In the latest episode of our نیا کیا ہے series, Founder and CEO at Secureframe, Shrav Mehta, sits down with SaaStr CEO and Founder Jason Lemkin to share what’s new at Secureframe, a rising SOC-2 and compliance software company breaking out in SaaS.
In this episode, they’ll discuss:
- When and why you need SOC-2 and ISO ISO 27001 compliance as a SaaS company
- The Intersection of AI and Security
- Compliance in Year Two and Beyond in SaaS
- Differences in Servicing SMBs and Enterprises
- Re-bundling of Software Services
[سرایت مواد]
For Jason, he opened the interview by sharing that in his experience – compliance is actually Year One table stakes for all B2B SaaS companies.
“I was just catching up with a second-time founder who had taken his company public (and it was worth billions) and was doing another company,” Jason shared. “He was doing a freemium product and I was like ‘Why don’t you just walk into an Adobe or a Cisco and just close a six-figure deal? Even if your product’s not there, they’ll buy from you.’ And he was like, ‘yeah, but we have, we’re not like SOC 2 compliant.’”
It may seem easy to shrug off or wait to implement a tool to help with compliance and security, but the morale of the story here is you’ll hit a wall fairly fast if you haven’t implemented a compliance tool by the end of Year One. Especially as you then try to move into the mid and upper markets, security becomes table stakes for the buying committee.
Shrav added that if you want to close bigger deals, not just Enterprise, but mid-market and SMB as well, that the moment you’re ready to Go-To-Market, you need to become compliant.
“SOC-2 is often seen as that like critical standard for SaaS software,” Shrav explained. “If you have customers in your pipeline that you’re trying to close eventually procurement or someone is going to hold you up at some point if you don’t have a SOC-2 or ISO 27001. Or one of these similar certifications.”
So you need to become compliant (or update your security) … what now?
Well, with an app like Secureframe, it can automate about 80-90% of the SOC-2 compliance you need via integrations and APIS – ie hooking it up to your existing platforms, tools, etc. and letting it mine the data. So the time to implementation and compliance is much quicker now than it used to be. However, Shrav explained when that automation won’t necessarily scale anymore. “If you’re expanding and scaling and you’re closing more deals, it may justify a full-time hire to take the load off the team. We usually see this happen around 50 to 100 employees. Now, if you’re in FinTech or another highly regulated industry, you’re probably going to be doing these things and have a dedicated hire earlier.”
Plan around the 50-100 employee mark to hire an IT Manager or CISO (Chief Information and Security Officer) to maintain your compliance and security. Then, as you scale, or into Year Two, your compliance checklist should look a bit like this:
- In years 2-3, maintaining and enhancing your compliance should become a part of your operational rhythm
- Maintain ISO 27001 certification and compliance
- Continuous monitoring is critical
- While year one is typically a full certification audit, years 2-3+ become a surveillance audit to maintain your certification
Ultimately – which one is better, SOC-2 or ISO 27001? Depends – but most SaaS companies nowadays will want to have both, and ideally done at the same time since there’s about 70% overlap between the SOC-2 report and ISO 27001 certificate.
“Oftentimes if you know you need to get both done, we tell people to get it done at the same time and just, kill two birds with one stone,” Shrav explained. “Now the way you determine whether you need SOC-2 or ISO— they’re very similar. SOC-2 is a lot more common in the U.S., whereas ISO 27001 is a lot more common if you have customers in Europe, Australia, and other territories. And a lot of those customers so this is also where your customers are based, not necessarily where the company is based, which is a common misconception.”
It’s going to get a bit harder for CEOs and CTOs to maintain security and compliance going into 2024.
“You’re seeing data breaches happen all the time,” Shrav said. “These are having real-world impacts. So I think we’re just going to continue to see this, more and more and there’s just going to be more things to comply with. There’s just going to be a continued increased scrutiny on security and privacy.”
The bar is only going to get higher as buyers increase scrutiny and AI becomes more integrated in SaaS and technology.
Shrav sees security and AI as the two biggest faces in software for the next decade.
