This document provides an overview of managing security threats in software as a service (SaaS) and outlines essential best practices. It discusses a hypothetical case study of a company called EMR Another providing electronic medical records as a SaaS solution. The main challenge is securing highly sensitive patient data. Options for hosting the solution include managed hosting providers, cloud providers, or a hybrid approach. Development and operations must focus on data segmentation, security at all layers, and encryption of sensitive data. Security also requires attention to people, processes, access control, remote access, and more. The document aims to illustrate a holistic approach to security in SaaS.