Is the SaaS Architecture Broken for Consumer Privacy?
While the basic concept of “software-as-a-service” has been around for decades, I think that most people would credit Marc Benioff as the driving force behind mainstream adoption. With the introduction of Salesforce in 2000, Marc and his team put the software industry on notice with their now famous "No Software" slogan. It worked. Today, nearly all enterprise software uses the concepts of SaaS computing with cloud-based data and applications being the norm around the world.
I had the pleasure of meeting Marc in 1999 and heard his vision to help sales folks organize their work in a cloud-based CRM. We both came from a database background, so I appreciated his desire to build a powerful, multi-tenanted database as a core architectural component, but I struggled to understand how the actual software could be performant in a shared environment. My previous experience in enterprise software was very different. I thought SaaS would fail.
I was, of course, wrong.
Fast-forward 20-plus years, and now SaaS is ubiquitous. The architecture is used for everything from banking systems and e-commerce to software development, enterprise software, and more. Computing got a lot faster, and with benefits like low total cost-of-ownership, ease of maintenance, and accessibility, SaaS is here to stay … at least until a major triggering event comes along.
Like Consumer Privacy?
One of the things that keeps me up at night is knowing that my own privacy as a consumer is not protected well. Many people think of consumer privacy as a “front end” issue. This encompasses things like opting in to receiving communications and managing consumer consent. Third-party cookies present issues and are perceived as evil loopholes that allow domains to share knowledge about everything we do. And so browsers jump to the consumer's rescue by blocking third-party cookies, cloaking IP addresses, and checking redirects through DNS systems. While the “front end” problem is real, let's not forget where consumer data eventually ends up on the "back end": in those SaaS, multi-tenanted databases.
A foundational element of a SaaS system is this shared database, which contains the data stored and accessed by users of a SaaS application. "Multi-tenanted" simply means that data from different users is co-mingled within the same database structures. Guardrails are in place to ensure protection from data contamination and the wrong users accessing the wrong data. But I’ll bet this co-mingling nature would feel suspicious to consumers if they knew it was happening.
Also important, corporations using SaaS systems have no ability to govern their data according to their own policies and procedures. Consider two banks, for example, that both use the same SaaS application. Client data, account balances, transactions—the data that each bank maintains for their consumers gets co-mingled, and data governance is pretty much dictated by the SaaS vendor, and not either of the banks.
In light of an urgent and justifiable cry for consumer data protection, maybe SaaS is broken. Aren’t SaaS multi-tenanted databases standing in the way of a corporation’s ability to provide protection in a way consistent with their own operating principles? SaaS vendors can’t apply or administer different protection schemes for each corporation using their platform. The SaaS architecture wasn’t designed to accommodate the robust needs for consumer data protection.
A New Hope
I’m not suggesting there is an evil empire behind SaaS or these shared databases; in fact, they remain the workhorse of most enterprise software solutions, ours included. But I think it’s time to extend the core SaaS model to now include the concept of corporate-specific Data Clean Rooms (DCR). This allows sensitive consumer data to optionally be stored outside a SaaS-shared database and instead live within a separate data store that is owned, administered, and maintained by the end client of the SaaS application. In this way, the client can control 100 percent of the policy and procedures governing that data. They can encrypt the data the way they prefer, back it up according to their own schedules, prevent hackers using corporate approaches, and even revoke access to the SaaS vendor at any time. We’ve made this change within our software to support the DCR concept, and it wasn’t simple. In fact, we had to modify 100 percent of our code modules to do so. But it seems more than worth it, when you consider this much stronger ability to provide corporate-specific data governance.
A hybrid SaaS architecture is probably not all that new, but similar approaches are rare across SaaS vendors. I think it’s time for more vendors to adopt privacy-first architectures like this and to find ways to truly protect the data we collect.
Consider this my challenge to the industry: Let's evolve SaaS to address consumer data protection as a first priority and standard offering. Let’s not accept “multi-tenanted” as the only solution for our databases. When we put consumers first, we all sleep better at night.
AJ Brown is CEO, cofounder, and head of technology at LeadsRx. Brown provided the initial inspiration for LeadsRx, having been head of marketing for several businesses over his career, as well as head of software engineering. His experience working with fast-paced Silicon Valley startups for the better part of two and a half decades has helped a number of businesses build early traction and high-impact lead generation programs.