“I think security is one of the largest spaces, behind, AI because there are always going to be, more and more attackers and more and more, breaches and more and more reasons to have a heightened security program,” Shrav explained. “Gartner’s newest I.T. Spending forecast said that I.T. Services is projected to be one of the fastest growing categories of 2024. It’s growing 10 percent you know, from last year. And 80 percent of these CISOs said that they plan to boost their spending on cyber and information security.”
Part of that may be due to this large intersection of AI and security. We’re already seeing a huge collection of customer data and new threats from these AI-enabled cyber attacks, which will only signal more growth in an already fast-growing space. So look for security and compliance to gain momentum this year.
We recently chatted with ZoomInfo CEO Henry Schuck on what it’s like to sell and service customers that are both startups and enterprise. So, now let’s look at that from a security and compliance standpoint. How is Secureframe servicing both startups and enterprise customers?
On the SMB side, Secureframe sees a lot more inbound when they have a startup receive a security questionnaire from a potential new customer and they need to become SOC-2 compliant very quickly to close the deal. They have a very specific problem that needs solving — fast. While on the Enterprise side of things, they’re often already SOC-2 compliant and have an existing process, so what they’re looking for is saving time (and money) to improve their security efficiencies at scale.
So how do you market to these two radically different segments that still need the same product?
“A lot of the messaging on the SMB side is around, ‘Hey, let’s get you SOC-2 compliant.’ Let’s help you do it quickly.” Shrav continued, “On the enterprise side, they don’t really care about, getting it done quickly. They already have a SOC2. They want to get, more efficient, with how they do it. They want to automate a lot of their enterprise workflows. Saying something like, ‘Hey, let’s help you get SOC2 compliant in weeks not months is not that appealing to them at that level.”
The sales teams at Secureframe are completely segmented by SMB vs. Mid-Market vs. Enterprise for this reason. Shrav still sees a ton of value in SMB (whereas many others have dropped serving SMBS due to budgets) but Secureframe still wants the fast-growing SMB companies since many of their customers grow with them since switching compliance vendors is much harder than switching say a sales or marketing tool.
Not sure if you might’ve noticed, but SOC-2 is actually an extremely competitive and crowded category within SaaS.
“If you’re winning every deal, you’re not enough, it’s straight from the SaaStr blog,” Shrav joked. “Our thesis with Secureframe is really that the last 10 years have been about, the بنڈلنگ of software and it’s pretty much about offering a point solution or microservice for everything.
And we believe that the next 10 years is going to be about the دوبارہ بنڈلنگ of software. And with other companies in our space, you have to go to a different vendor for your readiness, your security awareness training, your security questionnaires, your trust center,etc. And that’s a lot of vendors to manage and integrate. And it never integrates nicely. Never a lot of it. At secure frame, we keep this all under one roof and we still integrate with a lot of these other partners.”
The goal for them has been to become the most comprehensive vendor.
“It’s interesting how it’s the revenge of the suite today, right?” Jason asked. “Vendr just had a report saying that last year, 80 percent of their spend went to existing vendors and renewals. It’s 80 percent in one year, so yeah, the cloud budgets are growing 10 percent or more for Gartner, but your existing vendors are absorbing all of it. So the more you can offer it’s the winning, it’s the winning play. It’s pretty crazy.”
