Max Baehr

Product | Platform | Vibes

An important privacy update: life is SaaS

May 31, 2018  /  max baehr  /  Source

Oh look, it’s another story/article/word-pile about GDPR, hooraaaay.

— You, probably

Whatever. Deal with it. GDPR is happening, and you can’t make it not happen. It’s all around us, like a fine, legal mist. It’s clogging inboxes. It’s generating a lot of overtime work for people who advise SaaS companies about such academic topics as, “Are both Irelands still in the EU?” and “Introductory how not to get sued.”

As a consumer GDPR is (probably) pretty great. Standardized consumer data protection with international remit, right to be forgotten, all that good stuff. Maybe some wiggle room for terrible people to lose track of their terrible deeds. But that’s not what this article’s about.

As a software provider, GDPR is (probably) a pretty thorny pain your butt. Global-impact regulation, empowerment for customers to ask pesky questions, all that good stuff. But that’s not what this is about either.

What this is about is OH MY GOODNESS we use a lot of SaaS.

Oh, this is going be somehow even worse than reading about GDPR. Hooray.

— Also you, probably

My personal inbox and actual life

This afternoon, I opened up the ol’ inbox and took a spin down GDPR lane. I did this by searching for ‘GDPR’, reading a handful of email subjects, and doing some light categorizing. Friends, I am a party animal.

But I did it, and here we are, and the results from my pseudoscientific study with an N of 1 are in, and here’s what I learned about the 40ish places where I’ve apparently e-signed a privacy policy that’s apparently been updated:

  • Content and social platforms, including Medium: 5

  • Content and mailing lists and actually it’s mostly just spam: 7

  • Donation / kickstart platforms and other shopping destinations: 4

  • Professional SaaS: 2, and I’m counting Atlassian here

  • Consumer SaaS: 10, and I’m counting Trello here, fight me

  • I genuinely don’t know what these things are: 3

  • Technology tinker-toys (proxies, webhooks, IOT): 4

  • Google: 4

In all, it’s probably a 50/50 split of things I actually use, and things I should probably depart from in one way or another.

(Honorable mention to Tasting Table’s appearance in my inbox search for “GDPR”. Turns out it was actually a normal food-and-stuff dispatch that included a GDPR-themed joke, because of course it did. Bamboozled again!)

But hey, it wasn’t a total waste of time — I learned some things!

I learned (read: never had the opportunity forgot) that newsletters are annoying, because it’s not 2005 and I don’t maintain an RSS feed anymore, so maybe it’s time for newsletters to make a comeback? I learned that I’m on too many platforms, and that I apparently signed up for CircleCI with my personal account. I learned that everyone really cares about my privacy this week.

Finally, I learned that a video-game-things account that I haven’t touched in probably-forever years had been breached and hijacked. I also re-learned about the associated email address that I’d totally forgotten about, which had maybe also been hijacked along the way. It’s all sorted now, but that was a fun little diversion with basically no consequences. Get your own account, Dd Ff, if that even is your real name…

Things I learned about my job

By day (and sometimes night), I work as a PM at a SaaS company. Ta-da, skin in the game.

As part of GDPR, we were compelled to send Data Processing Agreements (DPAs) to any vendor we use that handles user data. Most of those vendors are also SaaS companies, who, downstream of us and others, did the same (or a similar) thing.

Of those vendors, most are focused on helping us improve our own B2B and B2C customer experience and services. Most of them also have a mix of B2B and B2C customer experiences and services.

If I had to guess, I’d assume many of them use each other, and if you took a snapshot of the software world’s current lattice of GDPR-driven activities, you’d likely find a whole lot of legal boilerplate sitting on top of a tangled web of DPAs and similar-sounding support articles.

Too much aaS

Look, here’s a table from the future:

Source: Gartner, Feb. 2017, via The SaaS Report

Source: Gartner, Feb. 2017, via The SaaS Report

Those numbers are all millions. So, hundreds of thousands of millions. Hundreds of…billions? Yeah. Good stuff. Also, please note that the distinction of “SaaS” here is pretty narrow.

To quickly orient you:

  • BPaaS: if you try lazy-Internet-river-researching BPaaS, you’ll run into a lot of chat about “remote delivery” of “business process management” through “cloud solutions,” which all sounds a bit ridiculous and abstract. But BPaaS is kind of… that. It’s the orchestration layer that consumes from, and delegates to, the lower layers. Or something.

