“…In this case, the SaaS application must be capable of incorporating extra services via external SaaS providers (Aulkemeier et al, 2016;Sun et al, 2007;Almorsy, Grundy & Ibrahim, 2012;Scheibler, Mietzner & Leymann, 2008). Most SaaS service customers assume that the SaaS application will merge easily with their in-house systems (Mรผller et al, 2009;Aulkemeier et al, 2016;Sun et al, 2007;Scheibler, Mietzner & Leymann, 2008;Zhang, Liu & Meng, 2009). However, this integration must consider nonfunctional elements, such as security controls, which should be accommodated by the applications architecture (Sun et al, 2007;Almorsy, Grundy & Ibrahim, 2012), at both design time and runtime (Aulkemeier et al, 2016;.…”