If you sell SaaS, security is the big concern you have to deal with. Get past that one and you'll draw serious attention from potential customers. Stumble on the issue and you're in deep doo-doo. That is ever truer when money is involved. Who wants a leak in their accounting data? When a big vendor slips up with security, David is given a clear shot at Goliath. And when a market is in the "tornado" growth phase, vendors do what it takes to highlight their competitors' weaknesses. This is the story behind the emerging battle between two UK accounting vendors, Kashflow and Sage.

What Sage Did Wrong

Sage is a big company. As it reports on its own site:

"Formed in 1981, the Group was floated on the stock exchange in 1989 and now employs 14,800 people".

It is a public company, then, and accounting software is its business. It cannot afford a problem with security.

Kashflow is a small competing startup. So, when Duane Jackson, CEO of Kashflow, reports on his blog that Sage Live is having security problems, it becomes news.

Specifically, Duane highlights two key issues with Sage Live:

  1. Log-in defaults to "Remember me": This is okay for a site with pictures of your cat, not one for accounts with sensitive information.
  2. Passwords shown in clear text: This just seems like a crazy oversight by Sage. Who does this these days?

These are both simple problems to fix. But reputation and trust are critical, particularly when money and security are involved. This will dent Sage's reputation as the big, safe, "you-won't-get-burned-for-choosing-us" vendor.

Welcome to the Tornado

This kind of aggressive marketing (i.e. publicly highlighting your competitor's weaknesses) is a hallmark of a market in the "tornado" phase of growth. The phase produces some good old-fashioned, knock-'em-down, drag-'em-out fights. These are entertaining for spectators and potentially fatal for at least one of the contestants.

It's particularly exciting when a market is in a big transition; in this case, from on-premise software to SaaS. It levels the playing field for startups but is a tough environment for incumbents, and that is why some traditional IT vendors are afraid of SaaS, as we reported here.

Live by the Sword...

Kashflow is the David in this David-and-Goliath story. But Duane Jackson will need some steady nerves and better have his own security act together. His blog post is an invitation to hackers to test Kashflow's security. Very few sites can withstand a determined hacker attack.

Stay tuned as these aggressive Brits battle it out. Come on, chaps, how about a nice cup of tea and you make up?

Update: Great minds think alike, CloudAve wrote about the same story.