When Edwin Weijdema discusses data resilience with enterprise customers across Europe, the Middle East, and Africa, he often encounters organizations that believe technology alone will solve their resilience challenges. As Field CTO for EMEA at Veeam® Software, Weijdema brings a different perspective grounded in three decades of cybersecurity experience: data resilience requires equal attention to people, processes, and technology.
Veeam has transformed into a leader in data and cyber resilience, guided by five core pillars: data backup, data recovery, data security, data portability, and data intelligence—and now enhanced with AI-powered capabilities. This evolution underscores a fundamental shift in enterprise data management, where AI-driven threat detection, anomaly monitoring, and intelligent automation play pivotal roles. In today’s landscape defined by ransomware, regulatory demands, and hybrid cloud complexity, Veeam’s next-generation platform empowers organizations to proactively safeguard, recover, secure, and intelligently leverage their data with resilience by design.
The Five Pillars: Building Blocks of Modern Resilience
Veeam Data Platform delivers the five key requirements to keep a business running: Data Backup, Data Recovery, Data Portability, Data Security, and Data Intelligence. Each pillar addresses a specific dimension of enterprise resilience, and together they form a framework that extends well beyond traditional backup and restore operations.
The first pillar, data backup, remains the foundation. Research shows 93% of ransomware attackers target backups first, and about 85% of companies have experienced at least one successful attack, with 26% suffering four or more. Organizations cannot assume backups alone are enough; they must be comprehensive, protected, and regularly validated.
The second pillar, data recovery, focuses on meeting recovery time objectives (RTOs) and recovery point objectives (RPOs) under pressure. Studies show that 25% of the time, companies lose access to their data even after paying a ransom. This highlights why recovery capabilities must be tested continuously, not discovered during an incident.
The third pillar, data portability, addresses vendor lock-in and infrastructure flexibility. Organizations need the ability to move workloads across hypervisors, clouds, and platforms without data conversion barriers. This becomes especially important as enterprises reassess virtualization strategies and cloud commitments in response to licensing changes and data sovereignty requirements.
The fourth pillar, data security, treats cybersecurity as part of data resilience rather than a separate discipline. Immutable backups, threat detection, and forensic tools help organizations defend against attacks and recover effectively. Integrating security with backup operations enables faster incident response and cleaner recovery.
The fifth pillar, data intelligence, operates across three dimensions: embedding AI to strengthen the platform's own capabilities, simplifying administration through intelligent digital assistants, and extracting business and security insights from protection data. The underlying premise is that backup infrastructure holds a wealth of operational intelligence that, when properly analyzed, can inform decisions well beyond IT.
Moving Beyond Technology: The Trifecta Approach
Weijdema emphasizes, "I always use the trifecta: people, process, technology. Technology supports processes, which people use. Many AI projects fail because they reverse that." This observation applies equally to data resilience initiatives. Organizations that deploy sophisticated backup platforms without addressing organizational readiness or operational processes often fail to achieve meaningful resilience improvements.
"We always look at customer demand, market risk, hacking threats, and how we can solve headaches, and help people sleep at night. It's not just technology," Weijdema explains. This customer-centric approach informs Veeam's product development roadmap and partner engagement strategy.
Veeam's regional field CTOs work directly with customers and partners who have experienced attacks, gathering firsthand intelligence on incident patterns and translating those insights back into product and strategy. "We have different people within Veeam looking at the market, what happened in incidents, talking to partners and customers and helping those that have been hit. That's why we have field CTOs in every region. We talk to partners and customers, then feed information back to product management,” Weijdema said.
This feedback loop ensures Veeam's platform evolution reflects real-world attack patterns and recovery challenges rather than theoretical threat models. Insights gathered from ransomware incidents, failed recovery attempts, and successful resilience implementations inform both Veeam's product development and the guidance it provides to partners and customers.
Data Sovereignty and Regulatory Compliance
European organizations face mounting pressure around data sovereignty, particularly in the context of geopolitical tensions and regulatory frameworks like GDPR, NIS2, and DORA. Weijdema addresses a common misconception: "Some people say, 'We have to store data locally.' Locality is not sovereignty by default.”
The distinction is important. True data sovereignty requires control over where data resides, who can access it, and the ability to move it when regulatory boundaries shift. "We have data portability, so you can pick things up and move them elsewhere when they again fit within your boundaries. Because of GDPR, seven years ago, you could already specify where backup storage resides,” Weijdema said. “You can even apply rules like 'This dataset cannot go to the UK,' or vice versa. Now with sovereignty and geopolitics, people say, 'Oh, we need that.' You already had it.”
This capability has become increasingly relevant as some organizations reconsider cloud strategies. "Some are pulling back from the cloud because of sovereignty, using Veeam tools to move workloads back and get them running.” The flexibility to repatriate workloads without data loss or extended downtime demonstrates the practical value of the portability pillar.
Expanding into Primary Data and AI Governance
Veeam is now branching into primary data resilience, notably through its recent acquisition of Securiti AI. "It gives context across the full lifecycle of data, from cradle to grave," Weijdema explains. This expansion addresses a critical challenge facing organizations deploying AI systems: data quality and trust.
"A big issue with AI projects today is dirty data. Everyone says they're doing AI, but only ten percent have a business reason. The rest do it because everyone else does.” This observation reflects the broader concern that AI adoption driven by competitive pressure rather than strategic planning often fails to deliver business value.
AI systems require clean, well-governed data throughout their lifecycle, from training datasets to production inference and ongoing model monitoring. Organizations need confidence that training data has not been compromised, that AI-generated outputs can be validated against source data, and that AI systems can be restored to a known good state following an attack or model drift.
