Why the Pendulum is Swinging Away From SaaS

Posted 6/26/2020 by @bottagaro

SaaS makes sense to manage server costs, launch large workloads and allow you to scale up or down. But handing off your critical data to a third-party SaaS is increasingly risky and complicated, when self-hosted solutions are getting cheaper and easier to run.

The risk of privacy fatigue

IronCore's CEO, Patrick Walsh recently wrote a compelling argument about not overlooking SaaS data privacy. He advocates not treating this as acceptable technical debt:

Your data now requires extra protection, tracking, minimization, data retention, transparency around sharing and selling, and much more. Privacy laws tend to use broad but largely undefined terms and phrases like, "data protection by design and by default" without specifying what does or doesn't qualify as sufficient protection or sufficient design.

Hit replay for a second when all things were SaaS. It makes a lot of sense to reduce server costs, manage large workloads and allow you to scale up or down. Yes, please. But now, we've added a new facet to consider: Where is your critical data living? This question is one that we need to ask ourselves. And, perhaps more importantly, it's one that our customers and partner ask of us. How are you protecting personally identifiable information (PII)? We all have to contemplate the tradeoffs with privacy and security. And, as Walsh says, "there's a significant privacy burden and fatigue" from the issue.

Don't pay with your data

Evan Grabiner, founder and CEO of Aspecto (admittedly the AWS eco-system) puts a finer point on the issue in his article:

Natively, SaaS solutions require organizations to move data out of their hands, to the solution provider, with the result that organizations needed to trust a third-party service provider with their sensitive data, at the same time GDPR is telling them not to.

Although Evan advocates for a virtual private cloud (VPC), I think there's another way. And we've built our technology to balance the need for data privacy with the need for, well, data.

Look at it this way, who do you want to have and use your data? These large SaaS platforms consume large amounts of your own data, on top of what you're already paying for usage. While you may think you're paying for data, I argue you're paying with your data. Logical considerations about privacy and compliance aside, the fact is, the one set of data you want to own and manage is your customer data.

Own your data

First-party data stewardship is a founding principle at Resurface. Yes, we want to better understand how customers are using APIs, but we've also designed for information protection. Deep monitoring without a privacy-infringing footprint. Out customers own every bit of the entire API interaction – down to the granular individual detail. We're all about data independence, first-party data ownership, and customer-centric data management.

So, yes, SaaS isn't going anywhere. But it's worth looking at the kinds of data you're shipping to a third-party to ensure you can stay on top of ever-changing privacy regulations, and know the most about the customers you want to keep.


Licenses | Privacy | Terms

Based in Boulder, CO, USA
© 2020 Resurface Labs Inc.