SaaS has fundamentally changed security requirements. We used to just go into work, and everything—corporate applications, sensitive customer data, employee health records, etc.—was within the “safe” four walls of the corporate network behind a firewall. Now employees work remotely and use mobile devices, including unmanaged, personal devices. They access SaaS apps that live in the cloud without any sort of firewall that IT can use to monitor and manage access.
Prominent examples include Salesforce.com, Google Apps, Office 365, Box, and many others. As employees use these SaaS apps, they are creating proprietary company data, often confidential in nature, that exists outside the control of IT, creating new challenges for security teams. In this new world, IT needs to track sensitive corporate data in third-party SaaS apps, and ensure that only the right people have the right level of access to it.