The Securiti AI acquisition positions Veeam to address these requirements by extending resilience and governance capabilities to primary data stores, not just backup repositories. This unified approach to managing both secondary and primary data represents a significant expansion of Veeam's addressable market and strategic positioning.
Partner Ecosystem Evolution
Veeam's evolving offering has not only added partners to its roster, but has also driven some existing partners to adapt, moving from backup and recovery into security services as well. This ecosystem evolution reflects the blurring boundaries between data resilience and cybersecurity operations.
"We push organizations to mature in resiliency. It's a journey. You don't become mature overnight," Weijdema explains. Veeam supports this maturity journey through Partner Central, Partner University, training programs, beta access, and launch events that help partners stay aligned with the company's strategic direction.
"We focus heavily on explaining the 'why', not just the 'how'," Weijdema highlights. This emphasis on strategic context rather than purely technical implementation helps partners articulate value to customers in business terms. Understanding why immutable backups matter, why recovery testing is non-negotiable, and why data portability provides strategic flexibility enables more consultative partner engagement.
They also rely heavily on feedback from the partner community, creating a two-way dialogue that informs product development while helping partners shape their service offerings around emerging customer needs.
The AI Opportunity and Risk
When asked about the potential for an AI bubble, Weijdema says he does not see a collapse in the foreseeable future. He identifies the risk instead as FOMO, with companies rushing into AI adoption without a plan, which may lead to firms pausing, reassessing, and restarting projects.
This pattern, adoption driven by competitive pressure rather than clear use cases, creates both challenges and opportunities for data resilience vendors. Organizations that deploy AI systems without adequate data governance, security controls, and resilience capabilities will inevitably face incidents requiring recovery and remediation.
Veeam's five-pillar framework provides a structure for thinking about AI resilience. Backup ensures AI training datasets and model weights can be recovered. Recovery capabilities enable rapid restoration of AI inference systems. Portability allows organizations to move AI workloads between clouds and platforms. Security protects AI systems from adversarial attacks and data poisoning. Intelligence applies AI to improve data resilience operations while also protecting AI systems themselves.
Future Evolution: Sixth and Seventh Pillars?
Weijdema hints at the future evolution of Veeam's framework. "There may be a sixth or seventh pillar, or a restructuring. Stay tuned." While specific details remain undisclosed, this comment suggests Veeam continues to expand its scope in response to market demands and emerging technologies.
Potential areas for expansion include data governance and compliance as a distinct pillar, given rising regulatory demands across industries and regions. Identity and access management may also warrant separate focus, particularly as identity-based attacks accelerate. Application-level resilience could become critical as organizations realize that data recovery alone is insufficient without restoring full application functionality.
The exact evolution will depend on customer demand, market trends, and competitive dynamics. What remains clear is Veeam's commitment to moving beyond traditional backup and recovery to address the full spectrum of data resilience needs.
Maturity as a Journey, Not a Destination
Veeam has introduced the Data Resilience Maturity Model to help organizations assess their current state and develop roadmaps for improvement. The model places organizations into four categories: Basic (reactive, manual and highly exposed), Intermediate (reliable but fragmented and lacking automation), Advanced (strategic and proactive but missing full integration), and Best-in-Class (fully resilient).
Research from Veeam and McKinsey shows that 74% of organizations operate at the two lowest levels of maturity. This gap between the current state and required resilience creates both urgency and opportunity. Organizations that recognize their vulnerability can take concrete steps to improve, while those that overestimate their capabilities risk discovering gaps during actual incidents.
The maturity model provides a framework for aligning people, processes, and technology with organizational strategy.
Practical Implications for Enterprise IT
Weijdema's insights and Veeam's five-pillar framework provide practical guidance for building data resilience capabilities. First, backup strategies must recognize that attackers target backup infrastructure. Immutable backups, air-gapped copies, and regular validation are essential, not optional.
Second, recovery capabilities require continuous testing rather than annual disaster recovery exercises. Organizations should confirm that backups can be restored, recovery procedures are documented and understood, and RTOs can be met under pressure.
Third, data portability offers strategic flexibility as infrastructure choices evolve. The ability to move workloads between platforms without vendor lock-in allows organizations to respond to licensing changes, regulatory requirements, and business strategy shifts.
Fourth, security must be embedded in the data resilience architecture rather than layered on top. Integrating backup and security operations enables faster incident response and more reliable recovery from attacks.
Finally, intelligence, both AI-driven automation and business insights derived from backup data, creates opportunities to extract additional value. Organizations should view backup systems as sources of operational and security intelligence, not just disaster recovery resources.
Conclusion
Edwin Weijdema views data resilience as evolving from a technical discipline focused on backup and recovery into a strategic capability spanning security, governance, and operational intelligence. Veeam's five-pillar framework provides structure for this expanded scope while keeping the core mission clear: ensuring organizations can access their data whenever and wherever needed.
Veeam continues to expand into primary data resilience, AI governance, and other emerging areas, but one principle remains constant: technology alone cannot deliver resilience. Organizations need people, processes, and technology aligned to achieve real protection against evolving threats.
For enterprise IT leaders navigating hybrid cloud complexity, regulatory pressure, and sophisticated cyber threats, Veeam offers both a holistic framework and the practical capabilities to execute against it. Advancing from basic to best-in-class resilience maturity requires sustained effort across organizational, procedural, and technical dimensions. As recent incident data makes clear, the cost of not doing so is an unacceptable risk to business continuity and competitive position.
