SaaS security responsibilities: user access management, data classification, MFA enforcement, SSO integration, CASB for shadow IT/DLP, monitoring API access, and data export controls.
In SaaS, the vendor secures the application and infrastructure. You secure your data and user access. Enable SSO (easier MFA enforcement), CASB (DLP and shadow IT), and audit logs. Review third-party app OAuth permissions regularly.