If you sell SaaS, security is the big concern you have to deal with. Get past that one and you’ll draw serious attention from potential customers. Stumble on the issue and you’re in deep doo-doo. That is ever truer when money is involved. Who wants a leak in their accounting data? When a big vendor slips up with security, David is given a clear shot at Goliath. And when a market is in the “tornado” growth phase, vendors do what it takes to highlight their competitors’ weaknesses. This is the story behind the emerging battle between two UK accounting vendors, Kashflow and Sage.
What Sage Did Wrong
Sage is a big company. As it reports on its own site:
“Formed in 1981, the Group was floated on the stock exchange in 1989 and now employs 14,800 people”.
It is a public company, then, and accounting software is its business. It cannot afford a problem with security.
Kashflow is a small competing startup. So, when Duane Jackson, CEO of Kashflow, reports on his blog that Sage Live is having security problems, it becomes news.
Specifically, Duane highlights two key issues with Sage Live:
- Log-in defaults to “Remember me”: This is okay for a site with pictures of your cat, not one for accounts with sensitive information.
- Passwords shown in clear text: This just seems like a crazy oversight by Sage. Who does this these days?
These are both simple problems to fix. But reputation and trust are critical, particularly when money and security are involved. This will dent Sage’s reputation as the big, safe, “you-won’t-get-burned-for-choosing-us” vendor.
Welcome to the Tornado
This kind of aggressive marketing (i.e. publicly highlighting your competitor’s weaknesses) is a hallmark of a market in the “tornado” phase of growth. The phase produces some good old-fashioned, knock-’em-down, drag-’em-out fights. These are entertaining for spectators and potentially fatal for at least one of the contestants.
It’s particularly exciting when a market is in a big transition; in this case, from on-premise software to SaaS. It levels the playing field for startups but is a tough environment for incumbents, and that is why some traditional IT vendors are afraid of SaaS, as we reported here.
Live by the Sword…
Kashflow is the David in this David-and-Goliath story. But Duane Jackson will need some steady nerves and better have his own security act together. His blog post is an invitation to hackers to test Kashflow’s security. Very few sites can withstand a determined hacker attack.
Stay tuned as these aggressive Brits battle it out. Come on, chaps, how about a nice cup of tea and you make up?
Update: Great minds think alike, CloudAve wrote about the same story.
« Prior Post Next Post » Posted in
Related Entries
0 TrackBacks
TrackBack URL for this entry: http://www.readwriteweb.com/cgi-bin/mt/mt-tb.cgi/10225
Comments
Subscribe to comments for this post OR Subscribe to comments for all Read/WriteWeb posts
-
i don’t know
Posted by: movies | February 11, 2009 8:32 PM
-
Cheers Bernard, imitation as they say is the sincerest form of flattery. Nice use of my biblical referencing title
http://www.cloudave.com/link/david-and-goliath-2-0
Ben
Posted by: Ben Kepes | February 11, 2009 9:08 PM
-
I’ve been following this story for a while now while I consider moving my accounts into the cloud and it does sound to me a little odd that a big company who obviously want to branch out into a new market (well new to them) would launch something so unsecure. I know it was in beta so can still have problems but still something like this is damaging. As a micro business I’m still unsure as to which way to go and happy to stay on desktop until I decide, some others around look good and have actually just started looking at clearbooks too. But one thing that has potentially put me off kashflow is thier blatent dislike towards sage, I actually find duane’s outlook. tweets and business logic interesting but it does seem more like an obsession of his to bring down sage (just look at his twitter page and his dubious use of their logo ;-)) Whereas Sage, or at least on the surface, do not seem to be rising to the bait other than a half hearted attempt at a trading standards claim. Perhaps they are too scared of going fist to fist with someone with good backing, perhaps they have met their match, or perhaps they are just being that bit more professional. I tend to think the latter but only time will tell. And in the meantime, I’ll keep my head in the cloud and my accounts safe on my hard drive.
Posted by: Bill | February 12, 2009 3:22 AM
-
Hi Bill,
It’d be rather naive of me to think I could “bring down” a ВЈ2bn+ public company with my small startup. However, I’m more than happy to take any media coverage we can get as a result of a) standing up for ourselves when they throw their weight around, b) pointing out serious flaws in a ‘competing’ product that can potentially damage our emerging industry and c) making use of the internet and social media tools that tend to level the playing field somewhat.
They’re the biggest software company in the UK, and the biggest vendor of accounting software. So to me, it’s only logical that they’d be firmly on my radar.
Although I have good backing from Lord Young - even his deep pockets are no match for a PLC the size of Sage. It’s not that they’re scared or more professional. Responding to me would give me credibility. It’s the last thing they want to do. They were caught in a Catch 22 over Sage Live as they had to either take it offline (which would concede I was right about security) or leave it online (and show the industry they don’t care about security). They did the right thing and took it offline.
I know little about how the corporate world works, nor do I want to. But Sage are treating me and my comments exactly how I would if I were them – pretend I don’t exist. Directly responding in anyway whatsoever would just give me more weight.
I’m sure they’ll get a decent SaaS product to market at some point, and I genuinely look forward to it. It’ll do wonders for SaaS as a whole – but only if they get it right.
Posted by: Duane Jackson | February 12, 2009 4:18 AM
-
Hi Duane,
Thanks, good answer. And too be fair, I should have stated earlier that your kashflow program is pretty good in realtion to others available.
Also since the sage offering has been removed, you seemed to have resisted bragging about it too much and moved onwards and upwards and it’s others who are still talking about it. So credit where it’s due.
That still doesn’t explain your twitter slogan though ‘happily kicking the stuffing…’ I’m surprised nothing offical has been said about your use of the logo?Bill
Posted by: Bill | February 12, 2009 5:10 AM
-
Hi Bill,
Thanks for the mention! It’s great to see people beginning to stumble across Clear Books. We have only been around a short time but are intent on making an impact and punching above our weight.
We’re really keen on making a system for users so if you have any ideas, comments or problems please get in touch:
http://twitter.com/clearbooks
http://getsatisfaction.com/clearbooks/Oh and try the Import Tool. It’s the easiest way to manage your accounts. Import your online bank statement, start explaining the transactions and you are away!
Regards
Tim Fouracre
Clear Books
Posted by: Clear Books | February 12, 2009 8:03 AM
-
While we’re referencing ‘people who recently wrote about this story’, how about this post from yesterday morning? (which referenced Ben Kepes’ post and also picked up the rather obvious David & Goliath analogy):
Sage shows why bigcos can’t be trusted with SaaS
http://blogs.zdnet.com/SAAS/?p=655Posted by: Phil Wainewright | February 12, 2009 10:16 AM
Source: feedproxy.google.com