As someone who is about to launch my SAAS, what are some of the things you look for, as someone with purchase authority?
What are the positives or negatives you see when dealing with vendors (i.e. what makes you lean towards or against dealing with a vendor)? I'm trying to figure out how I can make the process as easy as possible for exactly people in your position.
I'm not the person you've asked, but I'm somebody who has been purchasing SaaS/software for businesses large and small for years. My take:
1. If SSO and other basic modern security features are locked into "Enterprise" pricing tiers then the service is at the bottom of the list (see: https://sso.tax). I'd love to say instant disqualification but too many SaaS companies have it in their head that only wealthy enterprises use SSO, despite SSO platforms being widely available and some quite cheap to acquire and start using.
2. If I need to request a quote to start any kind of service to see what the product is about then I'm not likely to pursue it. Don't make me jump through hoops when I'm just trying to see if a product can fit my needs.
3. If license terms are too complex or easy to violate that's a hard pass. Infrastructure monitoring tools are a great example. The licensing is often per "device" or per monitored metric, and some vendors are very loose with their definition of "device". (Don't use LogicMonitor with k8s unless you like throwing money in the garbage can). Hard lessons learned.
4. If the only details I can find regarding how you secure your product are claims of SOC2 and ISO27001 certification then that's a very likely pass. Those controls are great to have, necessary even, but anyone who has had to work to meet those compliance objectives knows that they're much more about organization controls than they are product security. Give me an idea about how you protect data and whatnot on a security page somewhere, not an attestation that dev and prod are separate and you have logs.
On the side of the positives, outside of not hitting the negative marks, I value ease to work with, responsive and competent support, strong pre and post-sales solutions architecture and support/training (if the product is complex enough to warrant that), and supports SSO. I bring up SSO again because it's a hard requirement for SaaS purchases everywhere I go -- no SSO, no go. Social login is not a substitute and is highly undesired.
SAML is fine, no need for OIDC. Someone else mentioned SCIM, which is a highly desired addition, but not a hard requirement for me so long as a public API exists that I can use to automate the user lifecycle.
What are the positives or negatives you see when dealing with vendors (i.e. what makes you lean towards or against dealing with a vendor)? I'm trying to figure out how I can make the process as easy as possible for exactly people in your position.