Human Auditors Cap SaaS Margins
How Vanta, Secureframe and Laika are arming the rebels of B2B SaaS
These companies are building good software businesses, but the last mile of revenue still runs through licensed people. The software can pull logs from AWS, GitHub, HR systems, and employee laptops, flag missing controls, and package evidence, but an outside CPA firm still has to review that evidence and issue the SOC 2 report. That keeps labor in the loop, so gross margins can be strong, but not as high or as clean as software that ships with no human approval step.
-
The human work is not a side detail. Vanta says it will not become an audit firm because the auditor must stay independent, Secureframe says some controls still need guided document collection, and Laika says full automation is unrealistic because audit judgment still matters.
-
The margin trade is worth it because software changes auditor economics. Instead of charging $50K to $100K for slow manual work, audit partners on these platforms can charge less per engagement but complete more audits, using the same evidence stream the customer already assembled in the product.
-
The path to better margins is to move beyond the annual audit workflow into daily security products. Vanta has expanded into vendor monitoring, pen testing, trust centers, and new frameworks, while Drata has pushed into trust management, developer security, and access governance to raise usage and ACV outside the audit event.
Over time, the winners are likely to be the platforms that keep the audit as an entry point, then sell continuous products that customers use every week. That shifts more revenue toward pure software, makes the business less tied to auditor capacity, and pushes margins closer to classic SaaS without breaking the human independence requirement at the core of SOC 2.