Kantoku is a self-hosted application for companies to manage their IT governance, risk management and compliance (GRC). As mentioned in a previous post, I developed this application during the first part of 2016. At first, it was a Software-as-a-Service (SaaS) solution with a really nice high availability infrastructure on AWS. However, I had to put aside the infrastructure behind the SaaS solution. Back then, it was mostly a question of priorities. To keep the project alive, one alternative was to offer Kantoku as a self-hosted application. In that case, companies would still be able to buy a licence and to install the application on their own servers.
I mainly developed this application to help small and medium enterprises (SME) to manage more efficiently their IT GRC. Even SME have compliance obligations. I thought it was a niche market where it could have been possible to offer something different than the existing solutions. An application that would be simpler and more affordable for everyone. It was also an interesting complement to consulting services. However, I did not account for these two situations:
Small and Medium Enterprises
SME are fortunate enough if they have someone who is aware of the main IT GRC concepts. They will probably have a consultant who will help them with their compliance obligations. It could be cheaper for them than having a full-time employee. However, their GRC needs are often not complex enough to justify the implementation a dedicated application. They will prefer to work with many documents such as spreadsheets and emails than to learn a new application workflow. SME don’t necessarily see the value in monitoring their GRC and I understand them. They want to concentrate on their core business where they will be able to generate a direct income.
I also have to admit that one of my weaknesses is the selling side of a business. I really need to be convinced that my product and/or service will be beneficial for the client. Otherwise, I don’t want to sell anything since I care about my clients. This was not always the case with Kantoku and SME. Most enterprises need help on their IT GRC strategies and I obviously see the value for them having a consultant to help them. Not an application that they will barely know how to use. If I have to push too much in my explanation about a solution’s features, maybe it is not the right solution for the client.
For larger organizations, they often have the budget to acquire a well-known solution with all advance functionalities such as RSA Archer, Resolver, MetricStream, Reciprocity, etc. It is really hard to compete with solutions that cost more than just a few thousands. Furthermore, these organizations will not make the differences. They are expecting the same features which is understandable.
As I said before, even if I am really proud of this IT GRC application, Kantoku will be shut down. One other reason is also that my professional life and other projects all evolve around the IT GRC fields. I need a project that will be in a completely different field. It is also important for me to stay neutral when it is time to provide consulting services in IT GRC. I can’t provide a solution in IT GRC and be impartial with other existing solutions. There is also an open source solution that I really like, Eramba. It could be an interesting alternative for many SME with an interest in their IT GRC. I exchanged a few emails with the founder and I would prefer to work with them in the future.
Why a future comeback? I am already working on something else, but I don’t want to mention too much about it, yet. It will be an application that it is not at all in a niche market. So many applications like that one already exists. However, I am still not satisfied with current offers. But, being not in a niche market, it should be easier for me to sell since all organizations will understand how it works. They all need a solution like that one. This time, it will be a SaaS solution and I will probably reuse the domain name kantoku.io.