SaaS apps expose users to significant security risks if they are not well defended. Between the shared security model, the broad potential for misconfiguration and poor access controls, among many other risk factors, SaaS needs strong countermeasures to stay secure. The foundational CIA Triad (Confidentiality, Integrity, and Availability) and MITRE ATT&CK Model of attacker behavior provide useful reference points for assessing the nature of the problem and exploring potential solutions.
