Compliance in the Cloud


2Q17 was all about Identity Data Governance at Janrain. It fell under a broader compliance umbrella. We were following our four themes over the four quarters.  The focus or purpose for the year was to establish the key differentiation in 2017 that would secure our #1 position in our space in 2018. FYI, our plan worked – we became the global leader in CIAM in December 2018.

Supporting your G1K Customers (Qtr 5 out of 11)

Most startups will not appreciate compliance requirements driven by their global 1000 clients (who are the most demanding), especially compliance in the cloud.

We invested into obtaining several certifications to ensure we met the needs of our targeted clients (Global 1K). Certifications included:

  • ISO 27001: a management system that is intended to bring information security under management control.
  • SOC2 Type2: SOC 2 is designed for service providers storing customer data in the cloud. It requires companies to establish and follow strict information security policies and procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data.
  • CSA Star: Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
  • HIPAAHITECH: created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.
  • PCI DSS: The standard was created to increase controls around cardholder data to reduce credit card fraud.

Yes, of course, we leveraged the many certifications / attestations (20), support for laws / regulations / privacy (22), and compliance alignments and frameworks (16) from AWS. But we also had to layer in our own controls (over 500 in total across all certifications) that ensured that our staff protected/governed our customers’ data. Having our own CISO/Infosec Director and Information Security Management Committee (ISMC) helped us enforce the many policies and procedures needed. It was a special quarter for us. We had invested in and launched our GDPR solutions a year ahead of the regulations going into effect (in April, 2017 we announced our cloud readiness for GDPR and our associated consulting services).

2Q17 Playbooks

In 2Q17 we unleashed the following playbooks:

  • Consulting within a SaaS Company – The Art of the Possible & Pitfalls: starting with an implementation services workshop, followed by reviewing leading case studies, and digging into PS strategy, sales/marketing, offering development, talent management, operations, and metrics/management.
  • The Trojan Horse: How to accelerate sales programs that cause your competition to lose their balance. Ideas here can lead to sales-only approaches, marketing campaigns, and even new quick-wins with feature/function additions to the roadmap. For us this led to giving away parts of our SaaS offering for free, leveraging data breaches more in our marketing campaigns, and accelerating SIEM integration in our roadmap.
  • Targeting the Right Customers: A detailed data exercise analyzing target account lists by rep and reorganizing/prioritizing by total IT spend and core target verticals.
  • Win/Loss Analysis: this always results in both marketing and sales rethinking (new vs. add-on; RFP vs. not; etc). In our case, this resulted in looking at previously deferred, gone quiet, and up for competitive renewal lists. We didn’t want to see anything less than 30% on new logos, ideally 50%.
  • Content is King: Q1 was a booking miss, resulting in us going back to the basics. Re-benchmarking marketing metrics, analyzing awareness vs. lead-gen campaigns, and CONTENT strategy. Have you analyzed your competitor’s content, what the industry influencers are talking about, and all the content your buyer cares about ranked? How do you measure your “voice” vs. your competition?
  • Alliance Strategy (Delivery, Consulting, GDPR, IoT): A playbook that involves revisiting 1) Definitions: What are your target partners 2) Roadmap by Region: NA, EU, APAC, LATAM; and target coverage (e.g. 2x) 3) Scorecards: Partner capabilities / performance 4) Management System: What are your venues to govern your partner strategy 5) Operations: How are you tracking/measuring success 6) Partner Marketing: What is necessary to win.
  • DRR Plan by Account by CSM Book: This is a detailed analysis by customer success manager book of business. It involves past performance and forecast plans. It includes what each CSM has for add-on business they are going after.
  • Support Packages by Account: You know what your support packages are, but do you know how much time your team is spending across your customer list and their corresponding quartiles? The big question that usually comes out of this is what is the team’s strategy to both educate customers to become more self-sufficient as well as adjust their support packages to account for their demands? Support package upsells, staffing, process/workflow improvements can also be achieved.
  • BVD Analysis: “Business Value Deliverable” was the acronym – otherwise known as the market requirement that drives MRDs (market requirement documents) and PRDs (product requirement documents). Having a list of market requirements and priorizing them by value to the customer, level of effort to development, and overall risk to achieving success is hard. Intake processes and requirement tracking throughout the agile process are never easy – but it’s core to good product management.
  • Innovation Projects: This is my way of making sure we 1) are differentiating the core, 2) considering adjacencies, and 3) brainstorming disruptive moves. Minimally, I like to make sure we have at least 10% of our velocity, ideally 20%, being applied to “innovation” compared to 70% to core product roadmap (requested by clients) and 20% to simply running and maintaining (fixing / technical debt, etc.).
  • Story-Telling with Your Roadmaps: This is a product management playbook where we speak to a 5-year vision roadmap. How do you remain vague enough to stay away from locking into things well beyond your agile backlog, but provide the staff, your partner ecosystem, customers, and analysts the confidence that you know your business better than anyone?
  • Talent Assessment: an annual exercise around replacing the bottom 20% (the 5s and 4s), nurturing the middle 60% (3s & 2s), and modeling/rewarding the top 20% (your 1s). Leadership optimized continuously, but we reviewed as a team once a year.
  • Last Qtr Results / Future Qtr Adjustments: Miss your last quarter? Then reduce your spend. Over-achieve? Re-invest or save for a rainy day.
  • Another competitive view: I love dissecting analyst reports – their factors used, the weightings; and then performing a GAP analysis to achieving #1 status. It provides a clearer path involving messaging, analyst briefings, and feature/function prioritization sometimes.
  • Team Objectives Exercise – Top 5: This is the cornerstone playbook for senior team alignment every quarter. How to use it as a communication package for all the company.
  • Senior Team 360: Performance vs. Potential as perceived by your peers. You’re not allowed to speak, only listen and say, “thank you”.

