Bigger screens and easier typing means IT must expect mobile devices to become input units for SaaS. Before approving this practice, ensure that devices don't cache login and password information, in case they're lost or stolen.
Use SSL, server authentication, and data encryption. Each employee with SaaS access should have a unique user name and password that must be entered each time he logs in.
From a management perspective, mobile SaaS is trickier than desktop SaaS. Hundreds of new devices are released each year, and smartphones and tablets respond in unpredictable ways to applications. There is an almost infinite number of combinations of mobile operating systems, browsers, and screen resolutions. Even simple updates to mobile operating systems will cause quirks in display behavior.
The proliferation of devices also makes it difficult to maintain a supported list of apps. The only rational path for now is for IT to issue a standard list of devices on which the SaaS application will be supported, and to test rigorously.