I wrote a day or two ago about the issues around security of SaaS products. I suggested a number of strategies that SaaS vendors could use to ensure that their product was sufficiently secure.

Comments pointed out a duality of issues here. Kaila said;

security is usually less about security than it is about the perception of security

Bwooce commented that;

Security has many meanings, including providing a “security blanket” to make people feel safe

While Marc dismissed the concerns saying;

Online banking, online broking, online pension/super fund management are SaaS services. All transact money, in theory higher risk than just the management of financial records or CRM information. Yet, they are widely adopted by the same people citing security as a concern

All of these comments (and they’re great guys, keep them coming), reiterate the fact that technical solutions are easy, the hard part is all about changing people’s perceptions of the risks of moving to SaaS. So lets look at the perception issue. Kaila said that;

I recently signed up for SugarSync, a service that lets me back up and sync to the cloud. A gig of free space, simple interface — it all looked good, until it came time to hit the ‘Sync’ button. Suddenly I thought, ‘Who are these guys that I’m sending my files to?’ I didn’t hit the button.

OK – Picture got. We’ve got a perception issue here. Let’s look at ways of removing this barrier.

The big buddy solution

This is all about leveraging off the credibility of an existing player. Think tagging on with an existing application provider (SAP, Oracle etc), a platform player (Telco, Google, Yahoo etc) or a real world body (Chartered Accountants). Benefits of this model include instant credibility and marketing clout, however there are some risks in tying ones boat to a big immovable object. When the disruptive tsunami comes you might just be sunk alongside them.

The business structure solution

This involves creating a business model with the intended purpose of creating credibility. High profile advisory or formal boards, becoming publicly listed ASAP and well known serial entrepreneurs all build credibility for a business which in turn rubs off into credibility for the product. Xero have done this par excellence, they IPOd, they have a super high-profile board and a well known CEO and have even hired ex sports stars to be “ambassadors”. It’s a great strategy but unfortunately not everyone can pull it off (and given the equity markets of late I’d be pretty apprehensive IPOing anything right now)

The safety in numbers solution

Those who spend time reading my blog know that the terms “platform play” and “value of the network” are recurring themes for me. There’s a reason for that – it is my contention that the money to be made out of the internet in the next few years (and if money doesn’t rock your boat then think “the paradigm shift in the internet in the next few years”) will come from those businesses that create platforms where diverse and disparate clusters of users can congregate, inform, advise and transact.

This being the case it makes little sense for a small start up SaaS player to go it alone – what makes total sense however is for them to band together with other complementary players and create a cluster of products, ideally with an underlying community theme to create value above and beyond that of the individual SaaS solutions. Think aggregation.


Credibility is all – it matters little how that credibility is achieved however some strategies have secondary benefits that can prove hyper-valuable on an ongoing basis. The power of the network should never be underestimated.

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

1 Comment
  • I’ve noticed a pattern with SaaS offerings that don’t seem to trigger the security question: the fact that the offering is in the cloud facilitates an end result that couldn’t be obtained with a localised service.

    Take banking. Obviously, you’re banking online because you’re interacting directly with your bank. Online broking, pension management, etc. — they’re all transactive services that couldn’t be completed locally.

    The key driver for Google Docs (I believe, based on no hard data whatsoever) is collaboration, a single stone that compensates for the twin birds of privacy concerns and limited functionality.

    Perhaps the key to SaaS adoption is identifying the key function that can only be performed in the cloud, and focusing on that.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.