How to Assess Technology in a SaaS Business Acquisition

Growth in the Software-as-a-Service (SaaS) industry is snowballing. Likely to reach $328 billion in 2027, with a compound annual growth rate (CAGR) of 6.6%, SaaS’es represent one of the most sought-after types of businesses in 2023. (Source)

SaaS businesses still operate at healthy margins, making them great companies to buy despite the massive market.

The underlying technology is critical to Software-as-a-service companies and the SaaS business model. With an understanding of the software built to power a SaaS company, you can notice warning signs that might seem obvious in hindsight.

In this article, we’ll outline the different aspects of technology that make up a SaaS business. You can then apply this knowledge in future acquisitions by asking thoughtful questions before the sale.

Components to Consider when Purchasing a SaaS Business

There are four main components for you to consider when buying a SaaS company: 

1. System Architecture: The different components of the software, leading to its ability to scale.
2. Development Methodology: The development and deployment of the software.
3. Production Operations: Processes and tools used to monitor and manage your application shown to your customers.
4. Security and Compliance: Any measures in place (or lack thereof) to help protect customer data and ensure compliance depending on the industry.

By the end of this guide, you can have a full 360-degree view of the software operations of the business. 

System Architecture

System architecture in software can mean many different things. Still, in the context of this article, we’ll refer to it as the components, technologies, and infrastructure of your soon-to-be SaaS business. 

Three of the most critical pillars behind any system architecture in a software company are any Third Party Integrations and Dependencies, the Technical Stack, and the Technology and Hiring Costs that tend to come with that technology stack.

Technical Stack and Infrastructure

The technical stack is critical to any SaaS company’s product. The technical stack is a combination of a programming language, frameworks available for that language, databases, and any other infrastructure (such as messaging queues). 

Note the technology stack and its popularity.

Finding skilled developers to maintain and improve the product will be challenging if you use outdated or unpopular programming languages or frameworks.

On the other hand, a modern and popular tech stack may attract top talent and enable faster development and deployment of new features.

Questions to Consider Asking:

• What is the primary programming language used?
• What frameworks and databases do you use? Are they open source?

Evaluate the reliability of the infrastructure.

If the infrastructure is unreliable, it can result in poor customer experience and lost revenue. Typically you’ll see a reliability metric for uptime, expressed in “nines.” Three nines, for example, means 99.9% uptime. 

Each nine is increasingly more challenging to reach and becomes more expensive. For the most part, having this metric available indicates well-maintained software. When improving reliability, you’ll want to balance the cost of more reliability against revenue lost due to downtime. 

A larger enterprise software company will likely want to be hosted on cloud infrastructure, which can be hosted in multiple regions with zero downtime deployments. Lack of cloud infrastructure is less of a problem for smaller acquisitions – and you’ll need to continue to scale the architecture as your company grows anyway.

While there can be some up-front cost savings regarding self-hosting, it’s often only recommended if you have hosting expertise yourself.

Questions to Consider Asking:

• How is the software hosted?
• Do you have any reliability metrics available? What are they?

Hiring Costs

As with any company, you’ll need to hire or grow your team post-acquisition. 

Analyze the cost of hiring new technical talent in-house.

You might need to hire software engineers. This becomes even more important if the existing staff is separate from the acquisition or you need to be more technical yourself.

The median salary for software developers in the United States ranged from $148k to $234k per year, per the Levels.fyi 2022 Pay Report.

Consider the cost of outsourcing technical work.

At some point, you’ll likely want to outsource some work.

If you need someone as a holdover until you can vet a decent contractor or agency, the seller may be willing to stay on for a short period as an emergency option.

Re-train your existing staff.

Effective financial management is crucial when considering outsourcing technical work.

If you have an existing technical team, consider re-training them. Although it will take resources away from your current projects, re-training can be cost-effective. By re-training, you can push out a hiring plan for new staff to a later date.

Questions to Consider Asking:

• What does payroll currently look like?
• Would you consider hiring more resources if you were to keep the company?

Third-Party Integrations and Dependencies

Third-party integrations are outside software or tools used to make a product or feature come to life.

Third-party integrations allow a SaaS company to focus on its core product and outsource the parts that are not differentiators.

Take inventory of the company’s third-party tools, libraries, or APIs.

While a huge time saver, there are risks to using third-party integrations.

If a SaaS company relies on a specific third-party API, and that API becomes deprecated or changes its pricing model, it could impact the product’s functionality, revenue streams, or even customer acquisition cost.

For example, many AI tools on the market are built upon the GPT models offered by OpenAI. If OpenAI decided to compete in the same market as some of those AI tools, they could deprecate or raise the price of their API. This could completely danger the business model of these SaaS products.

The deprecating of APIs or changing of business models is more common with integrations offered by early-stage startups who have yet to find a path to profitability.

In addition to essential third-party services integrated with the SaaS platform, check for any integrations with social media platforms. Social media integrations play a significant role in social media marketing efforts and contribute to the overall success of the SaaS business – but they can become costly quickly if your product takes off.

