Andy Mura is an inbound Marketer, entrepreneur, speaker, and SaaS enthusiast currently working in Germany as the Head of Marketing at Userlane, the user onboarding and support automation platform that drives customer success.
The modern B2B SaaS market is reaching full maturity.
After attracting early adaptors and transforming the startup world, SaaS has conquered the enterprise world as well. Large corporations, such as Oracle, Microsoft, Adobe, and SAP, have shifted their focus from stationary, on-premise software to subscription-based cloud solutions.
And in turn, even the most conservative enterprises are rethinking their infrastructure to leverage the flexibility and reliability of modern SaaS, PaaS, and IaaS solutions.
Companies will soon run solely on SaaS applications. In fact, there are many reasons that lead firms to embrace this new model.
We pitched to over 2500 top SaaS professionals and investors at SaaStr Europa 2019, walking away with the grand prize from the pitch competition, the contact details of several venture capitalists, and collaboration opportunities for months to come.
However, I’m getting ahead of myself. In this post I’ll show you;
One of the most important things when running your business is understanding how your customers feel about your service.
We all know that it’s tough to gather all the feedback you would like. You’re more likely to talk to customers in your support channels when they experience an issue, but that doesn’t always give you a holistic understanding of their experience with your product.
Equally, social proof is a very important area to leverage when trying to bring new customers on board. This means that public praise of your product can increase your acquisition rates and lower acquisition costs.
Positive or negative, reviews – particularly public ones – provide huge value to businesses in how we shape immediate and long term decisions.
This is why we at Process Street are writing up a list of the top places you should make sure you have listings for, should make sure you monitor for feedback, and make sure you engage on to improve your customer’s experiences.
The following post is a guest contribution from Cristopher Burge. He is a full-time writer, passionate about technology and business-related articles. He focuses on everything that involves cloud computing, in one way or another. Follow him on Twitter.
The emergence of cloud computing has changed the way organizations and people buy and use IT services.
Cloud-based HR software is technologically focused, but the impact it has on the business and the people using it is profound. While some companies have not integrated with the cloud due to fear of the unknown and the urge to protect their investments, they are at risk of missing out on the innovations the cloud brings to tphe HR department.
Cloud computing is the simplest way a company can take the advantage of technologies without having to spend money on buying expensive computer parts, an IT specialist, and on-site software.
The problem most firms often run into is the integration of cloud computing into their already existing structure, but this process shouldn’t be a daunting one because it is a change in the way IT services are utilized, requiring a new but better way of doing things and just a little cultural change towards a better result.
This article points out how cloud services provide high value with low risk, as a solution for the HR department of an organization, enabling departments to transform the way things are done — from screening to recruitment and termination. It highlights the importance of moving the HR system to the cloud and the method through which any HR challenges can be overcome via cloud computing.
When Michael E. Gerber gives you advice for starting a business you listen to it.
With a career spanning over 40 years and working with hundreds of thousands of companies worldwide, Gerber’s expertise is invaluable to anyone looking to start their own venture. Lucky for us, he’s written several books on the topic, the most famous of which I’ll be summarizing in this post.
This E Myth summary will take the core business tips from Gerber’s work and condense them into a single post. It’s all of the value, proven with examples from companies like Facebook and Zenefits, and doesn’t need you to spend 40 years to learn it.
In particular, I’ll be covering:
Balancing your business personalities
Creating a business, not a job
Working on your business, not in it
Why your business needs systems
The idea of your business being your product
Motivating employees with the idea behind their work
Project management is the key to sticking to your budget and deadline, whilst keeping the most important tasks at the forefront of your company. Without it, you leave the future of your business at the mercy of your teams and employees (which, in case you weren’t aware, is not a good business model).
For such an important process, the project management steps are a little muddy, with sources citing differing numbers of steps, timelines, etc. Then again, it’s a massive topic with a huge margin for error; how the hell do you convey these steps when the project could be anything from “get winter clothes in stock” to “grow to $220,000 monthly recurring revenue”?
Well, we here at Process Street hate making things complicated, so we’ve simplified the project management steps of any and every undertaking to five easy stages. Continue Reading
The following is a guest post submission from Nathan Sykes. Nathan is the founder of Finding an Outlet, a site dedicated to the latest in B2B IT news and trends. Follow him on Twitter @nathansykestech to read his latest articles.
As cloud-based solutions, like SaaS and remote technologies, become more prevalent than ever we’re starting to see regulators and auditors get more serious about IT governance standards. As standards become more stringent, companies become more aware of the requirements set upon them and, in turn, ask providers to help with IT audits.
As you might expect, this means the pressure gets offloaded onto SaaS providers, who don’t generally perform audits or mind regulatory requirements outside of their own responsibilities. But the landscape is changing rapidly, not just in regards to audits but additional regulatory and legal constraints too, right along with financial limitations and tax requirements.
What exactly is changing in the SaaS legal landscape, and what do you need to know about it?
Sales tax and nexus
In October 2017, the U.S. Supreme Court ruled in South Dakota v. Wayfair that internet-based and e-commerce retailers can be required, by law, to pay and collect sales tax in states even where they lack a physical presence. This completely uproots decades of legal precedence, not the least of which relates to the concept of nexus.
How nexus applies
Nexus is essentially your physical influence or presence within a state. If you have “nexus” within a region, then you can be required by law to collect and pay sales taxes lest you incur fines and compounding interest. The idea is used to declare and determine where a business may have a physical presence even outside their home state.
Determining nexus has always been particularly tricky because each state varies regarding qualifications. What gives you nexus in one state may be completely different in another. And this supreme court ruling just made it even more difficult, especially for SaaS providers who operate and serve on a broad level outside of their home location(s).
