Modern enterprises are prioritizing software based on bottom-up considerations as purchase influence shifts from the C-Suite to the end user. The result is a wave of tools built around ease-of-use, flexible APIs, intelligent workflows and powerful extensibility. Kartik Gupta, investor at Salesforce Ventures, explores the key tailwinds driving this trend, as well as approaches to building for the “human element”, specifically with the modern data stack and the next-gen cyber security toolsets.


Why is this such an important thesis moving forward?

  • B2B software is undergoing a transformation led by companies embracing a “human-first” product vision. “The whole idea of ‘human-first’ is nothing new per se,” says Gupta. “We’ve seen this across most consumer-facing technologies already. However, in this context, I believe that B2B software, which has always been built for workflows and not for humans, will experience a massive shift over the next decade. There is a growing need for these platforms and tools to be much more usable, accessible, and more accommodating of the end user’s needs and behavior. While building software, it seems like we forget that humans make mistakes, don’t read instructions manuals, or do training. People often want something that just gets the job done with minimal input. Taking this simple idea, we need to rethink how we build the next generation of SaaS — whether it’s simple IT tools, powerful cybersecurity platforms or enterprise data platforms.”
  • Bottoms-up adoption is changing the framework for buying decisions. “For example, in security, the buying decision is moving from the CISO and CSO to the ultimate end user and the surrounding team,” says Gupta. “These folks are going to spend their work lives using the software. People want to use tools that will work for them and make them successful, not ones which their boss’s boss picked.”
  • The low cost and short timelines of cloud-based software deployments have led to rapid innovation. Since vendor lock-in is eroding, the stakes are high for creating tools that will be sticky with the end users. “With a majority of data and workloads moving to the cloud,” says Gupta, “security and data software can now be implemented in weeks, not months. What’s more, a majority of implementation cases require only minimal professional services, or none at all. These factors are driving down the cost of adoption.” As a result, enterprises are more willing to rip out old solutions, switch to new ones, and experiment with combinations. The “companies selling to enterprises must build faster, sell faster, and iterate faster. Of course, they can also be out-disrupted by someone else faster.”

While building software, it seems like we forget that humans make mistakes, don’t read instructions manuals, or do training. People often want something that just gets the job done with minimal input. Taking this simple idea, we need to rethink how we build the next generation of SaaS.

Kartik Gupta~quoteblock

What are the business models that might be attached to this category?

  • The traditional SaaS business model might be complemented by consumption-based pricing, according to Gupta.Most of the companies within this thesis are pure B2B SaaS with annual or multiyear contracts but some companies are incorporating a consumption component to their models.” This can include “charging for data storage, usage, or security scans to more closely align the pricing to the value provided.” However, CFOs are becoming more vary of the consumption model, and most companies with any sizable budget allocation may not be able rely on the consumption pricing piece for long term growth.

What are some of the potential roadblocks for human-first cloud infrastructure?

  • Some organizations remain reluctant to bring down silos that limit the potential of human-first cloud infrastructure. There are pockets of skepticism toward platforms with holistic solutions meant to empower non-technical employees. For example, “enterprises still address security issues by putting more walls up, between employees, and also between employees and the outside world. And then, there’s always governance and compliance risks which make data access and movement a big challenge within organizations” says Gupta.


Trends in Cloud Computing: 2022 State of the Cloud Report | Flexera Blog
Courtesy: Flexera

In annual surveys of enterprise tech leaders, a majority of respondents still see the migration of workloads to the cloud as a top concern — 57% in the 2022 survey shown above. Gaining efficiency in their use of cloud computing and moving to SaaS round out the top three concerns.


saidbyblock~ via email correspondence
Kartik Gupta

At this point, we take it as commonly-accepted notions that the majority of enterprises are moving to the cloud, that virtually all large enterprises invest heavily in capitalizing on the data that resides within their organization; and lastly, that cybersecurity has risen to securing a place in each board’s agenda as attacks become intense and more frequent. But that’s not necessarily the case. We’re a bit biased by being so close innovation, to Silicon valley, and to F500 CxOs, that we forget that massive organizations around the world are still treating the cloud as a new technology that they are still learning and exploring.

I think the 2020s are going to be the best-ever  decade for data and cybersecurity, which until now have been part of the broader support structure, but never core foundational pillars upon which enterprises are built — or fall because of. This is will be the byproduct of significant cloud adoption, which should result in most organizations have majority of their infrastructure in the cloud.

Enterprises used to buy outside data and security tools as bandages for something that was failing or as isolated fixes to patch into a specific part of a workflow Now, as cloud adoption reaches maturity and the infrastructure fabric of organizations changes, we’re starting to see enterprises change their behavior and turn to partners and SaaS-type solutions for meaningful parts of their infrastructure. Compared to the last two decades, companies realize that, while they may want to own the whole stack at some point, achieving scale doesn’t require them to build everything.

