Modern Software Moats

7 powers and defensibility in the software era

Welcome new subscribers! This newsletter dives into one topic within technology that I’ve been digging into lately. This week’s post covers the importance of defensibility with a bend towards b2b and software.

I’ve been spending more time trying to understand how businesses build defensibility over time. In my eager naivete, I set out to create an exhaustive list of where defensibility comes from. It became clear that I had just generated a worse version of Hamilton Helmer’s 7 Powers, which probably surprises no one.

For the unindoctrinated, Hamilton’s book describes the 7 ways in which a business can create durable competitive positions over time1. While these principles are generalized, the examples lean heavily towards consumer (social networks, marketplaces, goods) or mature, static industries (airlines, railroads). The purpose of this piece of writing is to extend the 7 Powers framework to examples from modern b2b and software-centric businesses. 

3 myths | why we should care about defensibility

Defensibility typically falls into the broader “strategy” bucket that many people are generally skeptical of. I want to start by just refuting what I think are common criticisms of the importance of defensibility and offer my own explanation for why it is in fact important.

I. “Defensibility doesn’t matter in large markets”

Defensibility has nothing to do with market size. Large and small markets alike become uninhabitable when there’s fierce competition. It makes acquiring customers more challenging and it erodes any individual company’s pricing power. Take a look at the myriad low margin industries littered with companies bearing little-to-no differentiation. At some point, the novelty of a product or market fades away and defensibility becomes paramount to sustain market leadership.

“All failed companies are the same: they failed to escape competition

II. “Startups don’t need to defend”

I’ll concede that when you’re pre-product-market fit, there’s really nothing more important than finding a big problem that’s worth solving. Things like defensibility really don’t matter until you’re ready to scale. That said, VC-backed startups are a long-term investment and are certainly evaluated by investors on their ability to generate defensibility eventually. Second, defensibility is not about “defending” market share, but rather defending market position. Defensibility doesn’t just drive strong retention, but it can also help win new customers. 

III. “Software isn’t defensible”

And finally, perhaps most clearly aligned to this post is the myth that software isn’t defensible. While a marketplace like Uber or Airbnb has network effects that are a direct consequence of building the business, the same is not typically true for software. Over the course of this post however, I want to try and detail the ways in which software businesses have embedded defensibility into the fabric of their organizations.

The importance of defensibility increases as the novelty of a business model or technology fades. With large software incumbents in most categories, startups will have to be more intentional about defensibility in the coming decade in order to succeed. It’s become well-accepted that software businesses have strong characteristics like high gross margins and predictable recurring revenue. On the other hand, defensibility and moats are less straightforward to quantify despite their significance. As a result, I think there’s an opportunity for investors to build a differentiated point-of-view on the quality of businesses based on how they assess and weigh these moats. 

1) Counter-Positioning 

The 7 Powers are not created equally — some are more powerful than others and some can be developed more quickly. For that reason, the best place to start is with counter-positioning, which is likely the first moat that a startup develops. Startups that take a fundamentally opposing view from incumbents are defensible because incumbents typically grow too attached to their existing business model to risk compromising it. For startups, it’s important to buy time and space to build something truly defensible. Even though 2x2 competitive matrices can be useless, I find the best ones focus on illustrating counter-positioning. It’s much harder to convince folks that you are 10x better than someone 100x your size and easier to convince them you are taking a fundamentally different position.

The quintessential example of counter-positioning in my mind is Robinhood taking a zero-commission trading approach when legacy trading platforms relied heavily on fee revenue. Robinhood wasn’t the first app to let you make trades, but the business model was unique. If an incumbent like ETrade wanted to copy Robinhood’s business model, it would blow up a successful fee-based business. Today, incumbents have finally come around to offering free trades, but Robinhood’s counter-positioning bought itself ample time and capital to build other moats. 

I see a few different categories of counter-positioning in software: 

  1. Unbundling by use case: The “Zoom for X” companies have carved out a piece of Zoom’s TAM, hoping to create and expand markets outside of Zoom’s primary focus. I’m thinking of what Hopin has done with virtual events or what Gather is trying to do with the virtual office. Could Zoom invest more into specific use cases? Sure, but it’s more likely they invest in large existing markets. 

  2. Unbundling the stack: The “Headless X” companies are focused on unbundling frontend and backend functionality. This decoupling can yield more flexibility on the customer-facing experience in addition to website performance benefits. Companies like Shogun are taking this approach by focusing on the frontend and leveraging Shopify or Magneto for the backend. This is part of the broader trend where the means of consuming software is moving towards smaller component parts (SaaS -> APIs). 