As a result, South Dakota now has an economic nexus law — among 25 other states and counting — that increases the tax burdens of online businesses, SaaS and cloud service providers included. What this means is that general tax burdens will grow, and companies will need to expansively research tax burdens on a state-by-state basis with more scrutiny than ever before. This has happened before, further muddling the definition of nexus and sales tax when it comes to online services, so it’s not unreasonable to think it will be expanded even more in the future.
A major issue with these tighter laws is that they tend to have low limits: 200 total transactions — as opposed to customers outright — in a state will commonly develop nexus. But since SaaS providers deliver subscription-based pricing models and deal with multiple invoices per client, you can end up with nexus in a state faster.
This further facilitates the need to have an accountant or experienced professional deal with taxing and monetary collection policies. Don’t overlook this, especially if your business is spread across varying locations and your service coverage is far-reaching. You will need to identify and understand where sales tax is necessary, and failure to do so will lead to severe consequences not the least of which is heavy legal fines and court costs.
Security and data governance audits are less an optional state of checks and balances and more a legal and regulatory requirement these days. Therefore the onus has shifted to providers to help deal with and prepare for some of these experiences.
Increasingly, SaaS clients require records on IT security audits, clear-cut data storage, handling and protection policies, performance standards, end even risk management or disaster recovery plans. In other words, you may be initially audited by clients — in a way — before any legal audits take place.
Common auditing concerns
More than proper planning and documentation, it helps to have these elements established long before your clients even ask, so that when the time comes, you can provide the necessary assurances.
Here are some things to consider for future and present audits:
Do you have a corporate security policy?
Is there a dedicated security team in place to handle events and failures?
Do you have a formal procedure for reporting a security violation or data breach?
Do you regularly conduct penetration testing or have a third-party handle the process? When was the last relevant test performed, and what were the results? What are you doing to remedy any flaws or vulnerabilities discovered?
Whether through external means or internal discovery, what are you doing to both identify and remediate vulnerabilities in your system and network?
How often are applications or software tools updated? What is the process for doing so and how does this affect security? What about customer or client downtime? How long will the update process take?
Do you have a process for announcing and sharing scheduled maintenance sessions?
Is there API access or external integration support? How does this relate to data security and protections?
Are all API units authenticated, data encrypted, and monitored?
How do you physically secure access to your data facilities or operations sites?
How do you comply with HIPAA/Sarbanes-Oxley/PCI DSS 3.0/ and other similar-level regulations? Do you have documentation to support this?
Are all your processes — including data backups — documented in full with details on how you handle operations?
How far does your disaster recovery plan extend? What will you do if your customers are affected by a breach? How will you continue to ensure their privacy and security?
Legally mandated data protections
GDPR or the General Data Protection Regulation in the European Union is designed to protect businesses from overreaching and provide more assurance for citizens in regards to personal data and privacy. For example, one new requirement from the law forces companies to offer a “forget me” option that allows European citizens to not only download and see any personal associated data collected about them but also delete it in full.
Since SaaS in the enterprise is not inherently a consumer-level business it’s easy to fall into the trap of thinking GDPR doesn’t apply. But it does, in some cases even on multiple levels. With some providers, for example, the protections may extend to customers, a customer’s customers and sometimes beyond. This means that even if your company or business doesn’t serve affected customers, but one of your clients or service users does, then you’re obligated to comply where applicable.
Under GDPR, the purpose, nature and storage duration of data must all be supplied and honored. That is, if you say you’re going to keep data for two years, then you should immediately purge it after said period. You must also define and adhere to the type of data being processed, while also considering the responsibilities, rights and requirements of customers — who generally serve as the source or inherent “owner” of specific data sets.
This extends to security protections, as well. Customers must be informed of a breach or security issues as soon as it a company is aware of it. Providers must ensure that protections are in place to prevent data breaches and fully secure customer information. Failure to do so will result in hefty fines.
Here’s a GDPR and protections checklist you can review to ensure ultimate compliance:
It’s important to understand, however, that no matter how comprehensive this checklist may seem, there’s much more that goes into ensuring compliance. Therefore, it’s crucial you do your due diligence to research and understand the new regulations and how they apply to your business and operations.
General data practices
Outside of the legal and regulatory space, there’s also the matter of protecting your data and digital assets internally.
Throughout most of your auditing and data protection strategies, you’re focused on external data channels that often stem from your customers and umbrella users. It’s easy to forget that you — as a business — have your own proprietary data and trade secrets that you need to handle properly.
Here are some questions you should be asking:
How often do you back up your sensitive data and where is it stored?
How often are backups completed? If there is a data breach, failure or complication what could be lost?
What security measures do you have in place to retain control of your systems and network?
How will service interruptions affect your customers, their data and their users?
Protecting data that belongs to your customers and clients is vital, but you need to protect the content that relates to your business or organization and its primary operations as well. If you offer a cloud-service application, for example, where is the source code housed and is it handled or edited in a way that won’t compromise the entire business?
The landscape is tumultuous; be ready to evolve
As is evident through many of the discussions in this guide, the world of cloud computing and SaaS is changing considerably, along with the rest of the enterprise market. There’s a general focus on network and user security, data protection, customer rights and moral responsibility in some cases in regards to products and service offerings. Sometimes, as is the case with GDPR, regulations extend beyond your direct clientele and stretch further down the chain to include anyone affected by internal data usage and collection.
That’s why compliance internally is crucial to the success and continued operations of your business. The last thing you need to deal with are repercussions handed down by government bodies, your customers or the community at large.