[سرایت مواد]
- SEO سے چلنے والا مواد اور PR کی تقسیم۔ آج ہی بڑھا دیں۔
- پلیٹو ڈیٹا ڈاٹ نیٹ ورک ورٹیکل جنریٹو اے آئی۔ اپنے آپ کو بااختیار بنائیں۔ یہاں تک رسائی حاصل کریں۔
- پلیٹوآئ اسٹریم۔ ویب 3 انٹیلی جنس۔ علم میں اضافہ۔ یہاں تک رسائی حاصل کریں۔
- پلیٹو ای ایس جی۔ کاربن، کلین ٹیک، توانائی ، ماحولیات، شمسی، ویسٹ مینجمنٹ یہاں تک رسائی حاصل کریں۔
- پلیٹو ہیلتھ۔ بائیوٹیک اینڈ کلینیکل ٹرائلز انٹیلی جنس۔ یہاں تک رسائی حاصل کریں۔
- ماخذ: https://www.saastr.com/the-intersection-of-ai-and-security-whats-new-at-secureframe-with-ceo-shrav-mehta/
- : ہے
- : ہے
- : نہیں
- :کہاں
- $UP
- 10
- 100
- 2024
- 27001
- 50
- 80
- a
- ہمارے بارے میں
- اصل میں
- شامل کیا
- ایڈوب
- AI
- تمام
- پہلے ہی
- بھی
- ہمیشہ
- an
- اور
- ایک اور
- اب
- APIs
- اپلی کیشن
- اپیل
- کیا
- ارد گرد
- AS
- At
- حملے
- آڈٹ
- آسٹریلیا
- خود کار طریقے سے
- میشن
- کے بارے میں شعور
- B2B
- بار
- کی بنیاد پر
- BE
- کیونکہ
- بن
- ہو جاتا ہے
- رہا
- پیچھے
- یقین ہے کہ
- بہتر
- کے درمیان
- سے پرے
- بڑا
- سب سے بڑا
- اربوں
- پرندوں
- بٹ
- بلاگ
- بڑھانے کے
- دونوں
- خلاف ورزیوں
- توڑ
- بجٹ
- لیکن
- خرید
- خریدار
- خرید
- by
- کر سکتے ہیں
- پرواہ
- اقسام
- قسم
- سینٹر
- سی ای او
- سی ای او اور بانی
- سی ای او
- سرٹیفکیٹ
- تصدیق
- سرٹیفکیٹ
- چیف
- سسکو
- CISO
- کلوز
- اختتامی
- بادل
- مجموعہ
- کمیٹی
- کامن
- کمپنیاں
- کمپنی کے
- مقابلہ
- مکمل طور پر
- تعمیل
- شکایت
- عمل
- وسیع
- مواد
- جاری
- جاری رہی
- پاگل ہو
- اہم
- ہجوم
- گاہک
- کسٹمر کا ڈیٹا
- گاہکوں
- سائبر
- سائبر اٹیکس
- اعداد و شمار
- ڈیٹا برش
- نمٹنے کے
- ڈیلز
- دہائی
- وقف
- اس بات کا تعین
- مختلف
- بات چیت
- do
- کر
- کیا
- نہیں
- نیچے
- گرا دیا
- دو
- اس سے قبل
- آسان
- استعداد کار
- ہنر
- ایمبیڈڈ
- ملازم
- ملازمین
- آخر
- بڑھانے
- کافی
- انٹرپرائز
- انٹرپرائز گاہکوں
- پرکرن
- خاص طور پر
- وغیرہ
- یورپ
- بھی
- آخر میں
- ہر کوئی
- سب کچھ
- موجودہ
- توسیع
- تجربہ
- وضاحت کی
- انتہائی
- چہرے
- کافی
- فاسٹ
- سب سے تیزی سے
- تیزی سے بڑھتی ہوئی
- فن ٹیک
- کے لئے
- پیشن گوئی
- بانی
- بانی اور سی ای او
- فریم
- سے
- مکمل
- حاصل کرنا
- گارٹنر
- حاصل
- حاصل کرنے
- Go
- بازار جاو
- مقصد
- جا
- بڑھائیں
- بڑھتے ہوئے
- ترقی
- تھا
- ہو
- مشکل
- ہے
- ہونے
- he
- اونچائی
- مدد
- ہینری
- یہاں
- اعلی
- انتہائی
- کرایہ پر لینا
- ان
- مارو
- پکڑو
- کس طرح
- تاہم
- HTTPS
- بھاری
- i
- مثالی طور پر
- ie
- if
- اثرات
- پر عملدرآمد
- نفاذ
- عملدرآمد
- کو بہتر بنانے کے
- in
- اضافہ
- اضافہ
- صنعت
- معلومات
- انفارمیشن سیکورٹی
- ضم
- ضم
- انٹیگریٹٹس
- انضمام
- دلچسپ
- چوراہا
- انٹرویو
- میں
- ISO
- ISO 27001
- IT
- صرف
- رکھیں
- کو مار ڈالو
- جان
- بڑے
- سب سے بڑا
- آخری
- آخری سال
- تازہ ترین
- دے رہا ہے
- سطح
- کی طرح
- لوڈ
- دیکھو
- تلاش
- بہت
- برقرار رکھنے کے
- برقرار رکھنے
- انتظام
- مینیجر
- بہت سے
- نشان
- مارکیٹ
- مارکیٹنگ
- Markets
- مئی..
