[hackitup7]

Seems like these enterprise-in-a-box services are taking off and I like the role that they play in the ecosystem. That said there's a lot more to it than what Boxy offers – a lot of what enterprises need is about configurability and flexibility for wildly varying use-cases, as well as general compliance. It looks like Boxy (authors of this post) are building more logging and governance features soon which I think will be useful for them.

We wrote about some of the broader flexibility features on our blog as well – https://staysaasy.com/product/2022/02/19/enterprise-selling-...

[caloique]

I just read your blog post and found it interesting; thanks for sharing it. I'm one of the co-founders at BoxyHQ, agree that there is more to it, enterprise requirements are always different, some certifications could be standard but if you double click each enterprise has its own complexities.

From our side, we have started with these features since we have seen they are common pain for early-stage startups, but in terms of our vision, we are focusing on developer-first security tools. And we believe that there are many opportunities to help close the gap between compliance and security.

[hackitup7]

Cool, glad you enjoyed it (I enjoyed yours as well).

The developer-first security angle is interesting – not sure if you include this in your categorization of security, but what I most frequently see SaaS companies / developers struggling with is data governance. For example, ensuring that they can comply with GDPR or CCPA deletion requests, store data in local geos, etc. A lot of this gets built by SaaS companies in-house.

The flexibility piece is different but comes up in sales more IME. Essentially every CRUD action in an enterprise SaaS app ought to be logged and accessible by API (which creates the same root problem of requiring a lot of developer time). But it manifests very differently in sales cycles from complying w/ GDPR:

* Regulatory compliance is often more of a box checking exercise for buyers (like SOC2)

* Having flexibility to log and manipulate everything via API is often a line-by-line evaluation of "can you meet X use case that we have for data integration" or "can you handle Y risk that we're worried about"

Good luck building Boxy!

[caloique]

Cool insights, thank you for taking the time to go deeper. I'll share it with the team to explore further. Good vibes!

[chrisweekly]

Sure; see also https://WorkOS.com in this space.