If there’s one question the internet has answered almost definitively, it’s “Is there such a thing as too much choice?” Recent research shows that cognitive functioning deteriorates substantially when people are asked to choose between 12 similar options. The greater the number of alternatives, the more mentally taxing it is for people to form a decision. This phenomenon is commonly known as choice overload or “overchoice.”
How does overchoice relate to the challenges facing the SaaS industry in 2019? Potential customers facing too many alternatives may make the easiest choice or delay making one at all.
Saturation or “SaaS pollution” is one of the four key issues we’ve identified that SaaS businesses will face in 2019. Here we’ll examine each issue more closely, with a focus on what actions SaaS business owners can take to overcome the challenges each may present.
Take a look at this graphic from digital marketing blog, Chiefmartech:
In a spring 2018 industry survey, Chiefmartech identified 6,829 SaaS companies in the marketing space alone. Over a similar timeframe, business software review site G2 Crowd published listings of 34,727 software products across 745 vertical industries. Even the most niche SaaS product is unlikely to find itself without stiff competition.
Competition is inevitable, and arguably that’s a good thing. As the Harvard Business Review points out, “A challenging environment causes startups to be tightly focused on satisfying customer needs along with lowering and containing costs.” Healthy competition is one thing, but with saturation, potential customers may simply have too many choices. They struggle to separate the signal from the noise.
To use another example from G2 Crowd, there are currently almost 300 products in the Team Collaboration software category. If you’re a busy SaaS business owner—or a software buyer for an enterprise company—odds are you don’t have the time to sign up for a multitude of trial accounts and audition products to find the best fit for your team. That’s part of the reason software review sites like Capterra, G2 Crowd, and GetApp have grown so popular.
Our Tip – Focus on Reviews
Capterra, which receives the most traffic of the three review sites mentioned above, is monetized primarily through a Pay-Per-Click (PPC) advertising model. Software vendors pay for premium placement, multiple links to their landing page, a dedicated account manager, campaign analytics, and more.
Capterra and most of the other popular software review sites also pay consumers to test and write reviews of software, typically in the form of gift cards—a policy that is not free of controversy.
In this age of SaaS saturation, encouraging your customers to leave reviews on G2Crowd, Capterra or one of the other popular software review sites is one way to help your product stand out from the crowd. PPC advertising on these sites is also worth exploring. Studies show that nearly 95% of consumers read online reviews before making a purchase. The numbers are just as compelling for B2B buyers, 92% of whom are more likely to make a purchase after reading a trusted review.
A separate, but related issue to saturation facing SaaS businesses in 2019 is hyperspecialization. This phenomenon occurs when individual business functions are not best served by a single product but by many—often provided by different vendors.
The sheer number of solutions available for any given problem exacerbates hyperspecialization. Not only does this lead to saturation, if you’re a business owner looking to utilize a best-of-breed application for a variety of business processes, you’ll likely need to use a separate product for each.
To use an e-commerce business as an example, a merchant might use MailChimp for email marketing; MageMail for abandoned cart emails; Quickbooks for accounting; SEMrush for competitor research; Stripe for payment processing; Slack for team communication; Asana for Project Management; ShipStation for logistics and order fulfillment; SalesForce for CRM; Google Analytics—the list goes on, but no doubt you get the picture.
Despite the best attempts of many SaaS companies to provide an “all-in-one” solution, the reality is that most SaaS apps do one or two things very well. And that’s not necessarily a weakness. Often times, a scalpel is a better tool for the job than a Swiss Army Knife. Rather than trying to be all things to all users, many SaaS business owners would be better served by making sure their app plays well with others.
Our Tip – Try Public APIs
One of the most powerful ways of ensuring your customers can easily integrate your SaaS app with other solutions is to make your Application Programming Interface (API) public. You can then provide users with best practices, code examples, and extensive documentation. Access to your API will allow your customer’s development team to customize your SaaS and better integrate it with all the other apps they employ.
A less code intensive solution for enabling the integration of your app with others is to publish a “Zap.” A Zap—according to Zapier, the company that invented them—is an automated workflow that allows your SaaS app to integrate quickly and seamlessly with other apps. Zapier has an impressive list of existing Zaps that connect the most popular applications.
Hyperspecialization is a phenomenon that will likely only grow more challenging as SaaS apps continue to proliferate. However, there are steps you can take as a SaaS business owner to minimize its negative impact on your business. Think carefully about what tools your target customer is likely to use in tandem with your SaaS, and make it as easy as possible for them to integrate your functionality. A public API is virtually a must for a SaaS app to thrive in a hyperspecialized, oversaturated ecosystem.
Make ease-of-integration a selling point for your SaaS. Many purchasers, especially at the enterprise level, are hesitant to adopt a new piece of software—even if it is a superior product—if it doesn’t integrate with the other moving parts in their software portfolio. They may also deem the switching costs too high.
3.Location of Data and GDPR
Until the European Union’s General Data Protection Regulation (GDPR) was announced in 2012, and came into effect in May 2018, SaaS business owners and users could be forgiven for paying scant attention to where servers processing customer data were physically located. After all, one of the advantages of the cloud is that it’s everywhere.
To a large extent, this carefree attitude towards where personal data was stored, processed and transmitted across international borders evaporated with the advent of GDPR. To be sure, there were already regulations in place around the world addressing many of the same issues. But none of them arrived with the fanfare—and the potentially dire consequences of a failure to comply—of GDPR.
GDPR simultaneously lowered the standard for what was considered sensitive personal data—a phone number, an email address, even an IP address—and raised the stakes for businesses that unwittingly or knowingly failed to comply with the regulation. The maximum penalties the EU could impose were enough to strike fear into the hearts of even the biggest corporations—which was very likely the point.
There are two tiers of fines, depending on the company’s relationship to the personal data:
- Four percent of annual worldwide turnover, or €20 million (approximately $25 million), whichever is higher.
- Two percent of annual worldwide turnover, or €10 million (approximately $12.5 million), whichever is higher.
So, if, for example, Google was found to be in breach of the GDPR, it could face a penalty of close to $5 billion based on 2017 global revenue. For Apple, that number would be north of $10.6 billion based on year-end revenue for fiscal year 2018.
Ongoing Confusion Surrounding GDPR
Understandably, these massive potential punishments made a lot of headlines, but not as many as the confusion surrounding how best to comply with the regulations. Many business owners located outside the EU were unsure if the GDPR applied to them at all.
The perplexity created by GDPR convinced some business owners that the best thing to do was to abandon the EU altogether. Meanwhile, some of the world’s biggest corporations, like Microsoft, announced that they would be implementing GDPR protections for all their customers worldwide, regardless of location.
The GDPR is a complex piece of legislation, and it may be several years before we have a clearer sense of how it will be enforced. As yet, there are no precedents from the European courts. FE International published an extensive guide to the GDPR for digital businesses that contains useful information for anyone looking to make sure their business is compliant.
Our Tip – Follow the Guidelines
Specific advice on compliance is beyond the scope of this piece, but as a general rule, if a company has customers in the EU, it should take steps to ensure GDPR compliance. Some of the most crucial steps for SaaS business owners include:
- Gaining verifiable GDPR compliant consent from any individuals whose personal data you store or process
- Making it as easy for EU citizens to withdraw their consent to use of their personal data as it is to give it
- Appointment of a Data Protection Officer (DPO) to respond to any GDPR-related concerns by either an EU agency or a member of the public
The path to GDPR compliance requires effort, but there are distinct benefits for SaaS business owners as well. It shows customers that you take their privacy seriously and your business is taking steps to secure all personal data. Achieving compliance also forces you to review your current business practices—such as which third-party service providers you entrust with your customers’ personal data, and whether they are prepared for GDPR. Any efforts to achieve compliance are likely to be looked on favorably by the authorities should a breach ever occur.
Ultimately, even deciding not to do business in Europe may not offer you full protection from GDPR. It’s been speculated that even an EU citizen resident outside of Europe—for example, in the USA—is still subject to GDPR protections. For many SaaS businesses, expanding their service globally is one of the best ways to scale. Writing off the citizens of the world’s second-biggest economy for the short-term benefit of not having to take steps toward compliance is likely a poor business decision. The trend towards greater protection of personal data is worldwide, so many of the steps you need to take to become GDPR-compliant should stand you in good stead as new legislation develops.
When Under Armour announced the massive breach of their popular MyFitnessPal app in February of 2018, they had 150,000 users running—not walking—to change their passwords. Usernames and email addresses were also compromised, which for many users likely caused a substantial risk of identity theft. According to a recent study, 59% of internet users use just one password for everything. Even more shocking, a survey of over 5,000 leaked passwords from 2017 shows that a significant number of users are using either ‘123456’ or ‘password’ to protect their accounts.
SaaS and Data Security
In the world of SaaS, perhaps the most infamous data breach occurred in 2012 when 68 million email addresses of Dropbox users were stolen. Dropbox waited four years, until August 2016, before confirming that the corresponding passwords were compromised at the same time.
The breach doesn’t appear to have put much of a damper on Dropbox’s value in the long term. After all, the company IPO’d for a valuation of approximately $10 billion in March of 2018. But incidents like the ones above have contributed to what has been one of the most significant issues facing SaaS businesses since the software subscription model was born: data security.
Our Tip – Follow the GDPR Standards and Implement the Measures Listed Below
In a climate where elections and social media behemoths like Facebook and Quora are hacked on a regular basis, security concerns of SaaS customers—from individuals to enterprise—are a challenge all SaaS business vendors have to overcome. Following GDPR mandated procedures as mentioned above—and ensuring your existing and potential customers know about it—is a step in the right direction.
Some other data security measures SaaS business owners can implement include:
- Utilize two-factor authentication (at a minimum) for all employees with access to sensitive data: Sometimes, as in the case of the Dropbox breach mentioned above, the single point of failure is human. Twilio is one well-known vendor that supplies two-factor authentication solutions.
- Employ data control standards: This often includes the encryption of data in both storage and transmission.
- Use a reputable Infrastructure as a Service (IaaS) provider: The benefits of hosting your SaaS on local servers or a budget provider may be far outweighed by the risks of a breach or lengthy downtime. IaaS providers like Amazon Web Services (AWS) and Microsoft Azure have state-of-the-art cybersecurity measures in place by default. That’s one of the many reasons that over 70% of the public cloud market share belongs to one of these two providers.
For further reading, Intel has a helpful white paper on ensuring security for SaaS.
Despite the challenges of saturation, hyperspecialization, data location, and data security, there is little doubt that the SaaS business model will continue to flourish. Gartner predicts that global revenues from SaaS will reach $85 billion in 2019, and grow to $278 billion by 2022. More big SaaS IPOs from the likes of Palantir and Slack are widely anticipated. And the many benefits of the subscription software model will undoubtedly incentivize a new batch of entrepreneurs to build successful SaaS companies.
One of the most attractive features of the SaaS business model is that it tends to be agile and nimble. Successful SaaS business owners are used to reacting quickly and effectively to issues, be they big or small. Whatever other challenges 2019 and beyond has in store, odds are good that proactive SaaS businesses will not only survive but thrive.