SaaS Purchasing Insights

July 2023

Only 8% of SaaS vendors have achieved both SOC2 and ISO 27001 compliance

The cost of a subscription remains an influential factor in the procurement of any software application, but another crucial consideration should be around the vendor’s compliance. In other words, ensuring the vendor in question has implemented strong security controls and demonstrated a commitment to protecting sensitive information.

One of the most effective ways these vendor’s can demonstrate this is by being both SOC2 and ISO 27001 compliant. Yet, only 8% of software providers are.

While this small percentage does in fact account for more than half (58%) of total SaaS spend within the average organization, it still highlights just how many tools within the average software stack aren’t meeting a certain standard when it comes to their security.

And it’s not much better for those certified in at least one – only 14% of vendors are SOC2 compliant and even fewer (10%) are ISO 27001 accredited.

19% of SaaS spend goes to vendors without any compliance certification

What’s even more concerning than the fact that over half of SaaS spend goes to companies without SOC2 and ISO27001 compliance, is that almost a fifth (19%) goes to those without any compliance certification whatsoever.

What’s even more concerning than the fact that over half of SaaS spend goes to companies without SOC2 and ISO27001 compliance, is that almost a fifth (19%) goes to those without any compliance certification whatsoever.

Despite SaaS applications being secure by design, the way they are configured and governed can pose a substantial risk to organizations, which makes this a huge problem. And it’s one that’s only going to get bigger – as SaaS stacks continue to grow at a rate of 18% each year, so too does the potential attack surface.

So, what’s really causing companies to overlook this when procuring these tools?

In many cases, a decentralized SaaS purchasing process and a lack of time. Often, only the highest value contracts are those that are properly vetted, even though many of the smaller ones handle sensitive data.

With Vertice this no longer has to be a problem.

Streamline compliance vetting for any potential vendor with Vertice’s diligence insights ›

Trending SaaS vendors

What are the most popular SaaS applications this month?

To answer this, we’ve looked at the top ten SaaS vendors by the total contract value (TCV) of new transactions across our user base – both new purchases and renewals – and tracked their monthly movements.

Vendor of the month: Drata

 

Recognized as one of our rising SaaS vendors for July, having seen the third largest increase in total contract value (TCV) across our user base, this month’s vendor spotlight is on compliance automation platform, Drata.

With more than 2,000 customers worldwide, and a recent valuation of $2 billion, it’s no surprise that the company is becoming a firm favorite, not only in its market, but also across our customer base.

SaaS category of the month: Compliance Automation

Companies are under increasing pressure to demonstrate ongoing compliance, as a result of evolving regulations, increased enforcement, cybersecurity risks, and greater customer expectations. It therefore comes as no surprise that so many are now turning to compliance automation platforms to maintain a high standard of compliance on an ongoing basis.

But while market-leader Drata may be our vendor of the month, it’s certainly not the only player in the market. Based on spend across our user base, other popular vendors include Vanta, Secureframe, Auditboard and Sprinto, all of which are worth considering if you’re looking to add a tool of this kind to your SaaS stack.

Further reading

Smarter SaaS Spend

Learn more about Vertice and how we can help your business save on SaaS.