  3. New end user: The “X for developers” companies span many categories, but have similarly built software that is developer-first rather. An example is something like Auth0, which took a developer-centric approach to identity when leading players at the time like Okta were top-down enterprise sales. It feels like a pretty good indicator that this counterposition held up as Okta would ultimately pay $6.5B to acquire Auth0

  4. New monetization: The “as-a-Service” model itself is partly a pricing innovation (in addition to being a new distribution model). Salesforce took down a formidable opponent in Oracle with a per-user, pay-as-you-go pricing that served to expand the market. 

2) Network Economies


Chronologically, the next type of defensibility a company can exhibit is having a strong community around it. This has become much more common as software purchasing increasingly moves bottoms-up and the prevalence of freemium and open-source business models remove much of the friction of trying new products. The power of communities is that it allows your users to become champions of the company, both contributing to it and evangelizing it. Community allows you to borrow a larger pool of resources for both R&D and S&M, which can be an incredible accelerant to the business and one that is hard to replicate even for large companies. 

This First Round 2019 survey showed that “nearly 80% of founders reported building a community of users as important to their business, with 28% describing it as their moat and critical to their success.” I’d be willing to bet those numbers would be even higher today, with companies like Commsor and Common Room built to solely help businesses manage and grow their communities. Community is the new brand. Customers are increasingly turning directly to their peers rather than relying solely on familiar brands.  

I think this comes in a few different flavors for software, some examples that come to mind:

  • Roam: I use this product (and love it), but it’s been interesting to see other users making templates, extensions, youtube videos explaining how they use the app. Even though I’ve never never interacted with anyone that actually works at Roam, the community effectively doubles as an extension of the team. The power of this stems from the high-level of engagement that a tool like this has from its users.

  • Hugging Face: Similarly, open source projects can have contributions outside the employees of a commercial organization. This may come in the form of integrations, bug fixes, or just spreading the product through word-of-mouth. I think this works particularly well when you’ve got a broad surface area (like NLP) which users can collectively build for various use cases.

  • Salesforce: Worth highlighting because they’re a top-down company which is typically not what we think of when we think about community. Their Trailblazers community has rich content ranging from Q&A to events and so on. 

Platforms and App Stores

The term “platform” has lost some of its meaning being tossed around in conversation, but the definition I find helpful is from the Bill Gates line where “A platform is when the economic value of everybody that uses it, exceeds the value of the company that creates it.” Platform status is the holy grail for enterprise software and is often realized through an app store that connects third parties to new customers.  

One of the best examples is the Salesforce AppExchange, where users can purchase apps built on top of Salesforce2. The types of companies leveraging the AppExchange include large names across industries like nCino, UiPath, Netskope or Vlocity which Salesforce acquired for $1.3B last year. While Salesforce is largely considered a CRM company, their “Platform & other” revenue bucket is both their largest and fastest-growing

Another example is the Shopify app store, which helps customers find the long-tail of custom solutions they need to run their online store. Shopify focuses its product efforts on the most critical ecommerce tasks like payments and fulfillment. To fill in the gaps, their app store helps end users find solutions for everything from email marketing, inventory management, SEO, etc. Shopify’s platform succeeds because it sits at the center of a huge surface area in ecommerce. 

In both cases, these companies situated themselves in very large markets where they could entice developers to build atop their platform or sell through their app store. Salesforce and Shopify both drew lines in the sand around what their core competencies should be, leaving everything else to third party developers. 

Data Network Effects

Arguably, the most overhyped network effect is the data network effect. There’s a succinct summary of those issues here in a16z’s Empty Promise of Data Moats, but the summary is that data is often miscategorized as a network effect when it is more often just a scale advantage. Good examples are often found in cybersecurity because the nature of the underlying data needs to be constantly refreshed. Crowdstrike’s Threat Graph continually collects rich telemetry from its customers that it can analyze for the benefit of the entire network. Stripe’s Radar product does the same for fraud prevention. In both cases, each incremental customer provides additional data that improves the accuracy of the security products for all customers.

This is not an exhaustive list of the types of network effects, but the ones that I think are particularly relevant for software. NFX covers in great detail the 13 types of network effects for further reading.

3) Switching Costs

One of the most common moats that software companies build is a high switching cost (I’m looking at you, SAP). Switching costs stem from the friction needed to displace an existing solution because of how deeply embedded it is into a company’s workflow and operations. 

Ideally, businesses create high switching costs without compromising ease-of-adoption. So while SAP has high switching costs, it also requires heavy-handed implementation, which makes adoption more challenging. On the other hand, MongoDB has an efficient developer-led adoption, but high switching costs due to the challenges of migrating away from one data storage provider to another. 

