Yesterday I was talking to a couple of enterprise customers, one of them happen to be from Jamaica. He was telling me that one of the big barrier of SaaS adoption there is trust or more precisely lack thereof. Many enterprises are not ready to trust a 3rd party to hold their data. This is very similar to issues I heard in China a while back.
All this is of course not new and has been discussed in this blog and elsewhere many times. What ended up being interesting is the analogy we discussed. We realized that it is very similar to the babysitter problem.
How do I select a trustworthy babysitter? How do I know that my kids will be safe and properly taken care of, instead of being quickly neglected as soon as I close the door? Is he/she available when I need babysitting? How many referrals do I need before trying a new babysitter? And above all, can I really enjoy my night out or am I continuously ringing my babysitter making sure things are OK? (to be honest, this last one is often more due to the parent anxiety than the babysitter capacity to baby sit :) but you get the point)
Since the problem is quite similar, the solutions are quite similar as well. And how are the vast majority of babysitters selected? Referral.
This is the typical "2 hops" chain of trust. I trust who my trusted friend trust. Of course, depending on what the matter is, chain of trusts can have many more "hops" (e.g. applying for a job, finding a buddy for squash), but the more critical the matter the shorter the "hops".
When direct referral is not available, two additional things can help: ratings and certification.
It's been shown that ratings are a good source of "trustworthiness" or clearly influence behavior. Two types of ratings: community ratings (epinions.com, amazon, ebay ratings are examples of that) and "trusted entity" rating (BBB.com, consumer bureau, watchdogs etc.). It would be interesting to know which one has more impact, I suppose it depends on the matter. If it is movie ratings, I'd rather follow community ratings than the advice of a guy whose life is dedicated to deciding how many thumbs up a movie is worth. For a babysitter, I think I would rather go with a "trusted entity".
Certification is also a way of augmenting trust. I am not sure what certification would apply for a babysitter (an FBI background check?! mmm... I guess that would be too much), but for you SaaS business getting some sort of certification e.g. SAS70 (see note below) of your data management processes, security policies etc. can certainly help. Another form of certification is having a trusted brand vouch for you. This is where aggregators and marketplaces come to play. Many would rather buy a watch from a shop in a mall than from a guy in a corner of a street. In this scenario, even if the watch might be the same, where you buy it becomes relevant.
Finding the best strategy for establishing trust is a complex topic and might be worth a full post, but to get you started, if you are in the SaaS business and are trying to increase your level of trust, I would suggest thinking about how you selected your preferred babysitter and if you don't have a babysitter, how about watching Mary Poppins again? I told you that watching TV helps being a better architect :)
(1) Note that for the SAS70 in particular, the certification is not about best practices, but about certifying that you do what you say you do. You can have very bad processes and be SAS70 certified of these processes