Skip to main content

The State of the Tech Stack for SaaS SMBs: 2021 Insights and Highlights

Despite the pandemic (and, in some cases, because of it), software-as-a-service (SaaS) companies have seen rapid growth over the past few years, which means more investment in the tech stack. According to Forbes, revenues will increase from $200 billion in 2020 to $369.4 billion by 2024.

As SaaS SMBs prepare for continued, accelerated growth, having the right tech stack in place will be critical.

A 2021 survey conducted by Tugboat Logic explored the state of the tech stack among SaaS SMBs and revealed insights into the technology brands these companies trust the most as well as some of the surprising security holes that are still threatening the stack.

Here are some of the top survey highlights and insights, including tips on how to build a secure tech stack.

AWS Is the Clear Winner in the Cloud Provider Category

The survey found that Amazon Web Services (AWS) is by far the most widely used cloud provider. Nearly half of the respondents (48.8%) reported using AWS for cloud services, making it more popular than the two nearest competitors, Azure and Google Cloud Platform (GCP), combined.

Launched in 2006, AWS today is the provider to beat, with a number of key advantages over its nearest competitors, including one of the most stable, mature solutions on the market and world-class user empowerment tools and training.

AWS leads the pack in cloud service providers. 48.8% of surveyed SMBs use it.


Google Dominates Directory Services

Half of all survey respondents reported using Google Workspace for directory services compared to 34% for Microsoft’s Active Directory and Azure Active Directory combined.

A robust, scalable solution with strong security features out of the box and a minuscule price tag, it’s not surprising that Google has overtaken the market to this extent, especially given the significantly higher cost of Microsoft solutions.

Google dominates directory services. 50% of surveyed SMBs use it.


Github Cloud Is the Code Repository of Choice

More than half of the respondents (53.4%) reported using GitHub Cloud, making it the most popular code repository by a considerable margin in the SMB tech stack. GitHub Cloud is used by more SMBs than the three runners-up (BitBucket, GitLab, and AzureDevOps) combined.

Its popularity is well earned: after its acquisition by Microsoft in 2018, Github Cloud has become a very well resourced version-control tool. Yet despite its robust features, it has remained both affordable and open source, making it a good choice for smaller SaaS companies, especially those that use other solutions in the Microsoft ecosystem.

GitHub Cloud is the repository of choice. 53.4% of surveyed SMBs use it.


Slack Leaves Its Competitors in the Dust

In the communication tools category, Slack was the clear leader, with a staggering 68.2% of respondents reporting that it was the tool of choice. The closest competitor, Microsoft Teams, came a distant second at 24.7%.

Slack’s continued popularity is due in part to its unmatched interoperability—it integrates with thousands of third-party apps—and its technology-agnostic approach. While anecdotally, it has been a perennial favourite of startups, its recent acquisition by Salesforce is likely to drive greater adoption among enterprises as well.


Slack leaves its competitors in the dust. 68.2% of SMBs use it.


Salesforce Is the CRM of Choice for SMBs

It’s no surprise that Salesforce tops the list of CRM providers in the SMB tech stack, with nearly half (45.1%) of respondents identifying this solution as their CRM of choice. Originally an enterprise solution, Salesforce has since adapted its platform and its price point for the SMB market.

By comparison, only 20.7% of respondents were using the closest runner-up, Hubspot. The more boutique solutions, such as Pipedrive, Zoho, Copper, and Outreach, were used by a small fraction of respondents.


Salesforce is the CRM of choice. 45.1% of surveyed SMBs use it.


The SMB Tech Stack Has Some Surprising Gaps

While the majority of SaaS SMBs seemed to have well-rounded technology stacks, there were a few stack elements that were missing for a surprising number of respondents.

  • 38% of respondents reported that they don’t have a learning management system (LMS)
  • 18.3% reported that they don’t have a CRM
  • 17.3% reported that they don’t have background-check software
  • 8.5% reported that they don’t have HR software

The high prevalence of SaaS companies without an LMS is especially remarkable, given the critical role these systems can play in customer success and retention.

Suites Are Overtaking Best-of-Breeds

Based on the survey results, the ongoing question of whether to invest in a solution suite or a collection of best-of-breed solutions has been definitively resolved, with the majority of SMBs leveraging one of the three dominant suites—Google, Microsoft, and Amazon.

The advantage of this approach is clear: investing in a suite offers significant cost savings over a best-of-breed approach. The disadvantage: A “one-size-fits-all” core stack won’t support the ideal levels of customization or functionality. But while SaaS SMB companies come in many different flavors, most have core business needs that are very competently served by one of the prevailing suites. And as the technology titans continue to acquire new technologies, the functionality offered by each suite will continue to expand and evolve.


Stack titans are overtaking best-of-breeds.


The SMB Security Stack Has Some Big Gaps

While the majority of respondents reported having the key elements of the security stack in place, a surprisingly high number admitted that some were missing:

  • 39% of respondents reported having no intrusion detection and prevention system (IDPS) in place
  • 25.3% reported having no penetration testing solution
  • 14.6% reported having no security information and event management (SIEM) solution
  • 9.6% reported having no antivirus software

For smaller companies, there may be the perception that these security solutions are unnecessary. With fewer people on board, there is likely to be more trust that the group is capable of avoiding malware and setting up company systems to repel attacks. They may also see the company as too small to attract the attention of hackers and other attackers.

However, SMBs are as susceptible to security threats as larger enterprises. According to Cisco, 43% of cyberattacks target small businesses. Along with implementing security and privacy controls across the entire stack, maintaining a secure tech stack is critical for companies of every size.

Next Steps on How to Build a Secure Tech Stack

  • Educate yourself about Systems and Organization Controls 2 (SOC 2), an audit process that evaluates your company’s ability to securely manage the data you collect and use during business operations. Passing a SOC 2 audit is a major security milestone that virtually every SaaS company needs to pass before securing the business of enterprise customers.
  • If you decide to move forward with a SOC 2 audit, consider adding a compliance automation solution to your SMB stack. SOC 2 is a worthwhile but resource-intensive commitment, and automating the process with a solution like Tugboat Logic reduces audit readiness costs by 60%.
  • If you’re not ready for SOC 2 and just want more tips on how to build a secure tech stack, download a copy of Tugboat Logic’s 2021 State of the Stack for SaaS SMBs. You’ll discover what your peers are including in their stacks and how to address the biggest security risks for each stack component.