Switching costs can come in a few different flavors, but ultimately it needs to be compared to the incremental value of a new tool. 

  • Cost of time: How long will it take to rip out my existing solution and implement a new solution? Returning to the SAP example, the level of custom, manual work that may be needed to move away from SAP to something comparable ends up on the order of many months.

  • Cost of business disruption: How many workflows and people are going to be disrupted as a result of switching providers? Salesforce, in addition to being a CRM, has integrations and automation products that tie it into more of the organization’s workflows.

  • Cost of learning: How long will it take users to learn and master a new tool? For example, Splunk has its “Search Processing Language” which they’ve developed specifically for Splunk. Over time, this becomes the standard and learning something new is an unwanted friction. Another one is Superhuman’s keyboard shortcuts which a user naturally learns. Leaving to use another service means losing that improved functionality or learning a new set of shortcuts.

4) Cornered Resource

A business that has some preferential access to a valuable and scarce resource can be a tremendous advantage for businesses. I didn’t think about this much until 2018 when San Francisco banned electric scooters like Bird and Lime in order to formally determine which limited scooter vendors they would allow in the city. They essentially created a scarce resource (via regulation) and a few companies disproportionately  benefited. 

It turns out there’s actually quite a few interesting examples here:

  • Talent: When companies build specialized technology, they often hire and retain specialized, unique talent. It’s not just that they are hiring smart people, but that these employees become domain experts on topics that are not easily found elsewhere. This excerpt on Snowflake really tells this story well: “Snowflake didn’t have 1000 coders or 1000 generalists. It had probably 5 of the world’s 20 database experts build it from scratch. That’s what makes Snowflake unique”. For any one company to steal that level of talent would be extremely challenging.

  • SEO: There are dozens of companies built on strong SEO like Nerdwallet for financial education or Yelp for restaurants. While these companies are subject to the opaque, dynamic rules set by Google, it seems that their early advantages in SEO have been preserved. Enterprise software companies will write blog posts like “What is Reverse ETL?” in hopes of dominating SEO for common queries among their customers.

  • Industry Standards: Certain professions or jobs to be done benefit from an industry standard. Not to be confused with brand, industry standards are when there is collective benefit to standardizing around one or two tools. The degree to which Autodesk has built this moat is actually incredible. From my own experience studying engineering, we were taught Autodesk Inventor as it was what future employers cared about (yes, I put it in the skills section of my resume). The same dynamic is true for many of their products, most notably Autodesk Revit, which controls half the market because it is the industry standard among architects. Standardizing around a tool makes it easier to train and teach new students as well as integrate with other related tools.

5) Process Power 

Process Power is the enduring operational excellence an organization builds over long periods of time. It is a source of defensibility because competitors would not be able to replicate it quickly. Typically, the more parts of the organization that need to be coordinated together in a specific way, the more potential for process power. 

The example Hamilton Helmer uses in 7 Powers to explain this concept is the Toyota Production System, the car manufacturer’s guide to operational excellence. The system pioneered many important industrial engineering principles, but was not documented until 1992, decades after it had been developed. Just as the Toyota Was not easily codified, it was not easily replicated either. The market leaders GM and Ford had already been mass producing far more cars than Toyota, so their adoption of Toyota’s best practices took years and years. 

I like the example Paul Enright uses here around Nokia’s decline from 60% market share to <5% in less than a decade at the hands of Apple (see this depressing chart). He explains the agreed-upon narrative was that Nokia would prevail because it had maneuvered hardware pivots before, but the smartphone was in part a software problem sold through hardware. Apple built and scaled this process power far more quickly than Nokia would ever be able to.

In the software world today, no one seems to talk about process power outside of hand-wavey commentary about company culture. I think it’s partially explained by the fact that many software companies looked the same for a while: developers build a product, then salespeople sell to leadership teams. This type of business was accompanied by a set of standardized metrics and processes, but that has began to change:

Today, we now have new GTMs, new types of monetization, and so on. Some of these playbooks are not as easy to replicate as they may seem as innovation is not just happening on product, but also at an organizational level.

  • Top-Down vs Bottoms-Up: Almost every traditional SaaS category is seeing a wave of product-led businesses focused on the end user. The best evidence that this is in fact a source of defensiblity might be that Okta is buying Auth0 for $6.5B which in my opinion was a purchase of process power around a developer-led motion. The startup was valued at $1.9B last year, so the premium Okta is paying here speaks to the potentially inflexibility of moving from top-down to bottoms-up.

