SaaS applications such as Salesforce, Microsoft365, Workday, Service Now, Box and Slack support the vital activities of every line of business within the organization. Their ubiquity and convenience make these applications almost invisible to those who rely on them and they are used almost without thought. This transparency creates a paradox, however. By almost any objective criteria – sensitivity of data, importance to business operations, need for data integrity, etc. – these applications and the data they contain are part of the critical IT infrastructure stack. However, compared to both on prem installations, and IaaS, SaaS typically receives significantly less attention from security organizations.