|
|
|
|
|
|
by caloique
1425 days ago
|
|
|
I just read your blog post and found it interesting; thanks for sharing it. I'm one of the co-founders at BoxyHQ, agree that there is more to it, enterprise requirements are always different, some certifications could be standard but if you double click each enterprise has its own complexities. From our side, we have started with these features since we have seen they are common pain for early-stage startups, but in terms of our vision, we are focusing on developer-first security tools. And we believe that there are many opportunities to help close the gap between compliance and security. |
|
|
The developer-first security angle is interesting – not sure if you include this in your categorization of security, but what I most frequently see SaaS companies / developers struggling with is data governance. For example, ensuring that they can comply with GDPR or CCPA deletion requests, store data in local geos, etc. A lot of this gets built by SaaS companies in-house.
The flexibility piece is different but comes up in sales more IME. Essentially every CRUD action in an enterprise SaaS app ought to be logged and accessible by API (which creates the same root problem of requiring a lot of developer time). But it manifests very differently in sales cycles from complying w/ GDPR:
* Regulatory compliance is often more of a box checking exercise for buyers (like SOC2)
* Having flexibility to log and manipulate everything via API is often a line-by-line evaluation of "can you meet X use case that we have for data integration" or "can you handle Y risk that we're worried about"
Good luck building Boxy!