BoxyHQ brings ‘enterprise readiness’ to any SaaS app

Let the OSS Enterprise newsletter guide your open source journey! Sign up here.

Selling software to the enterprise can be a frictious endeavor, one fraught with challenges due to the specific security, data privacy, and compliance requirements that larger businesses often have.

Anyone who has paid attention to the software-as-a-service (SaaS) sphere will have noticed a term such as “enterprise-grade” used to target their services at such companies, often accompanied by a heftier price tag compared to the standard edition software. While there’s no universally agreed definition for what “enterprise-grade” really means, Gartner describes it as any product that “integrates into an infrastructure with a minimum of complexity and offers transparent proxy support.”

However, it’s defined, any SaaS company that wants a fighting chance of winning enterprise dollars should be thinking in terms of scalability, compatibility, security, and customizability. But getting to that stage is often easier said than done, particularly for smaller companies that might not have the same level of resources as the tech titans of the world. This is where BoxyHQ enters the fray, with what it calls an “enterprise readiness” platform that brings key enterprise features to any SaaS app with just a few lines of code.

Founded back in August, BoxyHQ is an open source platform that offers SAML single sign-on (SSO) and audit log functionality out the box, with plans to introduce data privacy vaults; role-based access and permissions; directory synchronization; admin portals; and other features that are critical to enterprises.

One of BoxyHQ’s early users is open source Calendly alternative Cal.com, which offers an enterprise plan with SAML SSO.

Low-maintenance

After a period in private beta with a handful of design partners, BoxyHQ has now formally launched its magnificantly-named SAML Jackson product, which removes the “tedious bits of the SAML protocol” for companies needing to integrate SSO into their apps.

But how much of a pain point is it, really, to implement such enterprise-grade features into software — can this be quantified?

“We estimate that a feature like SSO or audit logs would probably take a senior developer six to eight weeks to build, versus less than a week with BoxyHQ,” BoxyHQ cofounder and CEO Deepak Prabhakara told VentureBeat. “This is assuming they have some prior experience with it, or can quickly pick up the domain expertise around it.”

And this doesn’t factor in the post-development phase, which includes things like maintenance and addressing security vulnerabilities, which will consume even more resources.

“With BoxyHQ, the maintenance would be limited to upgrading our library or service,” Prabhakara explained.

There are a bunch of proprietary and open source alternatives out there already that companies can already use to bring enterprise functionality to their applications. WorkOS raised $15 million last year to bring enterprise-readiness to software, while Frontegg recently secured $25 million for something similar. Elsewhere, the likes of Auth0 enables role-based access and permissions, Skyflow serves up data privacy vaults, and open source solutions such as Keycloak, WSO2, and Databunker power various “enterprise-grade” features.

BoxyHQ, for its part, is aiming to provide a holistic enterprise-readiness platform, one built entirely on an open source ethos.

As with other open source products out there, BoxyHQ’s open source credentials mean that its users are free to make any customizations and changes to their product, while also avoiding vendor lock-in. The company has plans to commercialize the product in the future through several conduits, including offering a fully hosted solution; a proprietary “UX layer” that sits on top of BoxyHQ to make it easier to use; and a suite of features that target specific industries, such as health and finance.

Undifferentiated heavy-lifting

Longer term, BoxyHQ is looking to move beyond helping SaaS firms with enterprise-readiness, and “bridge compliance and security” by helping developers take the lead on security.

“What this would mean from a product perspective is for companies to be able to build compliance and security policies, get that mapped to code for the developers to automate, and add on observability to these policies,” Prabhakara said. “Just like today, it’s easy to know when you broke the system after a deploy[ment], you can know if compliance was broken after a deploy.”

It’s also worth noting that while BoxyHQ will undoubtedly appeal to smaller companies with fewer resources, it will also go some way toward solving problems for scale-ups and enterprises too — BoxyHQ fits into the burgeoning low-code movement that strives to improve efficiencies within software development teams.

“We plan to offer a low-code way of automating compliance and security policies in the future,” Prabhakara said. “Also, having a standard way to do compliance and security in their products is extremely valuable for enterprises — BoxyHQ aims to become that standard.”

BoxyHQ raised $2.5 million in a seed round of funding last October from backers including OSS Capital, Nauta Capital, MMC Ventures, Telefónica’s Wayra, and a host of angel investors. OSS Capital founder and general partner Joseph Jacks drew parallels between the mighty AWS and BoxyHQ, in terms of how they both help companies focus on their core product rather than having to worry about all the peripheral IT stuff that consumes so much technical resources.

“In the same way AWS removed undifferentiated heavy-lifting for access to raw cloud computing, BoxyHQ is removing undifferentiated heavy-lifting for access to enterprise-grade product capabilities,” Jacks said. “B2B software founders everywhere will soon realize how transformative it is to focus on their core product as much as possible, and for everything else, build on open source standards.”