Software-as-a-service (SaaS) applications are a growing attack surface for hackers. Without the right tools, though, they can be hard to defend. This paper offers five steps to reducing SaaS risks, including tightly managing inventories and identities, tracking SaaS activities, tracing the location and status of SaaS data, controlling SaaS apps and their configurations, and quickly remediating SaaS security problems after they are detected.