The dark side of SaaS GTM

How dark patterns in the go-to-market strategies of B2B SaaS companies are designed to work against IT and security—and what you can do about it.

This article was originally published on the Forbes Technology Council.

Generally, if someone said to me, “They’re out to get me!,” I’d back away very slowly. That is, unless that someone happened to be a CISO talking about B2B SaaS. In that case, I’d agree with them wholeheartedly.

While the go-to-market models of B2B SaaS companies take many forms, the overarching trend of the last five years has been the widespread consumerization of IT. In other words, they focus on engaging and selling directly to end users—a stark contrast to the centralized, top-down decision-making that dominated the technology acquisition model for years.

With this model, the primary objective for these SaaS providers is to onboard a single user who then invites their colleagues to collaborate and share data, who, in turn, invite more colleagues, until the SaaS tool becomes so ingrained in the daily fabric of the organization that when the SaaS provider delivers an eye-popping, enterprise-sized bill, the organization has little choice but to accept it. At that point, the business disruption that would be caused by ripping out the solution would likely cost more than the invoice itself.

How did we get here? IT and security (not to mention procurement) shoulder some of the blame. SaaS providers recognized that the traditional top-down acquisition model was too bureaucratic, too slow and too tedious—ultimately, it created too much friction for these companies to scale quickly. Instead, engaging end users directly has proven to be the path of least resistance.

The downside? This model has inspired many B2B SaaS companies to employ so-called “dark patterns” as they look for ways to side-step traditional procurement friction.

1. Boiling The Frog

The strategy here is to slowly increase usage across the enterprise with a free version of the product in an effort to embed a product within business-critical workflows. Having a broad footprint within an enterprise and being on the critical path for business processes provides a major advantage to a product’s sales team when it comes to an enterprise contract.

This approach is the underpinning of many additional patterns (detailed below) that allow the sales team to not only sell against the value of the product but also the potential business disruption if the product were no longer available. By using software with this model, you may build a lot before you have to pay for the service once you hit that critical threshold. At that point, the cost of moving to a new product is often far higher than the initial bill.

2. Data Ransom

While a little more inflammatory in name than intent, this model is employed by a number of large companies. In this pattern, the free product gains traction with users within an enterprise, but instead of engaging with those users to sell additional products, the centralized IT or security team is engaged.

The sales pitch ends up being something along the lines of, “You have X users of our product in your company. I cannot tell you who they are, but if you were to upgrade to our enterprise license, we can roll those accounts up in your new enterprise dashboard.”

Yes, the value proposition of enterprise control is hugely beneficial, but the nature of this engagement plays on the fear of unmanaged data risk—the only responsible path forward is to exchange money in order to mitigate that risk.

3. Security Tax

My personal pet peeve is the security tax. This pattern relies upon using what should be core features to drive up the price of the enterprise contract. These features can include security logging, centralized backup, SSO (countless products) and account consolidation.

Again, the product is often so widely adopted within an enterprise that the easiest path is to pay the bill and adopt it securely rather than migrate away from the product. But there’s a notably sour taste left behind: The features that would have been qualifying capabilities in a traditional sales cycle are now being sold retroactively to get a widely used product into compliance with the policy.

The Upside Of Selling To End Users

Looking at these patterns, you might conclude that B2B SaaS leaders are evil geniuses hellbent on usurping carefully constructed technology governance and budgets. But there are many irrefutable benefits of a go-to-market model focused on end users.

Empowering employees with autonomy in their technology choices often leads to better business outcomes. Open technology choices also promote a positive digital employee experience and can support an organization’s employee satisfaction and talent retention goals.

Despite all the good, bad and ugly of these modern go-to-market strategies, the fact remains that this new reality is not going to change. Trying to work against these forces in an attempt to preserve outdated governance, security and procurement processes will invariably lead to friction, frustration and wasted effort.

What Can We Do?

It’s time to evolve technology governance models in ways that embrace the era of employee-led SaaS adoption, while also retaining oversight and putting guardrails in place for employees and SaaS providers alike. The key to managing these patterns is being able to identify them early and intervene wisely.

This means knowing what technology is being introduced, and by whom, at the moment it’s being evaluated or adopted. As new products are introduced, ensuring that employees are aware of existing solutions that might meet their needs, or making them aware of your organization’s requirements that would govern its use, can head off viral adoption.

Beyond understanding initial adoption, a complete inventory of applications and accounts in use helps to head off the “data ransom” and “boiling frog” patterns. With full visibility of active accounts, there’s no need to pay for any usage data. With an understanding of the adoption velocity for new apps, you can make earlier, proactive decisions about either embracing or impeding that adoption across your organization. In short, more visibility and earlier, more meaningful engagement are the underpinnings of a modern and effective SaaS governance strategy.

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors