PCR Tech and IT retail, distribution and vendor news
Backing up has always been seen as a necessary but unloved operational chore, but Plakar is positioning itself as a fundamental rethink of how organisations protect, move and recover data. The project, which began as a personal experiment in content-defined deduplication, has evolved into a fully-fledged open‑source platform now backed by a growing community, a roster of well-known investors and a team with deep roots in security-critical software.
For the channel, Plakar’s emergence comes at a moment when customers are wrestling with rising attack volumes, increasingly complex hybrid environments and a widening gap between perceived and actual resilience. The company’s founders argue that the industry’s assumptions about backup, how it should work, who should run it, and what ‘good’ looks like, are no longer fit for purpose. Their answer is a data‑container model designed to be portable, verifiable, encrypted end-to-end and capable of operating at petabyte scale without the architectural compromises that have shaped legacy systems.
“Plakar is basically the sum of all the frustrations that we had as tech leaders,” says co-founder and CEO Julien Mangeard. “We saw teams struggling with tools that were too complex, too slow, too expensive, or simply not designed for the environments companies actually run today.”
Plakar’s origins lie with CTO Gilles Chehade, well known in open‑source circles for his work on OpenBSD, OpenSMTPD and other security-sensitive infrastructure components. What began as a proof‑of‑concept to explore content-defined chunking quickly attracted interest from engineers who saw its potential beyond experimentation.
“I came up with a small project when I was working for another company and doing something completely unrelated,” Chehade recalls. “Then I realised that this project was pretty interesting to many people around me who were constantly asking, ‘Is it going to be released?’ After a few years, I had so many people asking that I started a business.”
Mangeard joined 18 months ago, bringing experience from leading large engineering organisations and operating at the scale of major European e-commerce platforms. What convinced him was not the idea of building yet another backup tool, but the underlying engine, now called Kloset, that stores deduplicated, compressed and encrypted chunks in a portable, verifiable format.
“It was more than a slide presentation,” he says. “It was a solid piece of technology. And I was amazed that nobody had managed to make an open‑source play in this industry, when every important workload in IT has an open‑source standard.”
The team now numbers eight engineers with more than a century of combined open‑source experience. Their development process is unusually transparent: daily meetings are public, coding sessions are streamed, and all design discussions happen in the open. Chehade and Mangeard say that transparency is not just a cultural choice but a security requirement; if backup is the last line of defence, it must be inspectable, auditable and free from vendor lock-in.
Rethinking backup for a zero-trust era
The core of Plakar’s pitch is that the industry’s traditional architecture – encrypting data after deduplication, or deduplicating after encryption – forces trade-offs that no longer make sense. Either the system becomes cost-inefficient, or the storage layer must be trusted with plaintext data, or the customer becomes locked into proprietary appliances.
Instead, Plakar reverses the order of operations. Data is snapshotted, deduplicated, compressed and encrypted at the source – before being sent to storage. Because deduplication happens before encryption, the system retains efficiency without exposing data to the storage provider. Because encryption occurs before transmission, the storage provider never sees plaintext. And because the storage format is open, the data can be moved, mounted or inspected without proprietary tooling.
Chehade describes it as a design problem that legacy vendors can’t easily unwind: “If you don’t get the design right, you end up hitting a block at some point that you can’t solve. A lot of solutions got some of the operations swapped. They can deduplicate, or they can encrypt or compress, but the fact that they do not do it in the proper order means they have to decrypt, then deduplicate, then re-encrypt, and it becomes impossible to scale.”
The result is a system that behaves more like a version-controlled data container than a traditional backup repository. Snapshots are simply indexes of chunks. The Kloset format can be stored on object storage, block storage, databases or even IMAP for demonstration purposes. It can be mounted locally, streamed on demand and verified cryptographically without decryption.
This architecture also enables features that would typically require heavyweight infrastructure. Plakar can detect ransomware by monitoring entropy changes at the chunk level. It can mount a multi-terabyte snapshot on a laptop and stream only the data required for browsing. It can restore a database without performing a full restore by exposing the snapshot as a read-only filesystem and allowing queries directly against it.
For channel partners, these capabilities open new service models. Mangeard says the team is already working with MSPs and European cloud providers on a “resilience as a service” model where customers encrypt and send their backups, and the provider manages retention, replication and tape offload without ever seeing the data. “We are unlocking the resilience as a service where you have real zero knowledge,” he says. “Teams can make their backup, send it to a third party, and that third party can manage resilience without access to the data.”
Integration, orchestration and an open ecosystem
Plakar’s open‑source edition provides the core engine, CLI and SDK. The enterprise edition adds orchestration, multi-store management, policy enforcement, secret‑manager integration and a zero-knowledge proxy layer for organisations that need KMS-based key handling. The team is also building a unified backup posture dashboard designed to give CISOs and CTOs a single view of what is protected, and what is not, across SaaS, cloud, on-prem and containerised environments.
The integration roadmap is aggressive: PostgreSQL, MySQL, Oracle, Kubernetes, Microsoft 365 and point-in-time restore for S3 are all in progress. But Chehade and Mangeard emphasise that the ecosystem will not depend solely on them; the SDK is designed so that open‑source projects and vendors can build their own connectors, and early signs suggest that interest is growing.
“You could go to GitHub, download the SDK, write your own and be completely disconnected from us,” Chehade says. “Nothing prevents you from building your own company using this as an engine.”
For the channel, Plakar represents both a technical shift and a strategic one. As data volumes grow, attack surfaces expand, and customers face increasing pressure to prove recoverability, the ability to offer verifiable, portable, zero-knowledge backup becomes a differentiator. Chehade and Mangeard suggest that backup is too strategic to be locked behind proprietary formats or dependent on a single vendor’s survival.
“We want to be sure that people are never vendor‑locked with their backup,” Mangeard says. “The core is open source forever. Even if someone stops paying for the enterprise version, they can continue to access their data.”
Whether Plakar becomes the open‑source standard its founders envision will depend on adoption, integrations and the willingness of partners to build on top of it. But the project arrives at a moment when the industry is actively reevaluating its assumptions about resilience. For many in the channel, that makes Plakar a development worth watching closely.