Our QBR Guest – Professional Services for a SaaS Company

I brought in Keith Carlson, “master” of professional services within SaaS companies. Keith started in Andersen Consulting as part of Arthur Andersen. This was before it was spun out to make Accenture. In 1989, Arthur Andersen and Andersen Consulting became separate units of Andersen Worldwide Société Coopérative. Keith started by establishing Accenture’s CRM practice – it’s largest and most successful. When he retired after 17 years, he decided to help SaaS companies establish their services and alliances offerings.

2Q17 Top 3 Issues

  1. Sales Leadership – improving win rates (how do we raise above the noise)
  2. Marketing Support – create a winning first meeting for sales (first pitch deck / messaging)
  3. Professional Services Offerings – to ensure bookings/revenue ramp

We also identified the bonus area of getting better alignment between Product Management and Engineering when it came to roadmap priorities – we lacked a strong PM process. Agile only magnified the issue. We not only needed to properly prioritize, but we needed a better way to track market requirements from the customer all the way to becoming a validated feature of our services.

The Team

We brought the team to Beacon Rock, one of the most prominent and distinctive geological features in the Columbia River Gorge, and an 848-foot landmark that was once the core of a volcano. It is one of the tallest monoliths (singular piece of rock) in North America.

Summary of quarters:

2Q16: Supercharging Your Leadership Team (Qtr 1 out of 11)

3Q16: Investing in Profitable Revenue (Qtr 2 out of 11)

4Q16: Making a Business “Repeatable” (Qtr 3 out of 11)

1Q17: The “aaS” Delivery Model (Qtr 4 out of 11)

2Q17: Compliance in the Cloud (Qtr 5 out of 11)

3Q17: Analytics in the Cloud (Qtr 6 out of 11)

4Q17: IoT affects All – Even Identity (Qtr 7 out of 11)

1Q18: Organizational Strategy (Qtr 8 out of 11)

2Q18: Extension Teams (Qtr 9 out of 11)

3Q18: When should you scale sales? (Qtr 10 out of 11)

4Q18: When do you achieve breakeven? (Qtr 11 out of 11)

Jim Kaskade

Jim Kaskade is a serial entrepreneur & enterprise software executive of over 36 years. He is the CEO of Conversica, a leader in Augmented Workforce solutions that help clients attract, acquire, and grow end-customers. He most recently successfully exited a PE-backed SaaS company, Janrain, in the digital identity security space. Prior to identity, he led a digital application business of over 7,000 people ($1B). Prior to that he led a big data & analytics business of over 1,000 ($250M). He was the CEO of a Big Data Cloud company ($50M); was an EIR at PARC (the Bell Labs of Silicon Valley) which resulted in a spinout of an AML AI company; led two separate private cloud software startups; founded of one of the most advanced digital video SaaS companies delivering online and wireless solutions to over 10,000 enterprises; and was involved with three semiconductor startups (two of which he founded, one of which he sold). He started his career engineering massively parallel processing datacenter applications. Jim has an Electrical and Computer Science Engineering degree from University of California, Santa Barbara, with an emphasis in semiconductor design and computer science; and an MBA from the University of San Diego with an emphasis in entrepreneurship and finance.