IDC believes that in the 3rd Platform era, the best approach to protecting email services like Office 365, which reside in the cloud, is one that synergistically ties together the embedded security mechanisms offered by the email service provider with adjacent security technologies and strong processes and policies managed by the business owner of the data. This Technology Spotlight examines the security risks of software as a service (SaaS) in the era of expanding cloud use. The paper also looks at the growing security capabilities of SaaS applications and the efforts by Microsoft to better secure its SaaS offerings through partnerships with third-party cloud and security solution providers.