  • PaaS: platform, defined as a blurry space between SaaS and IaaS, characterized by the genuine enablement of third party services, and described by this paraphrased quotation, attributed to Bill Gates, surfaced (to me, anyway) from this interview, by this great article: “A platform is when the economic value of everybody that uses it, exceeds the value of the company that creates it.”

  • SaaS: consumer- or business-facing. Probably has an interface and some sort of consumer / end-user experience. You use a lot of it.

  • IaaS: the actual backbone without which none of the other stuff works, which is why Gartner’s projections for this category show roughly 1.5x the acceleration of al the others. Think about AWS. Now think about what happens when a region goes down for whatever reason and everything breaks. That’s infrastructure, baby. Aww, yeah.

And these definitions aren’t even good. What’s eBay? Well, it’s a platform that provides a two-headed marketplace comprising a key business process solution, and an end-consumer experience. And Salesforce? Well, that’s a…hmm.

You know what? We’ll come back to that.

It’s all a ridiculous nest

And of course, it’s all interdependent, and in fairly heavy flux via birth, death, collision, acquisition, and other market forces.

Here’s a handy chart of questionable accuracy and broad generalization that helps me make sense of this world:

I like Keynote. I’m sorry. I‘m not sorry.

Some notes:

  1. Most ideas never leave the “My Idea” phase

  2. Most idea companies never leave the “My Idea Co.” phase

  3. Each phase can feed back up, or across, or loop around, or be two things at once, etc.

  4. There is a high potential for failure at every stage, because life isn’t fair, and most of your hard-fought success is probably a combination of timing and luck anyway.

Sometimes, early companies will have Very Big Ideas (“Organize the world’s information and make it universally accessible and useful,” anyone?), and go on to achieve success to match the size of the ideas. But these are outliers.

In general, as you move down the chain, the ideas get huger; the number of companies gets smaller; and the acquisitions get more frequent.

Source: Google image search for “business fish eating other fish,” probably.

If I had to pull a rough count and timeline of all the SaaS acquisitions over the last two decades, then it would probably be helpful if I weren’t too cheap to get myself a paid subscription to CrunchBase.

But I am, and here we are.

So I’ll go with a rough estimate based on:

  • Experience

  • Some rough observations

  • How very obvious the answer is

Here’s the answer: it’s a lot of acquisitions, representing some fairly staggering numbers. In fact, don’t take it from me — take it from the world’s premier business-process-software-platform-as-a-service:

Genuinely, it’s pretty amazing. Salesforce is essentially an apex predator, representing — if you take both their and Gartner’s numbers at face value— more than a quarter of the projected 2020 cloud services market. And more than a quarter of that is locked up in the (helpfully specific) “App & Other” category, itself a total nest of IP and possibility.

Where in the nest are you?

There’s an oldie-but-goodie quote that you’re probably familiar with, which is applicable to this conversation:

“During the gold rush its a good time to be in the pick and shovel business.”

— Mark Twain

Software is a sort of gold rush, except the picks and shovels are made with other picks and shovels, the building materials are effectively infinite, and the only real finite resource is a combination of end-user need and attention, which are both moving targets. New need? NEW SHOVELS!

So that’s fun.

This is dumb.

— You, probably

But this metaphor is actually kind of handy. At the very least, it can be a helpful frame for some of the questions we should be asking ourselves as idea-havers, software creators, and consumers:

As an idea-haver: are you mining gold, or making shovels? If you’re making shovels, are they for miners, or other shovel-makers? If your idea is successful, how does it align within its ecosystem?

As a software creator: same as the above, but now that your idea exists, be honest with yourself: are you creating a simple one-off solution, an industry changing Big Idea, or a play to get eaten by a bigger, shovel-wielding fish?

As a consumer: what am I using that actually helps me? Where am I deriving value? Where in their idea-paths are the companies I interact with, and based on what I’ve seen, and what I need to do, what can I learn from them?

In conclusion

Going back to GDPR (oh yeah!), there’s now a whole sub-category of SaaS products just to facilitate managing that particular headache. Which is kind of a key business process. So it’s sort of like a small gold rush of BPaaS. Except it’s all definitely SaaS. But don’t take it from me — take it from this other SaaS site that’s kind of like a platform for finding more SaaS.

Welcome to the future. Be careful out there, and ask lots of questions, or you might trip and fall into a big, deep SaaS-hole.