Storage
security-sensitive infrastructure components. What began as a proof of concept to explore content-defined chunking quickly attracted interest from engineers who saw its potential beyond experimentation. “I came up with a small project when I was working for
another company and doing something completely unrelated,” Chehade recalls. “Ten I realised that this project was pretty interesting to many people around me who were constantly asking, ‘Is it going to be released?’ Aſter a few years, I had so many people asking that I started a business.” Mangeard joined 18 months ago, bringing experience from
leading large engineering organisations and operating at the scale of major European e-commerce platforms. What convinced him was not the idea of building yet another backup tool, but the underlying engine, now called Kloset, that stores deduplicated, compressed and encrypted chunks in a portable, verifiable format. “It was more than a slide presentation,” he says. “It was a solid
piece of technology. And I was amazed that nobody had managed to make an open source play in this industry, when every important workload in IT has an open source standard.” Te team now numbers eight engineers with more than a
century of combined open source experience. Teir development process is unusually transparent: daily meetings are public, coding sessions are streamed, and all design discussions happen in the open. Chehade and Mangeard say that transparency is not just a cultural choice but a security requirement; if backup is the last line of defence, it must be inspectable, auditable and free from vendor lock-in.
Rethinking backup for a zero-trust era Te core of Plakar’s pitch is that the industry’s traditional architecture – encrypting data aſter deduplication, or deduplicating aſter encryption – forces trade-offs that no longer make sense. Either the system becomes cost-inefficient, or the storage layer must be trusted with plaintext data, or the customer becomes locked into proprietary appliances. Instead, Plakar reverses the order of operations. Data is
snapshotted, deduplicated, compressed and encrypted at the source – before being sent to storage. Because deduplication happens before encryption, the system retains efficiency without exposing data to the storage provider. Because encryption occurs before transmission, the storage provider never sees plaintext. And because the storage format is open, the data can be moved, mounted or inspected without proprietary tooling. Chehade describes it as a design problem that legacy vendors
can’t easily unwind: “If you don’t get the design right, you end up hitting a block at some point that you can’t solve. A lot of solutions got some of the operations swapped. Tey can deduplicate, or they can encrypt or compress, but the fact that they do not do it in the proper order means they have to decrypt, then deduplicate, then re-encrypt, and it becomes impossible to scale.” Te result is a system that behaves more like a version-
controlled data container than a traditional backup repository. Snapshots are simply indexes of chunks. Te Kloset format can be stored on object storage, block storage, databases or even IMAP
www.pcr-online.biz
for demonstration purposes. It can be mounted locally, streamed on demand and verified cryptographically without decryption. Tis architecture also enables features that would typically
require heavyweight infrastructure. Plakar can detect ransomware by monitoring entropy changes at the chunk level. It can mount a multi-terabyte snapshot on a laptop and stream only the data required for browsing. It can restore a database without performing a full restore by exposing the snapshot as a read-only filesystem and allowing queries directly against it. For channel partners, these capabilities open new service
models. Mangeard says the team is already working with MSPs and European cloud providers on a “resilience as a service” model where customers encrypt and send their backups, and the provider manages retention, replication and tape offload without ever seeing the data. “We are unlocking the resilience as a service where you have real zero knowledge,” he says. “Teams can make their backup, send it to a third party, and that third party can manage resilience without access to the data.”
Integration, orchestration and an open ecosystem Plakar’s open source edition provides the core engine, CLI and SDK. Te enterprise edition adds orchestration, multi-store management, policy enforcement, secret manager integration and a zero-knowledge proxy layer for organisations that need KMS-based key handling. Te team is also building a unified backup posture dashboard designed to give CISOs and CTOs a single view of what is protected, and what is not, across SaaS, cloud, on-prem and containerised environments. Te integration roadmap is aggressive: PostgreSQL, MySQL,
Oracle, Kubernetes, Microsoſt 365 and point-in-time restore for S3 are all in progress. But Chehade and Mangeard emphasise that the ecosystem will not depend solely on them; the SDK is designed so that open source projects and vendors can build their own connectors, and early signs suggest that interest is growing. “You could go to GitHub, download the SDK, write your
own and be completely disconnected from us,” Chehade says. “Nothing prevents you from building your own company using this as an engine.” For the channel, Plakar represents both a technical shiſt and
a strategic one. As data volumes grow, attack surfaces expand, and customers face increasing pressure to prove recoverability, the ability to offer verifiable, portable, zero-knowledge backup becomes a differentiator. Chehade and Mangeard suggest that backup is too strategic to be locked behind proprietary formats or dependent on a single vendor’s survival. “We want to be sure that people are never vendor locked with
their backup,” Mangeard says. “Te core is open source forever. Even if someone stops paying for the enterprise version, they can continue to access their data.” Whether Plakar becomes the open source standard its
founders envision will depend on adoption, integrations and the willingness of partners to build on top of it. But the project arrives at a moment when the industry is actively reevaluating its assumptions about resilience. For many in the channel, that makes Plakar a development worth watching closely.
January/February 2026 | 33
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