  • Open Source Distribution: There’s lots of promising open source startups and unicorns, but Databricks is one of the very few at $10B+ with multiple open source projects. The business started around the project Apache Spark, but they have developed and commercialized more projects like Delta Lake, MLflow, Koalas, Delta Sharing, and Redash (via acquisition). To do this, they have to orient their entire go-to-market functions around it: 

    • community managers to support the open source users

    • sales teams to identify highly engaged teams 

    • professional services to help them see value

    • customer success to retain and expand the relationship

  • Distributed Teams: Looking to a post-pandemic world, I do wonder if something like distributed teams could manifest into a real advantage long-term. If you believe that 1) knowledge workers will prefer working remotely long-term and 2) it is challenging to move from in-person to distributed for large companies, then it could generate some process power in terms of ability to win talented labor maybe even at a discount. There’s a handful of companies that have a head start here like GitLab, Zapier, Invision, etc so it’ll be interesting to monitor. 

6) Scale Economies

Economies of Scale is a term that most have heard before in the context of traditional businesses. The general principle is that as you scale production of something, the incremental cost to do so decreases. It’s why there are very few companies that could try to compete with Amazon Web Services. Because of its online business, AWS had a head start with regards to scale and it invested early with acquisitions like Annapurna Labs to further that cost advantage

It’s a similar story with companies like Cloudflare and Agora which both have networks of data centers that drive their best-in-class performance in two very different markets. The scale of their physical infrastructure serves as a significant moat against smaller competitors. It’s the modern equivalent of laying down railroad tracks (upfront cost) to build a defensible transportation business. In these examples, economies of scale can look like one-time investments, but it is often just the cumulative effect of building product quarter after quarter. On a quarterly basis, large incumbent X may be able to allocate $1B into R&D while startup Y can only invest $1m. 

Scale can be the enabling factor for companies to expand their TAM. I’ve written about Twilio’s continued expansion beyond its original product-market fit in voice and SMS. They’ve expanded into other channels like email (via SendGrid) as well as adjacent markets like IoT (via ElectricImp) because their large customer base affords them the luxury of continued R&D. The same is true of Stripe, whose dominance in online payments enables them to build products in startup incorporation, climate, card issuing, etc. 

I think most people have an intuitive understanding of scale, but the one last point I’d hammer home here is the impact of zero marginal costs. Ben Thompson has written about this extensively, but the point is that the internet has made it such that distribution has become easier than ever before. The gravity of a business has shifted almost entirely to investing in R&D given the ease of scaling to meet demand. It is for this reason that we observe economies of scale at a magnitude never before seen.

7) Branding

Here’s another one that I think everyone probably understands already. It’s the real reason you think Grey Goose is cool even though you swear you can taste the difference. Brand has been less important in b2b than b2c, but that tide has been changing with the consumerization of enterprise.

In the world of top-down sales, a manager might evaluate tools that cost $100k+, so he/she would want a high degree of confidence on which vendor to choose. They may do a bakeoff with a few companies and do a few pilots to learn more. Contrast this to a solution for just one end user. It’s unrealistic to spend months evaluating tools for a $100 purchase, so brand may be a powerful substitute for time. Potential customers may defer to their peers and the market to inform their defaults. A few examples:

  • Stripe has a developer cult because of it’s thoughtful design, documentation, and content marketing. Patrick Collison still responds to developers on Twitter who are trying to get set up with Stripe. The company’s mission statement is the only one I actually remember (“to increase the GDP of the internet”) and these things paint a picture of what Stripe is beyond the product.

  • Twilio has similar characteristics to Stripe given their similar business models. Their sole focus on the developer is exemplified by their battle cry — “ask your developer”. Early on, they put it on a billboard and later the CEO wrote a book with the same title. Twilio’s brand is great, but it also helped that telecommunications companies that they indirectly competed with weren’t beloved brands at all.

  • Slack helped create the channel-based chat category, which gave them an innovative, tech-forward brand. I’m not sure that mattered to everyone given Microsoft’s success in the space, but I don’t know of a tech startup choosing Microsoft over Slack.

Companies should absolutely invest in brand, but it’s very fragile. It can erode far faster than it can be built. Brand is affected by everything related to a business from a bad celebrity endorsement to a cybersecurity attack


As software eats the world and investors continue to pour money into new startups, the importance of defensibility increases. There are no low-hanging fruit as competition becomes an inevitability in all markets. 

While this post focused on what those sources of defensibility are and what they look like, I am still refining my thinking on how to evaluate and measure these powers in companies beyond qualitative examples. To that extent, if you have any thoughts or recommended reading, feel free to shoot me a message. 




Great recap of 7 Powers from Flo


Salesforce’s AppExchange literally has its own mascot