Riah Lawry
Originally published at blog.ironcorelabs.com.

Insights From Slack and Salesforce: Grow Your SaaS With Premium Data Privacy

The relationship between data privacy and net negative churn

Data privacy and net negative churn — two topics that rarely show up in the same place. However, companies like Salesforce and Slack have already taken advantage of premium data privacy to upsell and grow. Their success is something we can learn from.

Slack isn’t shy about it. On their earnings call this month, Slack CEO Stewart Butterfield said, “One of our largest defense contractors in the United States signed a multiyear, multimillion-dollar agreement to expand their Slack usage to more than 50,000 knowledge workers. They chose Slack over Microsoft Teams, in part because of our ability to scale and our system security, and they’ll be relying on our Enterprise key management feature to remain compliant.”

More and more B2B SaaS companies are starting to move the needle on growth metrics like net negative churn while also addressing concerns about data privacy.

Net Negative Churn Growth Strategy

What makes net negative churn a reality for SaaS businesses? You need two ingredients: healthy retention, aka a low gross churn rate, and more revenue per customer.

“Net negative churn is achieved when the total additional revenue generated from existing customers is greater than the revenue lost from cancellations and downgrades,” according to ProfitWell.

When contracts are up for renewal, you have the chance to upsell. Having something you can offer your customers that addresses growing concerns about data privacy will help you save customers that might churn for a competitor. And it’s an add-on you can use to grow recurring revenue (ARR/MRR).

Demand for Data Privacy Is Taking Off

Having a premium data privacy offering is particularly compelling to your customers due to two recent shifts. The first is a positive appreciation for businesses that value data privacy, and the second is the pressure from ever-increasing regulation and risk from data breaches.

In January, Gartner predicted the future of data privacy would look like this: “Privacy is becoming a reason for consumers to purchase a product, in the same way that “organic,” “free trade” and “cruelty-free” labels have driven products sales in the past decade.”

Privacy is in high demand across industries, and it was kickstarted by the exponential growth of privacy laws across the globe. This is just the beginning.

“By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today,” according to the same Gartner report.

Data Breaches Are an Expensive Concern for Your Customers

A CIO Dive article recently reported that data breaches are a CFO’s greatest concern, while “GDPR fines have reached roughly $126 million since 2018.” On top of that, we now have CCPA and many other regulations under consideration.

But even the regulations we already have are proving to be challenging. Many companies failed to meet GDPR compliance, but for those who did comply, “67% fear they won’t be able to sustain compliance,” according to the same CIO Dive article.

It’s no surprise, then, that enterprises are prioritizing data privacy, especially as harsher penalties for data breaches expand.

Address Customer Concerns With Premium Data Control

That’s why companies like Slack and Salesforce have decided to use the shifting market demand to offer customers data control. And it’s working.

Premium data privacy add-ons like Bring Your Own Keys (BYOK), also known as Customer Managed Keys (CMK), is a cloud architecture popular among enterprises, which your engineering team can build on top of your product to give customers the ability to manage their own keys and retain control of their data even as you hold it.

A Lesson From Salesforce: Enterprise Customers Want Premium Data Privacy

Salesforce recognized the opportunity to build a premium data privacy offering that would address the concerns of their large, high-paying enterprise customers several years ago. Here’s an excerpt from IronCore Labs CEO Patrick Walsh’s recent blog explaining Salesforce Shield and how their data privacy add-on also addresses compelled access:

Salesforce Shield is a premium security and privacy offering that includes Platform Encryption, which gives companies the ability to encrypt certain fields in the database. Salesforce has possession of the encryption keys that can unlock the data, but they do this in a way that segregates the keys from the main part of their system.

According to a source who used to work there, when Salesforce receives a subpoena, they clone a customer’s data into a clean room and then export the data from there. But that clean room does not have access to the key management servers. Which means that the data export delivers a copy of exactly what’s in the database. The encrypted fields stay encrypted in the data that’s handed back to the requestor.

If the agency seeking the data should complain about the encrypted data, Salesforce explains that it would require software changes to produce the data and that would leave audit trails and be generally known.

They don’t publicly claim subpoena resistance, but it seems they have it. And to my knowledge, this makes Salesforce the only platform with technical protections that really do put their customers in control of their data such that law enforcement would need to go directly to the customer. But only if the data they seek is encrypted with Platform Encryption.

How much does Salesforce charge customers for premium data control like this? They charge 30% on top of the current contract. It’s an expensive feature, but your enterprise customers are willing to pay for premium privacy to protect their data (and their reputation/revenue).

Conclusion: Premium Data Privacy Is a Proven SaaS Growth Strategy

Slack, Salesforce and several others were early adopters of premium data privacy, and they’re seeing returns on their investment. Thankfully, the window of opportunity is still wide for more SaaS businesses to do the same.

Premium data privacy is no longer a “wish list” product feature. It’s on the roadmap. And the good news is it’s gotten faster and easier to build onto your product than it was for the early adopters.

We will be watching the industry closely over the next year to see who pulls ahead, but we wouldn’t recommend waiting. Your SaaS business has a rare opportunity today to differentiate from competitors and grow revenue in the process.


At IronCore, we care about data privacy. Check out our end-to-end encryption and customer managed keys solutions to see how we can help you make the world a little safer each day for enterprise software.