- پیغام رسانی
- وسط
- درمیانی منڈی
- میری
- غلط فہمی
- لمحہ
- رفتار
- قیمت
- نگرانی
- ماہ
- زیادہ
- زیادہ موثر
- سب سے زیادہ
- منتقل
- بہت
- ضروری ہے
- ضرورت ہے
- ضروریات
- کبھی نہیں
- نئی
- تازہ ترین
- اگلے
- اب
- of
- بند
- پیش کرتے ہیں
- کی پیشکش
- افسر
- اکثر
- on
- ایک
- صرف
- کھول دیا
- آپریشنل
- or
- دیگر
- دیگر
- ہمارے
- باہر
- حصہ
- شراکت داروں کے
- لوگ
- فیصد
- پائپ لائن
- منصوبہ
- پلیٹ فارم
- پلاٹا
- افلاطون ڈیٹا انٹیلی جنس
- پلیٹو ڈیٹا
- کھیلیں
- کھلاڑی
- پوائنٹ
- ممکنہ
- خوبصورت
- کی رازداری
- شاید
- مسئلہ
- عمل
- حصولی
- مصنوعات
- پروگرام
- متوقع
- عوامی
- تیز
- جلدی سے
- یکسر
- تیاری
- تیار
- حقیقی دنیا
- واقعی
- وجہ
- وجوہات
- وصول
- حال ہی میں
- باضابطہ
- تجدید نو
- رپورٹ
- ٹھیک ہے
- بڑھتی ہوئی
- چھت
- s
- ساس
- کہا
- فروخت
- اسی
- بچت
- کا کہنا ہے کہ
- یہ کہہ
- پیمانے
- سکیلنگ
- جانچ پڑتال کے
- محفوظ بنانے
- سیکورٹی
- سیکیورٹی بیداری
- دیکھنا
- دیکھ کر
- لگتا ہے
- دیکھا
- دیکھتا
- حصوں
- فروخت
- سیریز
- سروس
- سروسز
- سروسنگ
- خدمت
- سیکنڈ اور
- مشترکہ
- اشتراک
- ہونا چاہئے
- شریگن
- کی طرف
- اشارہ
- اسی طرح
- بعد
- بیٹھتا ہے
- SMB
- ایس ایم بی
- So
- سافٹ ویئر کی
- حل
- حل کرنا۔
- کچھ
- کسی
- کچھ
- خلا
- خالی جگہیں
- مخصوص
- خرچ
- خرچ کرنا۔
- دائو
- معیار
- موقف
- شروع
- سترٹو
- ابھی تک
- پتھر
- کہانی
- براہ راست
- سویٹ
- اس بات کا یقین
- نگرانی
- T
- ٹیبل
- لے لو
- لیا
- ٹیم
- ٹیموں
- ٹیکنالوجی
- بتا
- خطے
- سے
- کہ
- ۔
- ان
- ان
- تو
- وہاں.
- یہ
- مقالہ
- وہ
- چیزیں
- لگتا ہے کہ
- اس
- اس سال
- ان
- خطرات
- وقت
- کرنے کے لئے
- آج
- اوپر
- کے آلے
- اوزار
- ٹریننگ
- بھروسہ رکھو
- کوشش
- کی کوشش کر رہے
- دو
- عام طور پر
- ہمیں
- کے تحت
- اپ ڈیٹ کریں
- استعمال کیا جاتا ہے
- عام طور پر
- قیمت
- وینڈر
- دکانداروں
- بہت
- کی طرف سے
- ویڈیو
- vs
- انتظار
- چلنا
- دیوار
- چاہتے ہیں
- چاہتا ہے
- تھا
- راستہ..
- we
- مہینے
- اچھا ہے
- چلا گیا
- کیا
- جب
- جبکہ
- چاہے
- جس
- جبکہ
- ڈبلیو
- کیوں
- گے
- جیت
- ساتھ
- کے اندر
- کام کے بہاؤ
- قابل
- سال
- سال
- آپ
- اور
- یو ٹیوب پر
- زیفیرنیٹ