Try bringing up the topic of “SaaS Security” with anyone on a security team at a large organization. Either you’ll hear, “Yeah, it’s great that security is handled for us by name large SaaS platform here” or you’ll hear a big sigh followed by “yeah I have to sort this situation out soon…”.
In either case, the lack of awareness that SaaS customers have when it comes to security obligations, and/or the procrastination to address these responsibilities should be a cause for concern.