SaaS Security — How Your Security Impacts Your Investment Deals | Pivot Point Security

Last Updated on September 9, 2020

Anyone involved in consuming, providing or regulating cloud services knows that security is a critical concern. But that doesn’t mean every software-as-a-service (SaaS) provider has a robust security posture-especially when you’re taking a hard look at it as a potential investor.

Just how important is data security and privacy to the growth and investment potential of an early-stage SaaS company?

We got the complete picture from a front-line expert on a recent episode of The Virtual CISO Podcast. Our guest was Jesse Nash, a partner at Reitler Kailas & Rosenblatt LLC, a leading venture capital law firm based in Manhattan. Jesse represents both SaaS companies and their investors, so he knows the issues from every angle.

How should a growing SaaS business approach data security and privacy?

“What my early stage and growth stage SaaS companies are trying to do is understand the regulatory environment their customers need to meet and building a data security and privacy infrastructure that matches up with those expectations,” says Jesse.

What are venture capital and private equity investors looking at?

“What I’m doing in transactional and M&A due diligence is trying to get a handle on the data security and privacy risk and compliance that those companies are experiencing, to see whether they are a viable investment candidate or not,” Jesse notes.

“Number three, when it comes time to exit that company, there’s going to be a solid story in terms of data security and privacy compliance that’s not going to be a due diligence drag when they go to sell the company for hopefully multiples of what they invested in it,” Jesse concludes.

In short: your security story equals your investment potential.

With so much on the line, Jesse counsels clients to uncover and address security snags before moving towards a deal. He recommends reading an article from McKinsey titled, “ Securing software as a service.”

Jesse relates: “What [McKinsey] did was interview CISOs from major companies about their experiences doing B2B SaaS transactions. What the CISOs experienced was a pretty significant disconnect in terms of the B2B SaaS company and how it was approaching those CISOs and engaging-becoming a partner and a stakeholder in the customer’s data security and privacy infrastructure.”

“What these CISOs say is, ‘Look, our biggest drawback to going on the cloud … is data security and privacy. That’s the number one impediment. It’s not cost; it’s not a product/need match. It’s not loss of control or other operational concerns. It’s data security and privacy. That is the biggest issue in terms of an impediment to the growth of SaaS,’” adds Jesse. “CISOs are going, ‘I really need you guys to step up and be a bigger stakeholder in helping me do my job.’ So that’s been the impasse that I’ve seen [in deals].”

If you work for a SaaS, want to invest in a SaaS or purchase a SaaS, you need to hear this podcast end-to-end. You can listen to the full show with Jesse Nash here.

If you don’t use Apple Podcasts, click here.

Originally published at on September 8, 2020.

We are a trusted source of simple, practical, and actionable information security guidance.