What have babysitters to do with SaaS?

Yesterday I was talking to a couple of enterprise customers, one of them happen to be from Jamaica. He was telling me that one of the big barrier of SaaS adoption there is trust or more precisely lack thereof. Many enterprises are not ready to trust a 3rd party to hold their data. This is very similar to issues I heard in China a while back.

All this is of course not new and has been discussed in this blog and elsewhere many times. What ended up being interesting is the analogy we discussed. We realized that it is very similar to the babysitter problem.

How do I select a trustworthy babysitter? How do I know that my kids will be safe and properly taken care of, instead of being quickly neglected as soon as I close the door? Is he/she available when I need babysitting?  How many referrals do I need before trying a new babysitter? And above all, can I really enjoy my night out or am I continuously ringing my babysitter making sure things are OK? (to be honest, this last one is often more due to the parent anxiety than the babysitter capacity to baby sit 🙂 but you get the point)

Since the problem is quite similar, the solutions are quite similar as well. And how are the vast majority of babysitters selected? Referral.

This is the typical “2 hops” chain of trust. I trust who my trusted friend trust. Of course, depending on what the matter is, chain of trusts can have many more “hops” (e.g. applying for a job, finding a buddy for squash), but the more critical the matter the shorter the “hops”.

When direct referral is not available, two additional things can help: ratings and certification.

It’s been shown that ratings are a good source of “trustworthiness” or clearly influence behavior. Two types of ratings: community ratings (epinions.com, amazon, ebay ratings are examples of that) and “trusted entity” rating (BBB.com, consumer bureau, watchdogs etc.). It would be interesting to know which one has more impact, I suppose it depends on the matter. If it is movie ratings, I’d rather follow community ratings than the advice of a guy whose life is dedicated to deciding how many thumbs up a movie is worth. For a babysitter, I think I would rather go with a “trusted entity”.

Certification is also a way of augmenting trust. I am not sure what certification would apply for a babysitter (an FBI background check?! mmm… I guess that would be too much), but for you SaaS business getting some sort of certification e.g. SAS70 (see note below) of your data management processes, security policies etc. can certainly help. Another form of certification is having a trusted brand vouch for you. This is where aggregators and marketplaces come to play. Many would rather buy a watch from a shop in a mall than from a guy in a corner of a street. In this scenario, even if the watch might be the same, where you buy it becomes relevant.

The good news with babysitters (and therefore SaaS providers) is that when you find a good one, you are not going to change anytime soon! I don’t have any official data backing this up, but ask anybody around you, the level of “stickiness” to a good babysitter is very very high.

Finding the best strategy for establishing trust is a complex topic and might be worth a full post, but to get you started, if you are in the SaaS business and are trying to increase your level of trust, I would suggest thinking about how you selected your preferred babysitter and if you don’t have a babysitter, how about watching Mary Poppins again? I told you that watching TV helps being a better architect 🙂


(1) Note that for the SAS70 in particular, the certification is not about best practices, but about certifying that you do what you say you do. You can have very bad processes and be SAS70 certified of these processes

Comments (4)

  1. Sinclair Schuller says:

    Hi Gianpaolo,

    I found this analogy to very interested (and very good)! One thing I find interesting is an assumption that is made in the analogy: that the parents are good to being with. This poses two problems: (1) If the parents are not good, they may not select a good babysitter to being with, even if they have single hop referrals and (2) Any babysitter more capable at child-raising than the parents may suffice. Ratings and things such as SAS70 would help prevent scenario 1 if the parents are taught to look at the standards. Scenario 2 highlights that certain organization’s parenting capabilities may be so bad that any SaaS provider offering better services that they can offer to their users internally may be a good choice. Just a little food for thought;-)

  2. gianpaolo says:

    I like that 🙂

    For (1) I suppose we need "parenting" classes… how to select and trust a babysitter; for (2) this links to the "not invented here syndrome" that some CIOs might have. Funny enough, this last point is one the points I was planning to blog about in the coming days.

    Thanks for your input.

  3. ciruli says:

    How about hiring as babysitters people who you know you trust already?

    I know companies that often express a fear of having their data outside of their 4 walls–but how many companies outsource things like payroll?  Those payroll companies get lots and lots of information about companies (and have done so for years).  Why are they trusted?

    Finance companies also get trusted with the most intimate information–my bank, for example, knows my SSN, my mother’s maiden name, and has information about every financial transaction I ever do whether it’s an online transaction or not.  I implicitly trust them and I use them for both offline transactions (e.g., writing a check) and online transactions (automatic bill pay, etc.)

    In many industries, some companies have spent decades earning trust.  I think those companies will have the greatest ability to convert that trust into something that can be conferred to a SaaS presence.  In other words, I already trusted my bank before they started offering online (call it SaaS) capabilities.

    I would be much less likely to turn to a brand new institution, one that I have no experience with, and trust them with my money or my data.

    I agree with your point that "Another form of certification is having a trusted brand vouch for you."  In some cases, companies may choose to brand someone else’s technology; the important thing is that a trusted entity is putting their name and reputation on the line.

  4. A few days ago I blogged about the analogy between SaaS providers and babysitters. Sinclair left a comment