Escalating costs may well remain a major concern for almost all finance leaders worldwide, but it’s by no means their only concern. According to Deloitte’s latest CFO Signals Survey, cyber attacks are also top of mind for many, with 56% considering them to be one of the external risks they’re most worried about.
And it’s no surprise, given the impact these cyber threats can have on financial performance – data from Varonis indicates that the average company with data in the cloud is at risk of a $28 million data breach.
The question is, what exactly is driving this risk?
To a large extent, SaaS.
In a report released by the Cloud Security Alliance just last month, it was found that many recent breaches and data leaks have been directly linked back to these SaaS applications. When you consider that the average organization now uses 130 of them, many of which are often purchased outside of finance or IT’s knowledge or approval, the risk becomes difficult to ignore.
Which means that you need to be taking way more than just price and functionality into account when considering which tools to add to your SaaS stack.
With this in mind, here are our SaaS purchasing insights for July….
Insights of the month
Only 8% of SaaS vendors have achieved both SOC2 and ISO 27001 compliance
While the cost of a subscription remains an influential factor in the procurement of any software application, another crucial consideration should be around the vendor’s compliance. In other words, ensuring the vendor in question has implemented strong security controls and demonstrated a commitment to protecting sensitive information.
One of the most effective ways these vendor’s can demonstrate this is by being both SOC2 and ISO 27001 compliant.
Here’s the thing though – only 8% of software providers are.
While we should point out that this small percentage does in fact account for more than half (58%) of total SaaS spend within the average organization, it still highlights just how many tools within the average software stack aren’t meeting a certain standard when it comes to their security.
And it’s not much better for those certified in at least one – only 14% of vendors are SOC2 compliant and even fewer (10%) are ISO 27001 accredited.
19% of SaaS spend goes to vendors without any compliance certification
What’s even more concerning than the fact that over half of SaaS spend goes to companies without SOC2 and ISO27001 compliance, is that almost a fifth (19%) goes to those without any compliance certification whatsoever.
Despite SaaS applications being secure by design, the way they are configured and governed can pose a substantial risk to organizations, which makes this a huge problem. And it’s a problem that’s only going to get bigger – as SaaS stacks continue to grow at a rate of 18% each year, so too does the potential attack surface.
So, what’s really causing companies to overlook this when procuring these tools?
In many cases, a decentralized SaaS purchasing process and a lack of time.
While maverick spending, and more specifically shadow IT, can cause organizations major headaches, it’s not just the tools going undetected that are cause for concern.
With so many applications now in use across the average business, for many it’s simply too time-consuming to effectively vet each one, which means that the attention is often reserved for the highest value contracts. The problem is, regardless of its cost, any tool that handles your sensitive data is one that should be prioritized.
Fortunately, with Vertice this no longer has to be a problem. Thanks to our platform’s Diligence Insights functionality, you can now streamline the compliance vetting of any potential vendor you’re considering adding into your software stack.
Trending SaaS vendors
Which software applications are trending this month?
Looking at the total contract value (TCV) of new transactions across our user base – including both new purchases and renewals – we’ve ranked the ten most popular SaaS vendors and shown their monthly movements.
Rising SaaS vendors
In addition to looking at the top ten SaaS vendors by their total contract value, we’ve also looked at those that have seen the largest month-on-month increase.
Climbing up the ranks this month include subscription management software, Chargebee, project management tool, monday.com, and compliance automation platform, Drata.
Falling SaaS vendors
Vendor of the month: Drata
Recognised as one of our rising SaaS vendors for July, having seen the third largest increase in total contract value across our user base, this month’s vendor spotlight is on compliance automation platform, Drata.
With more than 2,000 customers worldwide, and a recent valuation of $2 billion, it’s no surprise that the company is becoming a firm favorite, not only in its market, but also across our customer base.
SaaS category of the month: Compliance automation
The reality is that companies are under increasing pressure to demonstrate ongoing compliance, as a result of evolving regulations, increased enforcement, cybersecurity risks, and greater customer expectations. It therefore comes as no surprise that so many are now turning to compliance automation platforms to maintain a high standard of compliance on an ongoing basis.
But while market-leader Drata may be our vendor of the month, it’s certainly not the only player in the market. Based on spend across our user base, other popular vendors include Vanta, Secureframe, Auditboard and Sprinto, all of which are worth considering if you’re looking to add a tool of this kind to your SaaS stack.
The question is, how much do they cost?
According to our data, compliance automation platforms account for 2% of total SaaS spending within the average organization. While this may not seem a huge amount, it can easily equate to tens of thousands of dollars each year.
Here’s the thing though – as with almost every type of software, the list prices aren’t necessarily set in stone, with our data further indicating that vendors in this space offer average discounts of 24%.
Get the best possible price and terms on any SaaS contract
With access to the pricing and discounting data for more than 16,000 software providers worldwide, Vertice can secure you the very best deal on any SaaS purchase or renewal.
What’s more, our experienced team will handle the procurement of these tools on your behalf, saving you a substantial amount of time, while also identifying the cost-saving opportunities that exist within your SaaS stack.
For a better understanding of how Vertice can achieve this and ultimately streamline your SaaS procurement process, take a look at this. Alternatively, search through our vendor database for exclusive pricing intel.
