The proliferation of software-as-a-service (SaaS) applications within organizations is a major security concern. When left unmanaged, both sanctioned and shadow SaaS applications can expose sensitive data because of lack of visibility and the design complexity of SaaS app security policies. This report highlights best practices that security and risk (S&R) professionals should follow when securing SaaS applications.