IaaS includes services such as Rackspace and Amazon EC2. In contrast to SaaS, enterprise IT has complete ownership of what applications are deployed in an IaaS environment, and a good degree of flexibility for securing them at the edge of the cloud. You should start with a micro-perimeter that can be deployed in the cloud and spun up and down elastically, and protect REST/JSON-style APIs.
For IaaS environments accessed exclusively via VPN, you can treat cloud applications like on-premise applications. But instead of deploying an agent as the policy enforcement point (PEP) for each application, use a more scalable and secure API gateway as a proxy-based PEP. If your applications need to be accessible to third parties, consider using a federation model instead of requiring VPN access.
For data security, on-premise DLP technology can work equally well for IaaS applications if it is made available as a standardized service that can be automatically provisioned.
Learn more here.