Software-as-a-Service Security Challenges and Best Practices: A Multivocal Literature Review

Mamoona Humayun*, Mahmood Niazi, Maram Fahhad Almufareh, N. Z. Jhanjhi, Sajjad Mahmood, Mohammad Alshayeb

*Corresponding author for this work

Research output: Contribution to journalReview articlepeer-review

1 Scopus citations


Cloud computing (CC) is the delivery of computing services on demand and is charged using a “pay per you use” policy. Of the multiple services offered by CC, SaaS is the most popular and widely adapted service platform and is used by billions of organizations due to its wide range of benefits. However, security is a key challenge and obstacle in cloud adoption and therefore needs to be addressed. Researchers and practitioners (R&P) have discussed various security challenges for SaaS along with possible solutions. However, no research study exists that systematically accumulates and analyzes the security challenges and solutions. To fill this gap and provide the state-of-the-art (SOTA) picture of SaaS security, this study provides a comprehensive multivocal literature review (MVLR), including SaaS security issues/challenges and best practices for mitigating these security issues. We identified SaaS security issues/challenges and best practices from the formal literature (FL) as well as the grey literature (GL) to evaluate whether R&P is on the same page or if controversies exist. A total of 93 primary studies were identified, of which 58 are from the FL and 35 belong to the GL. The studies are from the last ten years, from 2010 to 2021. The selected studies were evaluated and analyzed to identify the key security issues faced by SaaS computing and to be aware of the best practices suggested by R&P to improve SaaS security. This MVLR will assist SaaS users to identify the many areas in which additional research and development in SaaS security is required. According to our study findings, data breaches/leakage, identity and access management, governance and regulatory compliance/SLA compliance, and malicious insiders are the key security challenges with the maximum frequency of occurrence in both FL and GL. On the other hand, R&P agree that up-to-date security controls/standards, the use of strong encryption techniques, regulatory compliance/SLA compliance, and multifactor authentication are the most important solutions.

Original languageEnglish
Article number3953
JournalApplied Sciences (Switzerland)
Issue number8
StatePublished - 1 Apr 2022

Bibliographical note

Funding Information:
Funding: The authors would like to acknowledge the support provided by the Deanship of Research Oversight and coordination at King Fahd University of Petroleum and Minerals, Saudi Arabia, under Research Grant DF191039.

Publisher Copyright:
© 2022 by the authors. Licensee MDPI, Basel, Switzerland.


  • cloud computing
  • multi-vocal literature review (MVLR)
  • security
  • software-as-a-service (SaaS)

ASJC Scopus subject areas

  • Materials Science (all)
  • Instrumentation
  • Engineering (all)
  • Process Chemistry and Technology
  • Computer Science Applications
  • Fluid Flow and Transfer Processes


Dive into the research topics of 'Software-as-a-Service Security Challenges and Best Practices: A Multivocal Literature Review'. Together they form a unique fingerprint.

Cite this