Security programs are killing product-led growth

There are so many great product-led SaaS tools today - many of my friends and former colleagues are building amazing products that genuinely make a major impact in my or company’s productivity. But in the last five years, security programs have gotten so much more stringent, making it significantly harder to convince all the necessary stakeholders to use, let alone buy, these new tools.

In particular:

• Concerns about data privacy and data residency make it really hard to use any products that might have access to sensitive information
• Compliance programs make it hard to try out any products that don’t already have commensurate compliance certifications
• Security vendors have been very successful in selling solutions to clamp down on shadow IT usage and ensure all your SaaS products have the right IAM controls

Simultaneously, it’s really easy for cloud providers and industry incumbents to ship copycat products. While these products might have a significantly worse user experience, they can bundle the features into existing subscriptions, already integrate with the IAM tools that organizations use today, and they already have the data privacy and compliance programs in place.

I think this trend has helped fuel the rise of open source software. Instead of using a cloud-hosted service, it’s a lot easier to get started for free with open source software as no sensitive data is leaving infrastructure you control. Even though open source software does introduce a different set of security risks, they don’t interfere with compliance programs.

But not all software is suited to be open source and your users may not be technically savvy enough to set up your software in the absence of a nice web GUI. Even if you are running a successful open source project, building a product-led, cloud-hosted version of your software as a commercial offering might come with far more barriers than you anticipated.

The headwinds today for product-led companies are really strong. If you are working in a startup today and feeling these pains, I’d love to speak to you!