Many b2b software applications these days are "cloud based" or at least have "cloud based" offerings. Some companies worry about the security implications but are swayed by the conveniance of one-click setups; however, adopting "cloud based" requires significant internal infrastructure changes, all of which have major security implications. You are giving up a significant amount of control.

The first major internal configuration change is allowing external applications to access single sign on (usually Active Directory). When you do this you are allowing cloud based applications to use your internal passwords. Many people fail to realize that even though the passwords are managed internally and certain protections with active directory are put in place that your passwords still flow into these web based applications. Therefore someone else can see all the passwords of your internal users. Not only does someone else have your data but they can see your passwords too!

You may hear "passwords are encrypted" but most web applications do not have single sign on support and will decrypt them on the web server. In some cases they will be sent over an internal network in cleartext (and you have no way of knowing because none of this information is on YOUR computers and/or servers).