The High Price of Security & Performance for SaaS Providers

Image courtesy of thanunkorn / FreeDigitalPhotos.netInvesting in security and performance is driving up the cost of goods sold (COGS) for SaaS (Software as a Service) companies. This is concerning since the main objective of the subscription business model is to make products and services affordable at a lower cost per subscriber. On the contrary, the additional costs for security and performance are decreasing profitability and making it more difficult for businesses to remain competitive.

Increase in COGS

Indeed, of all the factors driving increasing costs within SaaS companies, security and performance investments are at the top of the list. For most companies, increased revenues are not leading to a downward trend for their cost ratios.

One example is, which went public in 2004. In the past ten years, the company’s SaaS COGS have trended upward, and it is far from being alone.

Promises Made: SaaS

When the Cloud was a novel technology, SaaS vendors worked diligently to persuade their customers that their data would be safe and secure within Cloud-hosted systems. They focused primarily on enterprise customers and enticed them to entrust their data via promises and demonstrations of the features and security they offered.

As Cloud computing became more mainstream, individuals and companies discovered that they could afford to take advantage of SaaS and subscription services for their daily operations. The benefits were obvious for everyone. On one hand, businesses had direct access to the programs they needed and could trust their data was secure. On the other, SaaS and subscription service providers could spread the cost of the security infrastructure across all their customers and reduce the financial burden involved.

Investing in Security

Threats change. Security risks evolve. To stay competitive, SaaS providers have needed to put forth continual investments so that performance and security do not lag behind competitors.

It is a balancing act that requires keeping the following in harmony:

  • Physical security of the servers
  • Network security
  • Application security
  • Internal systems security
  • Operating systems security
  • Updating third-party certifications
  • Database & data center expansions & improvements

Return to COGS

The balancing act is nowhere better illustrated than with

Since its IPO, Salesforce has achieved roughly $4 billion in recognized revenue as of the end of January 2014. It has built its brand in the small and mid-market and has expanded into the larger enterprise market. Further, the company has successfully grown its single application into an enterprise platform. As its users and customer base has expanded globally, the company has offered more applications and even greater functionality. 

Sound like a success story? Maybe so, but consider this: The Salesforce COGS numbers show periods of increasing expenditures, followed by reductions—all of which has led to greater peaks in the percentage of revenue invested in COGS. In 2014, the company’s COGS as a percent of revenue was nearly 24%. This is an increase of 33% over numbers posted a decade earlier. In 2004, Salesforce posted 18% on revenue of $96 million.   

Salesforce is not alone in this regard. Cornerstone, Marketo, ServiceNow, and Workday have had similar experiences. Their COGS range from 29% to 43%; the average COGS of the top 30 SaaS companies under $300 million is 33.2% of revenue.

Can these numbers be reduced in the future? Based on the current data and existing trends, it doesn’t appear possible. Instead, it looks as if a higher COGS ratio is something that businesses should prepare for even as their customer base and services offered continue to grow.

Subscribe to get the latest IT trends, news and advice, right in your inbox

Ready to take your IT infrastructure to the next level? Talk to StrataCore today.

Skip to content