Cybersecurity Companies Have A Customer Profitability Problem — Here’s Why

The age of growth-at-all-costs is over. Profitability matters — and it matters now.

For SaaS companies who rely heavily on the public cloud, understanding what’s driving (or hurting) profitability can be tricky. Different customers have different needs and usage patterns, drive different levels of cost, and impact profitability unequally.

Cybersecurity has played a central role in CloudZero from the beginning —or really, before it. Our founders, Erik Peterson and Matt Manger, are security industry veterans. Some of our earliest customers were security companies (MalwareBytes, Rapid7).

Then, there are a couple of deeper reasons why we’re a good fit, and they hinge on profitability:

1. Cybersecurity is a mind-numbingly crowded industry within the SaaS category. This crowdedness intensifies competition and puts a premium on competitive pricing and fast, novel innovation. Strong unit economics can be a major competitive advantage.
2. We’ve noticed a pattern: Cybersecurity companies have massive variability in their customer profitability — and many of them don’t even know it.

Why is customer profitability such a big blind spot for cybersecurity companies? Why does it often impact them more than other SaaS providers — and what can they do about it?

The Perils Of Multi-Tenancy

Most cybersecurity companies (and SaaS companies for that matter) use what’s called “multi-tenant architecture.” Customers are sharing the same resources, but each is using it in their own environment.

The problem is, each customer environment is unique: Coding languages, data types, and usage habits all differ.

Most cybersecurity companies are monitoring, storing, scanning, or otherwise processing their customer data —and there’s a cost associated with each. With these differences come different impacts on cost and profit. In security, time and thoroughness are of the essence, which means many platforms continuously process customer data.

A good way to understand multi-tenant architecture is through the lens of real estate. Rental property owners lease each unit in a building to an individual lessee, each of whom contributes a certain amount to the overall costs of maintaining the building.

Picture a three-floor apartment building in Brooklyn, where each unit is 500 square feet. At the end of each month, the owner gets a $1,000 water bill, and assumes that each unit is contributing equally. Thus, the owner concludes that each floor contributes about $333.33 a month in water costs.

But what if one tenant takes three half-hour showers each day, while another prefers a bohemian lifestyle where bathing is more of a recommendation than a requirement?

What if the hot water heaters in the bottom-floor units were replaced more recently than the others, causing them to run more efficiently and cost less? What if one tenant has figured out a method for purifying rainwater (it could happen), and therefore uses their sink and bathroom faucets less?

The point is: The tenants contribute unequally to the building’s overall maintenance costs. Cost visibility might start by breaking the building down by floors (as shown in the image above). It could then get more and more granular, going to cost per unit, and maybe even cost per water feature (kitchen sink vs. bathroom sink vs. shower, etc.).

Without this visibility, the owner can only assume they all cost the same, and in so doing, charge maintenance fees that don’t accurately reflect these differences. Some tenants may end up overpaying to account for the more expensive tenants, who might be underpaying to the point of eating into the building owner’s profitability.

Some of those examples are a little extreme, but in multi-tenant cloud architecture, they’re par for the course.

Customers share cloud infrastructure — such as EC2 instances, Amazon’s most basic server offering — and billing line items are aligned to the infrastructure, not to individual customers.

Without tooling to deduce customer cost, customer usage differences get obscured, and organizations lose the ability to calculate customer profitability.

Why This Is Especially Problematic For Cybersecurity Companies

The work of most cybersecurity companies boils down to watching and analyzing. Most security softwares are:

1. Looking for ways that attackers could potentially get in (e.g., vulnerability scanning)
2. Detecting whether attackers may have gotten in (e.g., intrusion detection)
3. Blocking them from getting in (e.g., WAF)

Then, there are a host of other tangential offerings, such as compliance platforms, developer education resources, and security issue resolution tools.

Within the simple categories of “watching” and “analyzing,” there’s a lot of opportunity for variability. Each customer has a unique set of needs and standards, resulting in vast differences in customer usage — and cost.

Example: Application Security (AppSec). Many AppSec companies scan their customers’ code looking for vulnerabilities. Every time they run a scan, they pay their cloud provider. If every customer performed the same number of scans every year, it would be easy to gauge customer costs.

Alas, such is not the case. Some customers run three scans a quarter; others run three scans a day. The more scans a customer requests, the more they cost, and the more they cut into profitability.

Similar cost variation arises from different code languages, application sizes, container usage habits — the list goes on. Because very little is identical customer-to-customer, costs are near-impossible to normalize.

Different companies charge per scan, per application, per line of code, or per some other metric. But unless their pricing is perfectly gauged to cost (which, spoiler alert, we’ve yet to meet a company whose pricing is), there’s variation in profitability per customer.

And it’s not just AppSec. We see this same phenomenon across all categories of security. Because billing takes place at the infrastructure level—the building, not the unit —it’s not uncommon for businesses to have murky ideas of what their customers cost. In fact, upon getting cost visibility (*ahem*), our security customers often realize that some customers are hurting their margins —or losing them money.

In short: Cybersecurity customers have especially variable servicing needs, and providers without adequate visibility end up eating the costs. Profitability goes down, and with it, an organization’s overall enterprise value decreases.

How Can Cybersecurity Companies Respond?

The status quo becomes a vicious cycle. Cybersecurity has never been a more pressing need, and the cloud has never been a more necessary resource.

The variable nature of cybersecurity leaves it open to profit vulnerabilities. Especially in today’s economic climate, CFOs have a duty to the health of their companies to identify as many profit levers as possible.

If they don’t, the best-case scenario is that they will leave profit on the table. More likely, it will lead to strategizing in the dark — making key decisions based on inaccurate data and inefficient pricing models. Particularly in periods of economic contraction, the consequences of uninformed strategy can be catastrophic.

The Solution: Cloud Cost Intelligence And Unit Economics (At Customer, Product, And Feature Levels)

The table-stakes metric for solving the customer profitability problem is cost per customer. It may sound simple, but the nature of multi-tenancy is to obscure individual customer costs, and it would take an enormous (unsustainable) level of manual effort to get accurate cost per customer info from native cloud provider tooling.

CloudZero Dimensions were built to overcome this issue. Dimensions allow you to organize your cost per custom business units, often starting at the customer level.

With an accurate understanding of cost per customer, you can advance to even deeper metrics, like cost per product, and cost per product feature. Data at each of these levels reveals profit levers that you didn’t even know existed.

Imagine: Six months ago, you released a new feature, and your customers instantly fell in love with it. You’ve seen immediate and widespread adoption of the feature — leading to reduced churn. Your natural inclination might be to incentivize your customer success team to get as many users as possible hooked on the feature and therefore put a major dent in your churn numbers.

But what if you’re losing money on the feature? What if it’s a custom feature that costs 10x as much to deploy as any other? The feature’s inefficiency hurts your profitability, and the incentive strategy compounds the issue.

Understanding cost per customer — and at a deeper, more multi-dimensional, FinOps-mature level, cost per feature per product per customer — enables you to understand the cost of certain behaviors within your products.

With that information, you can make informed strategic decisions geared toward optimizing profitability.

Pain-Free Profit

Profitability matters now. Optimizing customer profitability is a relatively pain-free way to raise overall profitability. Unlike launching a new product or dramatically altering the complexion of your business, you can keep most things the same, and simply pull the new profitability levers that deeper cost visibility has exposed.

Meaningful cost visibility is only a Dimension (or two) away. Ready to take customer profitability into your own hands? .