Ulrich Seldeslachts

Ulrich Seldeslachts

Join the Nebucom SaaSification Security Bootcamp June 23rd on Compliance. Regulations, certifications, standards from different perspectives are not only a constant challenge for enterprise organizations, but increasingly so for SaaS providers. SaaS customers are rightfully extending their liabilities to their cloud providers. Or not? Join the debate, learn about the major challenges and deep dive into managing the challenges and issues with the Nebucom team. 

On December 1st, the as part of the activities organized its first SaaSification Security bootcamp. 

Intended to starters of Software as a Service companies, starting or enhancing their applications, by providing them guidance on the technical and business challenges related to security and privacy in their SaaS platforms. 

The first bootcamp dived into the challenges related to the cloud, general infrastructure security challenges, touched upon data protection issues, distribution of keys and securing data and applications and protection code based upon OWASP challenges and other. 


Participants joined us mainly from developers and operators of private clouds, being capable of still watching over (and facing the challenges) in maintaining their own infrastructure. 

During this interactive session, challenges were raised and ideas were generated on how to ensure the basic security levels throughout the chain, but also on ways to harden the developments when considering the use and integration of public clouds. 

Discussions were held on resilience, accessiblility of systems, integration with other security services from the cloud such as identities and ensuring pervasiveness of the applications throughout the firewalls of the end customers (in case of B2B situations where SaaS could be regarded and discarded as ShadowIT). 


Join us in our next Bootcamp session on January 13th, with a Deep Dive into Identity systems and software security from a licensing perspective. 



(Source : Dit e-mailadres wordt beveiligd tegen spambots. JavaScript dient ingeschakeld te zijn om het te bekijken.;


The best way to establish value for something is to charge for it…in some instances.

...  majority of the SaaS companies I interacted with all had one common need: the request for single sign-on (SSO). But when it came to monetizing this offering, most of them were reluctant to do so as they either didn’t see the true value of this new offering or couldn’t exactly figure out a model that was viable for their business. With some experimentation and modeling we were able to come up with several ways to monetize their SSO feature set, and over the years this offering grew as a strong source of the company’s recurring revenue.

Here are three successful models that have worked in the real world:

1. Pass-through: Under this model you directly pass the cost (zero markup) of the SSO software and development resources to the customer. This is a viable option when you only have a handful of customers or are looking to break even in the short term.

2. One time setup/maintenance fee: Once a SaaS company had operationalized their SSO offering they were able to charge a one-time setup fee, on average between $2.5K - $7K. In addition to SSO, if the vendor also offered additional security services (provisioning, deprovisioning, MFA) they were able to charge an additional ongoing maintenance fee, on average between $5K - $10K. Once you have hundreds of customers using SSO, these fees can become a good source of your annual recurring revenue (ARR).

3. Bundle offering: Sometimes it makes the most sense to bundle SSO with other enhanced features. For example, offers its Salesforce Identity Service only with its Enterprise or Unlimited bundle offering. Orange Business Services offers a more enhanced security offering that is bundled with other enterprise grade security services. This model is suitable for companies who have a mature security offering and have a sound understanding of their customer’s buying habits.

The above methods are simple proven models that have worked for hundreds of SaaS companies and should work for many hundreds to come.
Tagged: SaaS, Security, SSO, Business Development, Partners, Business Model, Cloud Security, Channels, Channel Optimization

Find more about this on the original website.


On June 26th, the European Commission launched the C-SIG, guidelines for standardisation to help business users save money and get the most out of cloud computing services. 

Cloud Service Level Agreements (Cloud SLAs) form an important component of the contractual relationship between a cloud service customer and a cloud service provider of a cloud service. Given the global nature of the cloud, SLAs usually span many jurisdictions, with often varying applicable legal requirements, in particular with respect to the protection of the personal data hosted in the cloud service. Furthermore different cloud services and deployment models will require different approaches to SLAs, adding to the complexity of SLAs. Finally, SLA terminology today often differs from one cloud service provider to another, making it difficult for cloud service customers to compare cloud services. For the avoidance of doubt, this document does not address consumers as 
being cloud service customers.
Standardising aspects of SLAs improves the clarity and increases the understanding of SLAs for cloud services in the market, in particular by highlighting and providing information on the concepts usually covered by SLAs. 
In that context, under the second key action, the Cloud Computing Strategy calls for the development of standardisation guidelines for cloud computing service level agreements for contracts between cloud service providers and cloud service customers (not being consumers). In February 2013 the European Commission, DG CONNECT set up the Cloud Select Industry Group – Subgroup on Service Level Agreement (C-SIG-SLA) to work on this aspects. The C-SIG SLA subgroup, an industry group facilitated by the European Commission DG Connect, has prepared this document to provide a set of SLA standardisation guidelines for cloud service providers and professional cloud service customers, while ensuring the specific needs of the European cloud market and industry are 
taken into account.

More information and the C-SIG can be downloaded on the DG-CONNECT website

@Saasifisecured on twitter