Finance & Operations

Security and Privacy Compliance: Your Guide on Moving From Cost Center to Revenue Enabler

June 3, 2022

For SaaS companies, a strong security and compliance program isn’t just a nice-to-have—it’s essential to driving revenue. To win deals, vendors need to comply with a variety of security frameworks. And not only that, they have to prove compliance through annual certifications and security questionnaire assessments.

There’s that old adage: trust the process. But according to Sravish Sridhar, trusting isn’t enough.

“Compliance is just not truthful today,” Sravish, CEO and founder of Kintent said. “We are sitting on a massive house of cards. And this is proven by all these data breaches we see every week. You can’t trust any company today because nobody verifies that they are actually doing what they claim in audits and assessments.”

There’s a shift underway in the security and privacy industry, according to Sravish. Innovative companies are moving away from legacy approaches to managing trust to create more automated and transparent processes. And Kintent seeks to be at the forefront of this change.

Kintent strives to upend how businesses plan, execute, and share their security and compliance programs. Fresh off an $18 million Series A fundraising round led by OpenView, the Kintent team recently sat down to talk about trust management and its role in unblocking sales and accelerating revenue.

What is trust management?

Trust management represents an evolution of the traditional industry of governance, risk, and compliance (GRC). GRC encompasses a set of practices organizations use to manage overall governance, enterprise risk, and compliance with regulations.

Traditional GRC implementation can be manual, expensive, time-intensive, and highly bureaucratic, Sravish said—resulting in practices that are anything but transparent. By comparison, trust management is a proactive, real-time approach to cultivating and measuring trust between companies and customers.

“Trust management is transforming the GRC industry into enabling you to satisfy your trust obligations with your customers and other stakeholders in an automated, intelligent, transparent, and truthful fashion that is extremely affordable and democratized.”

The risks of “check-the-box” compliance

Trust matters more than ever now. Especially since SaaS companies aren’t taking their trust obligations seriously enough, according to Sravish.

“Currently, the whole process is a comical charade,” Sravish said. “Most companies do the bare minimum to just check-this-box and achieve compliance certifications. Every sales team tries to skate through the security questionnaire process by providing answers that reflect what they think the enterprise customer wants to see (vs. the truth).”

The risks of cybersecurity data breaches are well-documented. A 2021 study by the Ponemon Institute found that the average cost of a breach caused by vulnerabilities in third-party software was $4.3M.

“We’re living in a very complicated supply chain of dependencies,” Sravish said. “It’s not that you and I are doing business with each other. If you and I are doing business with each other, then I’m basically doing business with all your vendors too, because my data is sitting with your vendors.”

As companies shift to embrace remote work styles, they are also bringing in more SaaS tools to run their day-to-day business. Leaders of security and compliance programs are inundated with the mounting challenges of risk assessment when it comes to all these new programs. And it’s coming at a cost–both in terms of time and money.

“There are going to be more breaches and there’s going to be a hell of a lot more scrutiny. Companies are going to have to achieve a higher bar of security and compliance, and be able to prove that to customers as well.”

The rise of revenue-generating compliance

Setting up a truthful and transparent security and privacy compliance program isn’t just the right thing to do. It also directly correlates to revenue. And Sravish is determined to transform compliance from a cost center into a revenue-generating function.

An IDC forecast shows global revenue from GRC solutions growing from $11.3 billion in 2020 to a whopping nearly $16.2 billion 2025.

Typically, businesses hire and spend upward of $50,000 to $200,000 on consultants to manage security and compliance. It’s not uncommon, he said, for companies to dedicate five to 10 people working on security and compliance every week for hours and months on end.

“So if you, if you add up the productivity loss, as well as the real cash, that’s anywhere from quarter of a million dollars to half a million dollars of spend through a business,” said Sravish. “And I’m talking about small and medium businesses, I’m not even talking about enterprises. For enterprises, you can add a zero to that quite easily.”

Kintent helps by unblocking sales processes, so customers move through the pipeline faster. A security questionnaire that would take three weeks to complete would take about one week with Kintent’s artificial intelligence.

“What we’re talking about is ‘I have a pipeline of 20 customers I want to close this quarter,’” says Sravish. “At some point in the sales process, they’re going to send me a security questionnaire. So can I complete that step in a week instead of three weeks?”

Building a system of record for trust

“We all claim that we’re trustworthy,” Sravish said. “We all want to work for companies that we can trust. We all want to do business with companies we can trust, but we’ve never had a way to measure that.”

Regardless of where you’re at in your business’ journey with security and compliance, you can build better trust management practices. Sridhar advises all companies not to commit what he calls these “four cardinal sins:”

  1. Don’t ignore or slap together a security and compliance program. “Either people ignore it or they go to the internet and do a bunch of searches and they copy a bunch of things and they think that’s enough. That’s not going to pass muster anymore.”
  2. Don’t use compliance automation tools. “Don’t go with standard compliance automation tools because they all give you the exact same program. Your security program will look like hundreds of other companies.”
  3. Don’t spend six figures on compliance. “Trust management is no longer a six to seven figure purchase. We talked to companies that are budgeting over $100,000 for this, and you shouldn’t be budgeting that amount of money anymore. You should be budgeting $20,000 to $30,000 for this.”
  4. Don’t make things up. “At some point a customer is going to come in and evaluate and audit you against your contractual commitments. And that’s just a liability on the company.”

Asked what he sees as the future of compliance and security management headed?

“I think it’s going to move from manual to programmatic,” Sravish said. “I think it’s going to move from cagey to transparent. I think it’s going to move from once a year to as close to real time as possible. And I think it’s going to move from expensive to extremely affordable.”

*Note: Kintent is an OpenView portfolio company. For more information on OpenView’s investments, visit our Portfolio page.

Managing Editor

Rohma is the Managing Editor at OpenView. She works closely with OV's contributing writers, freelancers, and internal experts to help them find just the right words to tell their story and provide the best possible reader experience to OV's audiences.