Keepit vs Barracuda Cloud-to-Cloud Backup: M365 Backup Compared (2026)

We will be upfront: Barracuda Cloud-to-Cloud Backup has real strengths that Keepit does not match today.

Hourly backup frequency is the most obvious one. Barracuda runs M365 backups every hour, giving a ~1-hour RPO. Keepit runs 3x daily, which means ~8 hours of potential data loss in a worst case. For organisations with strict SLA commitments around data freshness, or environments where users are creating high volumes of time-sensitive content, that gap matters.

Barracuda also scans backup data for malware during the restore process using AI detection. If a user requests a restore, Barracuda checks the data before putting it back. Keepit does not currently offer malware scanning as part of the backup or restore workflow. For organisations that have experienced ransomware incidents and want an extra layer of validation during recovery, this is a useful capability.

Both vendors offer 24/7 support. In Australia, Keepit partners also get CRS local engineering support for deployment, escalation, and day-two operations across AU, NZ, and the Pacific.

Barracuda backs up Microsoft 365, Google Workspace, and limited Salesforce data. That is three platforms.

Keepit covers 15+ SaaS applications from a single console: M365, Google Workspace, Salesforce (full), Azure Active Directory, Dynamics 365, Power Platform, and others. When your organisation or your MSP customers adopt a new SaaS application, Keepit can probably protect it without adding another vendor to your stack.

This matters more than it sounds. The average mid-market business runs dozens of SaaS applications, and that number grows every year. An MSP selling managed backup needs a platform that scales across the customer's SaaS estate, not just their email. An enterprise IT team evaluating backup solutions should factor in the SaaS applications they expect to adopt over the next three years, not just what they use today.

Keepit also backs up Azure Active Directory (Entra ID). Identity is the first system you need to restore after a breach. Having identity backup in the same platform as productivity data simplifies recovery planning.

Both platforms claim immutable backups, but the architectures differ.

Barracuda uses air-gapped, append-only storage for its backup archives. Data written to backup cannot be modified after the fact. This is a legitimate immutability approach and satisfies many compliance frameworks.

Keepit uses Merkle tree immutability built into the storage layer itself. Every block of data is hashed and chained. Tampering with any block invalidates the chain. It cannot be disabled by an administrator, overridden by a privileged account, or turned off through a configuration change. The immutability is structural rather than policy-based.

For compliance-driven organisations, the distinction matters during audits. Append-only storage is strong, but policy-based controls can theoretically be overridden by someone with sufficient access. Structural immutability (where the data format itself prevents tampering) is a harder guarantee to present to auditors.

Keepit also owns its infrastructure outright, running on Keepit-operated data centres via Equinix across 7 global regions. This means the backup data sits on infrastructure that is fully independent of the production SaaS vendor. Barracuda manages its own cloud infrastructure but has not publicly detailed the same level of infrastructure independence.

Keepit pricing is approximately USD $1.99/user/month with unlimited retention and no egress fees. No long-term contract is required.

Barracuda is estimated at USD $3-5/user/month with unlimited storage. Barracuda requires annual or multi-year contracts, and pricing is in US dollars, which adds currency exposure for Australian organisations.

At 500 users, the annual difference is roughly AUD $6,000-18,000 depending on Barracuda's exact pricing and the exchange rate. At 2,000 users, that gap widens to AUD $24,000-72,000 per year. These are meaningful budget differences, especially for MSPs building margin into their managed backup services.

Barracuda does not charge egress fees for restores, which is good. But the base per-user price is materially higher than Keepit's, and the annual contract requirement reduces flexibility. For MSPs with customers that churn or scale seasonally, monthly billing without lock-in is a financial advantage.

One thing to note: Barracuda's pricing may include value from the broader Barracuda security ecosystem (email protection, network security) if you are already a Barracuda customer. If you are evaluating backup in isolation, Keepit is cheaper. If you are buying a bundle of Barracuda security products, ask about bundle discounts.

Keepit operates a data centre in Sydney via Equinix. Backup data for Australian customers stays in Australia on Keepit-owned infrastructure. This is documented, auditable, and straightforward to present during compliance reviews.

Barracuda has not publicly confirmed Australian data centre availability for its Cloud-to-Cloud Backup product specifically. Barracuda has Australian presence for some of its other products (email security, for example), but backup data residency needs to be confirmed directly with Barracuda before assuming Australian sovereignty.

For organisations subject to the Australian Privacy Act, state government data classification policies, or industry-specific regulations (APRA for financial services, the My Health Records Act for healthcare), data residency is not optional. If Barracuda cannot confirm Australian data centres for backup storage, that may be a disqualifying factor regardless of other product strengths.

MSPs serving Australian government customers should verify this early in their evaluation. We have seen tenders scored on data sovereignty as a pass/fail criterion.

If hourly M365 backups and built-in malware scanning are your deciding factors, and your backup needs are limited to M365 and Google Workspace, Barracuda Cloud-to-Cloud Backup is a solid product with strong security credentials and a large installed base.

If you need to protect more than three SaaS applications, want structural immutability that auditors can verify, need confirmed Australian data sovereignty, or are price-sensitive at scale, Keepit is the better platform. We distribute it because it addresses the broader set of challenges we hear from both MSPs and enterprise IT teams: SaaS sprawl beyond M365, compliance requirements that demand provable immutability, and the need for a backup platform that does not lock you into annual contracts at premium pricing.

For MSPs specifically: Keepit's per-user pricing leaves more margin in a managed backup service than Barracuda's, and the ability to protect 15+ SaaS apps from one console means fewer tools to manage as your customers' SaaS adoption grows.

See also: Keepit vs Datto | Keepit vs Acronis | Keepit vs SkyKick