We’re also starting to see this idea of "the stack" and collaboration within it become a super-powerful driver of messaging and go-to-market. Companies are working very closely together, as they focus on what they do best, to bring together sets of solutions that really work for the end user and play well with other components up-and-down the stack. The modern data stack is the best example of this trend, and one that will shape how partners and competitors alike define one another in the modern era.


Q: How do existing trends across the data stack support the thesis that new software will be more “human first,” haven’t we already seen multiple waves of innovation here?

A: "A lot of the stack that exists today was built to make the IT user happier by helping them move on from incumbents like Informatica and IBM. But, on the whole, analysts and managers have been a few tiers down the priority list of users to keep happy. What we’re seeing now is that almost all major parts of the data stack are being rebuilt with the end business user in mind as first priority, while making sure the product checks all the boxes for IT and security to be happy and to stay compliant.

New tools are adapting to the realization that every part of the stack needs to feed data and metadata in a way that every user can understand the underlying context and trust the data. Not to mention, most companies in the modern data stack are building excellent APIs to be used by others, while also working directly with other vendors to make integrations and workflows a breeze. All this only comes together when you put the end user first, not IT or the CIO."

Q: Recent trends in security like new access-control and identity-verification and management solutions certainly seem responsive to the end user. What’s missing?

A: "Security is still treated somewhat as a hardware, network, or software problem — even though the human element is one of the biggest risk contributors. Training and monitoring people turns out to be much harder than expected. Yet we know failure can have negative consequences.

Historically, access, identity, authentication etc. were very IT/compliance focused. However, with the rise of SaaS and Cloud, we’re seeing identities be more fluid and more ephemeral. This, in combination with the fact that people are using apps that aren’t on-premise, we’re seeing security teams starting to own this problem more, instead of IT. Forward thinking security teams are now taking a more human-first approach, where security can exist in the background to keep you and the business safe while enabling you to be productive without closing many gates.

One example tackling part of this new identity realm is Elevate Security, which is helping organizations understand and proactively remediate human risk and educating employees continuously and in response to real needs, rather than with yearly compliance training. Companies are also rethinking what it means to have a digital identity and how online authorization and authentication can evolve alongside organizations in a dynamic and adaptive way. These approaches take into account the reality of human behavior, and build solutions to incorporate them as product features rather than leaving them out as edge cases."

Forward thinking security teams are now taking a more human-first approach, where security can exist in the background to keep you and the business safe while enabling you to be productive without closing many gates.

Kartik Gupta~quoteblock

Q: What are some illustrative examples of companies, within your portfolio or not, which are representative of this trend?

A: "Wiz is an excellent example of how cloud-adoption maturity has given rise to a massive new cloud-security market, and how organizations are changing their buying behaviors. In a previous era, these products took six to nine months to develop into a proof-of-concept and then another few months for budget, security, and contract approvals. Wiz has helped change the game in terms of industry behavior. It has brought down time-to-value to hours or days in addition to sales cycles that take months not years. Also, similarly to Snyk, Wiz has been able to rally security practitioners within enterprises to go bottom-up in advocating for the tool, while still perfecting the top-down sales muscle when it comes to closing seven-figure deals. That combination is going to be very important for the next generation of data and security companies.

Monte Carlo, DBT, Atlan and Astronomer are all companies within the modern data stack that are going very deep within their markets while working closely with the rest of the ecosystem. This ‘better together’ story resonates and sells extremely well and results in the best outcome for consumers as well. The broader data market is mature enough today to support billion-dollar companies within sub-buckets, as these companies can partner knowing that they won’t necessarily be squeezed out by tangential competition in the long run.”


  • AI will enable experiences pivotal to a human-first data and security approach in business. “We’ve seen impressive AI adoption within the B2C world. Think Netflix, Amazon, Google, Uber etc.,” says Gupta. “The B2B world has lacked that level of widespread AI deployment to drive experiences. That is definitely changing. Over the next decade, in terms of feature and product development, AI is going to find some amazing use cases, in addition to lower-hanging fruit.”
    • "For example, Atlan has AI built into their platform so each user can interact with data assets that are relevant to them, at the appropriate time along with the most relevant context. By simply understanding your team, roles and behavior, Atlan is able to provide a Netflix-like experience that is highly tailored to each individual within an organization. This really drives home the “human-first” approach we’re expecting from the next generation of software.”
    • AI can also be powerful in addressing the inconsistencies and irrationalities that are part-and-parcel of human behavior in working with software, he says. “We all know that no one likes to do training or read the instruction manual. AI can account for this by design, within a product.”
  • While more business-model approaches will be tried, experiments like consumption-based pricing face an uphill battle. “I do think more companies will try out consumption-based pricing alongside the classical SaaS approach of annual or multiyear contracts, but few will succeed. It’s tough because it requires companies to justify the incremental value provided with every marginal dollar spent.” While there have been some examples of success with this model, e.g. AWS or Snowflake, Gupta believes that “CFOs are already getting tired of this model as it makes it very hard for enterprises to keep their costs in check in the long run.”


The 2022 EVC List honors the top 50 rising starts in venture capital. Terra Nova’s Thesis Brief series showcases each investor’s insights and category expertise.

Related Posts