Evaluate the reliability and security of integrations.

Earlier, we discussed evaluating the reliability of internal software. Similarly, you’ll want to consider the reliability of external software.

A vulnerability or frequent outage in a third-party software provider could impact the product’s functionality and customer experience. Outages lead to a loss of revenue or damage to the brand’s reputation.

For example, if a SaaS company relies on inbound marketing software and that software experiences a data breach, it could result in customer data exposure and a loss of trust. This is what happened in cryptocurrency when Ledger was breached via their marketing database in 2021.

While imperfect, a rule of thumb is to prefer widely used third parties with greater revenue sources and more incentive and resources to invest in security.

Questions to Consider Asking:

• What third-party integrations do you leverage?
• What software do you use internally?

Development Methodology

Development Methodology is the process that facilitates software creation.

Most SaaS businesses leverage agile methodologies. Agile methodologies provide more flexibility and are better suited for iterative development. 

In the case of strict regulatory or compliance requirements, companies use waterfall methodologies. While not typical, the presence of any development methodology is a good sign of a healthy product.

Product Velocity

Check the speed of releases, including new features and updates.

Product velocity signals the efficiency of the software development process and code quality. 

If product velocity is slow, it can indicate underlying issues with the code base. Conversely, a high product velocity signals an efficient software development process that will likely continue post-acquisition (with some exceptions!). 

Consider the balance between speed and quality, and plan to address any shortcomings.

It’s also vital for any company to balance release speed and feature quality. While it’s great if a company can release updates rapidly, it’s also important that those updates are high-quality and don’t introduce new bugs or problems.

Post-acquisition, companies often analyze their internal systems to improve their processes. One such corner that is usually cut early in development is automated testing.

Version Control

Confirm the existence of a version control system.

Version control is essential for managing changes to any software as a service over time. While it’s relatively straightforward to implement version control post-acquisition, the lack of a version control system such as Git in SaaS businesses can indicate poor code quality.

Feature and Issue Tracking

Identify the tools used to manage feature requests and bug reports.

Most SaaS providers track feature requests and bug reports in project management or issue-tracking software. Smaller SaaS companies might not use dedicated software but will undoubtedly have a spreadsheet tracking product progress.

Consider the ability to prioritize and manage feature requests and bug reports.

Even healthy products will have bugs, but consider whether meaningful progress has been made over time. Bugs that stick around for a long time indicate expensive, time-consuming fixes and additionally impact the customer experience. 

Questions to Consider Asking:

• What is your software development methodology?
• How often are you able to release new features?
• What are some of your most recent features?
• What do you use to track bugs and new feature requests?

Production Operations

System Stability & Monitoring Capabilities

Ask for any metrics around system stability and production outages.

Software is flawed, and things break. You’ll want to know how often their software fails. Smaller companies may trade off monitoring capabilities for product velocity. This will lead to less granular metrics, but still, Error-free sessions or Error-free users are two such metrics that are often available.

With larger acquisitions and engineering teams, metrics around uptime should be front and center. These are commonly called Service Level Indicators (SLIs). SLIs typically contain error rate, response time, and availability metrics.

Identify any recent incidents or outages and evaluate their impact on customers.

SLIs are good baseline metrics but only sometimes tell the entire story. Not all bugs or incidents are reflected in metrics, so it’s also good to know about recent incidents impacting customers.

If a SaaS company experiences a significant outage or security incident, it will impact the product experience and lead to a loss of trust. 

Questions to Consider Asking:

• Do you have Service Level Indicators such as error rate, response time, or availability?
• Are there any recent customer-impacting incidents or outages?

Security and Compliance

Encryption

Ensure the presence of proper encryption.

Encryption is essential for protecting sensitive data such as Personally Identifiable Information (PII) in any SaaS business. Ask about the company’s encryption methods, confirming the business uses industry-standard algorithms such as AES-256.

Confirm encryption at rest and in transit.

“At rest” refers to any data saved long term, such as in a database. These should be encrypted, as noted in the previous section.

Ensure encryption protocols like TLS or SSL are used for data in transit. For web-based portals, this can be confirmed by the presence of a “lock” in your browser’s address bar.

Penetration Testing (optional)

More crucial for a SaaS provider operating in the security and finance industries, you may want to consider paying for a penetration test before closing the deal.

Conduct a penetration test to identify potential vulnerabilities or weaknesses.

Vulnerabilities can exist anywhere in the SaaS platform, including both the business you are acquiring and any third party the company integrates with. A penetration test will help you identify any vulnerabilities before an attacker does.

This doesn’t have to be completed before the close, but you’ll probably want to do it at some point, regardless.

Questions to Consider Asking:

• How is data encrypted?
• What processes do you have to ensure data is safe?
• What regulations do you have to comply with that are specific to your industry?

Conclusion

The SaaS business model is an attractive one. But when buying a software business, you must consider the most critical part – the software!

If you’re interested in acquiring a SaaS business, Flippa’s inventory of available SaaS businesses for sale is the best place. Visit Flippa’s blog for more resources and insights on the process and SaaS model.