Security audit of a Software as a Service (SaaS) application through an external penetration test of the provider’s public IP addresses, a firewall review, and a review of the RDP access to the application