	$15,120
Three-year total: $45,360		Three-year present value: $37,601

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Total costs Total benefits Cumulative net benefits

The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.

These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.

Cash Flow Analysis (Risk-Adjusted Estimates)

	Initial	Year 1	Year 2	Year 3	Total	Present Value
Total costs	($61,200)	($167,760)	($191,419)	($218,746)	($639,125)	($536,253)
Total benefits	$0	$637,335	$705,204	$766,300	$2,108,839	$1,737,941
Net benefits	($61,200)	$469,575	$513,785	$547,555	$1,469,715	$1,201,688
ROI						224%
Payback						<6 months

Appendix A: Total Economic Impact

Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

Total Economic Impact Approach

Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”

PRESENT VALUE (PV)

The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
NET PRESENT VALUE (NPV)

The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
RETURN ON INVESTMENT (ROI)

A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
DISCOUNT RATE

The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
PAYBACK PERIOD

The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.

The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.

Appendix B: Endnotes

¹ Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.

² Source: Forrester Consulting Cost Of A Cybersecurity Breach Survey, Q1 2021.

³ Ibid.

⁴ Ibid.

⁵ Ibid.

⁶ Ibid.

⁷ Source: Factors Driving The ROI Of Sustainability, Forrester Research, Inc., April 22, 2021.

⁸ Source: Tech Buyers’ Sustainability Questions, 2021, Forrester Research, Inc., August 2, 2021.

⁹ Ibid.

¹⁰ Source: Electricity 2024: Analysis and forecast to 2026, International Energy Agency, January 2024. Energy. Data Center Dynamics.

ABOUT FORRESTER CONSULTING

Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.

© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.

Cookie Settings

This website uses cookies to deliver functionality and enhance your experience. GDPR requires that we obtain your consent before activating these cookies. Please accept the use of cookies or review your cookie settings now.

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.

Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.

Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.

Please see our Privacy Policy for more information.

Executive Summary

Anatomy Of A Ransomware Attack

Table Of Contents

Key Findings

Key Statistics

224%

$1.74M

$1.20M

<6 months

Benefits (Three-Year)

TEI Framework And Methodology

Due Diligence

Interviews

Composite Organization

Financial Model Framework

Case Study

Disclosures

The Druva Data Security Cloud Customer Journey

Drivers leading to the Data Security Cloud investment

Interviews

Key Challenges

Solution Requirements/Investment Objectives

Customer Data Security Goals

Composite Organization

Key Assumptions

Analysis Of Benefits

Quantified benefit data as applied to the composite

Total Benefits

Decreased Legacy Solution And Cloud Service Costs

Decreased Legacy Solution And Cloud Service Costs

Averted Business Loss From Ransomware

Averted Business Loss From Ransomware

Improved Backup And Restore Efficiencies

Improved Backup And Restore Efficiencies

Unquantified Benefits

Flexibility

Druva: Optimization And Sustainability In Data Centers

Analysis Of Costs

Quantified cost data as applied to the composite

Total Costs

Backup Service Subscription Fees

Backup Service Subscription Fees

Third-Party Professional Services Costs

Third-Party Professional Services Costs

Internal Implementation Costs

Internal Implementation Costs

Management And Administrative Costs

Management And Administrative Costs

Financial Summary

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Cash Flow Analysis (Risk-Adjusted Estimates)

Appendixes

Appendix A: Total Economic Impact

Total Economic Impact Approach

PRESENT VALUE (PV)

NET PRESENT VALUE (NPV)

RETURN ON INVESTMENT (ROI)

DISCOUNT RATE

PAYBACK PERIOD

Appendix B: Endnotes

ABOUT FORRESTER CONSULTING