Key Challenges Facing XaaS Companies

14 March 2022 Innovative Technology Insights Blog
Author(s): Pavan K. Agarwal Christopher J. McKenna Shabbi S. Khan

The worldwide market for cloud-based services continues to expand, with recent growth accelerated by the increased demand for online services during the COVID-19 pandemic. Remote work environments and new offerings proliferated in response, and companies across sectors find themselves transforming to a cloud first strategy. Even companies that do not provide their products via the cloud are consuming cloud-based services to operate, with Gartner estimating that nearly 85 percent of companies will be pursuing a cloud-first strategy by 2025.

Cloud-based services have typically been categorized as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). However, with increased diversification across a wide range of industries a broader category has emerged: Anything-as-a-Service (XaaS). The term “Anything-as-a-Service” is used to describe the general category of services related to cloud computing and remote access that be purchased through a service consumption model. For example, the word “Anything” can be replaced with Retail for Retail-as-a-Service, Transportation for Transportation-as-a-Service, Network for Network-as-a-Service and Data for Data-as-a-Service, to name a few. The term recognizes the vast number of products, tools, and technologies that are now delivered to users as a service over the Internet.

With this rapid evolution and adoption to scale, these cloud-based providers face challenges as they meet new competitive, jurisdictional, and business landscapes across the globe as they look to increase the ubiquity of their services. These challenges are complicated by the continued demand not only for resources, but new functionality with always on availability and a high level of service. Further complications are the result of dynamic changes in legal, business, and regulatory schemes adapting to this evolution.

This article provides an overview of five key areas where cloud-based companies face challenges as they scale their businesses:

1) Assessing company valuations across different valuation models

2) Talent recruiting and retention

3) Multi-jurisdictional security, privacy, and regulatory compliance

4) Data rights, governance, and monetization

5) Intellectual property protection and risk management 

Assessing Company Valuations Across Different Models

Whether it’s time to exit as, find investors for, make an investment in, or acquire a cloud-based company, determining the company’s value is complicated. The business model for cloud-based companies vary from traditional business in a few ways: high amounts of recurring revenue rather than single purchases, high gross margins as cost-to-service decreases over time, and renewal rates and customer service level improvements. Accordingly, cloud-based company valuations are trickier. When it comes to assessments, investors and owners consider different valuation models, attributes, and qualities than for non-cloud-based businesses. By understanding the unique cloud-based valuation drivers and business trends such as founder involvement, growth and stability, churn reduction, optimized pricing, optimized acquisition conversions, lead generation, and upsell/upgrade opportunities, investors, owners, and acquirers can determine the most appropriate valuation philosophy for evaluating companies.

Talent Recruiting and Retention

As cloud-based operators scale, so do their technologies, tools, processes, and operations. To meet the demands of such a dynamic environment, these companies are in constant need of highly technical and knowledgeable workers. Recruiting and retaining such talent is challenging in a highly competitive environment where Big Tech or the next start-up is luring talent with more money, equity, benefits, or opportunities. Over time, a company's talent becomes even more skilled as they consume and interact with the technology and intellectual property (IP) that drives the company’s competitive differentiators. Retention is a critical element not only of sustaining growth but also in enhancing the security of valuable IP. While critical focus is rightly placed on hiring and retaining talent, it is equally important to ensure departing employees leave well – and leave the business information behind.  

Good business practices in recruiting, managing, and retaining such talent are even more important to cloud-based companies looking to scale. As companies recruit talent across different jurisdictions, they are also faced with the additional challenges of ensuring that the their policies are compliant and enforceable in the jurisdictions of their employees, failure of which can result in government imposed penalties, reputational harm that can affect recruiting, and loss of IP as employees depart.  

Multi-jurisdictional Security, Privacy, and Regulatory Compliance

With the global footprint and ubiquity of cloud-based services, many companies find themselves receiving, processing, and storing data from end users across different jurisdictions. Many of these operators also have data centers and personnel across multiple locations. This complex landscape from which data is received, processed, and delivered provides a myriad of compliance challenges.  

One of the biggest challenges is the exposure to different, complex, and often contradictory laws related to privacy and cybersecurity of data. The applicability of these laws is based on not only the cloud-based operator’s locations, but also the locations of their customers and the individual data subjects. In addition, many of these laws now restrict the flow of data outside of that jurisdiction’s borders, requiring such operators to expend resources navigating these requirements or acquiring additional data centers and localized support personnel. Such cloud-based operators are also faced with the responsibility for all of their customers’ data in the event of a security incident.

Data Rights, Governance, and Monetization

The consumption of cloud-based services has significantly increased the volume of data being ingested, processed, analyzed, outputted, and reported. Data is invariably ingested from various sources and stakeholders that each maintain some form of rights to the data. Some of this data comes from different jurisdictions, which may also have a separate interest in protecting the rights of the stakeholders. As data from multiple sources is aggregated and new data is generated by the cloud-based platform, questions relating to ownership and usage rights no longer have simple answers. While being respectful to end users and the processing of their data, cloud-based companies also need to be respectful to the data they own and generate from the functionality and service they provide to their end users. As cloud service providers have multiple tenants and serve the needs of many different enterprises and their end users, they should ensure the rights to use data from each of their customers to support, maintain, improve, and enhance services for all their customers.

The unique patterns and combination of data flowing through a cloud-based service typically also provide useful insights into customer and end user behaviors. The service provider can perform analytics on such data to unlock value and create monetization opportunities such as creating new services or enhancing another party’s platform. Although these data-driven monetization opportunities may come downstream from the launch and success of the service, many providers fail to develop a data governance model that is respectful to stakeholders’ rights in their data as well as their own rights to enable such monetization.

Intellectual Property Protection and Risk Management

Cloud-based service providers face significant risks from a variety of sources, such as existing competitors, more agile startups, and industry giants expanding into their marketplace. As traditional companies transform to offer cloud-based solutions, these companies will need to view themselves as technology companies whose value primarily stems from the intellectual efforts used to develop and deploy their technologies. With the technologies typically installed, managed, and accessed via the premises of the company, such service providers may view the related intellectual property in their control and thus less of a concern of protecting from theft, copying, or misappropriation. However, cloud-based service providers have the same risks of IP loss and threats as traditional technology companies.

To protect against the various risks posed by such competition, cloud-based companies must consider IP strategies and tools common to traditional technology companies but adapted to their business model and competitive landscape. For example, many of the large SaaS companies have already adapted such strategies and developed sophisticated patent portfolios on par with traditional technology companies. In addition to leveraging the primary IP toolkit of patents, trademarks, copyrights, and trade secrets, contractual protection should be used by cloud-based companies to protect and control IP across access points to its technology platform.

Overcoming Challenges

As outlined above, each of these areas can present significant roadblocks to growth for XaaS companies if not addressed preemptively. Whether protecting innovations by defending IP and retaining the talent needed to grow, maintaining compliance within a shifting regulatory landscape where customer control over data is increasing, or accurately assessing value while preparing for significant corporate transactions, it’s important to consider the ramifications of each in advance.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.