By Jason Meller
A decade is a man-made construct. It’s a corrugated cardboard box that we pack up with our moments until it’s full. Then, right before we seal it up, we glance down and distill all of those moments into a label. We write it on the box, and then the next box arrives. Everything changes again.
Occasionally though, a black swan event aligns with the start of a new epoch. The forces of change, normally imperceptible, suddenly crash violently into our present and immediately define our future. We just opened the 2020s box, yet its label is obvious. It’s written in black bold letters. COVID-19.
Thanks to COVID, inevitable changes which were meant to happen over ten years, happened in less than one. As a U.S. citizen, I’ve personally witnessed the one-way transition to remote work, the mass migration away from urban centers, a collective awakening toward systematic social injustice, a baby boom, and precedence for universal basic income and free healthcare among countless other generationally defining changes.
Yet, without the necessary liminal space to reflect and then adapt, industry leaders are committing unforced errors by attempting to revert back to a world that simply cannot exist anymore: a world where end-users’ needs weren’t considered. This is creating an unprecedented number of opportunities for swift, agile, and innovative companies that are in a position to capitalize on them.
In my role as CEO of Kolide, a B2B SaaS company, I’ve taken note of major upheavals in company power structure and cultural attitudes at even the most despotic organizations.
The headline? Employees, not the employers, are now running the show. The age of end-user first SaaS is here, it’s either adapt or die. Here is my survival guide.
1. Honestly evaluate your product’s weaknesses through the eyes of end-users
While B2B software often claims to be end-user friendly, when put to the test, it’s typically only user-friendly for the buyers and the administrators, and outright fails to consider its impact on wider employees.
It’s a symptom of pragmatism. Resources are limited, and at the end of the day, cutting a critical feature important to a buyer in order to satisfy an end-user that has no influence over the buying process is foolish.
Take Kolide’s industry, endpoint security, as an example. Traditionally, endpoint security software works by installing a program (called an agent) on every device. This agent collects telemetry and sends it to a central place, where the data is then analyzed to identify potential security threats, ultimately generating alerts for a security team to resolve.
End-users have always hated security software. But security companies were never rewarded for addressing their needs directly. Buyers said they cared, but ultimately their true feelings were revealed when faced with a compromise.
I’ve always hated this dynamic and felt that the end-user relationship with the security team was too important to squander on bad tools. That’s why my startup Kolide was founded on the basic premise that end-users themselves are key participants who should be explicitly included and considered when looking to solve IT and Security challenges. This approach naturally led us to building a system which end-users could trust, even though at the time, end-user trust was not an objective most of our customers had in mind.
Before the pandemic, selling this to many U.S.-based companies was like pulling teeth. Afterward, with end-users holding a real seat at the buyer’s table, it was like a switch had flipped. Despite no real marketing and promotion, we found ourselves being inundated with inquiries from companies who desperately needed to meet compliance and security objectives, but couldn’t find solutions on the market that end-users felt comfortable running on their devices.
We didn’t arrive here through pure divination, it took rolling up our sleeves, picking up the phone, and talking to real people about their experiences with security software. It was only through their point of view where we could see the now obvious improvements that could be made.
2. Prepare for the privacy council review
We are already seeing the secondary reverberations of the remote work transition ripple through industries and economies. I cannot remember another time when employees in tech had so much negotiating leverage over their employers.
Sensing their new power, confident employee groups in the U.S. are eager to test the extent of their newly found leverage and influence. This influence takes the form of employee-formed and management-supported privacy councils, which have installed themselves as novel blockers along the well-trodden B2B procurement process.
At many companies, privacy councils were formed as offshoots to reduce legal exposure around the intersection of B2B SaaS and the various data privacy laws at play (like the GDPR). Yet, because many of these laws remain untested, the individual opinions of privacy council members dominate and ultimately determine the outcome of procurement decisions.
U.S.-based sellers (and our competitors) who previously breezed through procurement processes are now befuddled by the sudden pushback from these powerful councils. More importantly, they lack the experience or even basic product capabilities needed to earn their approval.
At Kolide however, the investment we’ve made in the end-user quality of life features have proven themselves an integral part of our selling process and our customer’s ability to easily deploy the solution internally. Specifically, we built an entire section of our app accessible to end-users to explain to them in plain English what data is collected, for what purpose, and who sees it.
It took us dozens of interactions across numerous privacy councils to hone these parts of our application. The key was to always approach these interactions in good faith and respond to feedback swiftly. Before long, any hostilities that may have underscored our initial interactions were replaced with friendly collaboration, and eventually, their enthusiastic support.
3. Your EU story is the canary in the coal mine
Looking to test your mettle in this brave new world? Well let me ask you another question, how is your EU and UK expansion going?
Many of these systematic changes ushered in by the pandemic in the U.S. have already been staples in the EU for years. The GDPR has already focused SaaS businesses to re-think their privacy story and union-driven Works Councils often play a major role in the procurement process.
As a CEO of an early-stage company I was worried that the horror stories of EU procurement would impact our ability to grow quickly, but I found out in practice, with an end-user focus we sailed through the process with minimal help.
If you find yourself in a position where EU sales are fraught with friction and defeat, this may be a signal that trouble might be brewing at home. If on the other hand, you gain EU customers effortlessly, then you may already be well prepared for the changes sweeping the US B2B landscape.
4. Plan For The Future
B2B software companies looking to the future need to consider these trends carefully and start planning today. You can’t just slap on a privacy dashboard and pay lip service to their concerns. You have to understand that the makeup of the decision-makers has changed and refocus your app towards them, even if it means bucking decades of best practices in your industry in the process.
Without real and compelling benefits and assurances, end-users will not tolerate your solution, and the councils that represent their interest won’t buy in. Without their support, you are not getting a deal done. It’s just that simple.
So don’t wait, evaluate your product, build a plan for the privacy council, and test your efforts today in the EU. If you plan now, you may find that rare moment where opportunity meets intense preparation. You know, that thing your competitors call “blind luck.”
About the author
Jason Meller is the founder and CEO of Kolide. He has spent his 10-year career building technology that enables cyber security professionals to protect their interests and successfully defend them from sophisticated and organized global cyber threats. You can follow Jason on Twitter or read more on Kolide’s Honest Security Manifesto here.