Businesses @ Work: The Secret Is Out, Security Is In

Today marks the release of our fourth annual Businesses @ Work Report, which takes an in-depth look at the apps and services employees, partners, contractors and customers in the Okta network use to be productive. This year, one thing is for sure: companies aren’t just adopting the best technologies, they’re securing them.

It should come as no surprise that security was a top priority for businesses in 2017. After witnessing major organizations like Equifax, Uber and Yahoo! suffer serious data breaches, businesses upped the ante when it came to protecting their own employees and their data. Our findings show that organizations invested heavily in companies that have security tools or security use-cases like Jamf, KnowBe4, DigiCert, Cisco Umbrella, Mimecast, Sophos, and CloudFlare, all of which ranked in the top 15 fastest growing apps.

But given the ever-increasing number of cyber attacks, there’s still room for businesses to bolster their first line of defense by rethinking traditional password and multi-factor authentication policies. If security is the Achilles’ heel of modern enterprise, then businesses must put in the herculean effort to protect themselves.

It’s not just security that’s top of mind for businesses. They’re also embracing new digital technologies to both help their employees work more effectively and deliver exceptional customer experiences. The proof is in the data — this year’s report shows that organizations of all sizes, in every industry, across all regions, are investing in more technology than ever before, with the median number of apps per customer growing 24% from 2015 to 2017. While the tech and media/entertainment industries still lead the pack with the highest median number of apps, healthcare and finance – two traditionally highly-regulated industries – have played catch up this year with 36% and 33% growth respectively. What’s more, our data shows that every enterprise (even those in the same industry) is truly unique when it comes to the apps they are choosing. Tech companies, for example, use 1,910 distinct apps. Business and consulting services follow closely with 1,611 distinct apps, and finance companies use 1,545.

The way we see it: that’s great for business, the economy and (dare I say it) the world. By embracing new technologies, we can work better and more securely than ever before.

Other key findings from the report include:

What it means to be the “popular” app. This year, we redefined what it means to be the most popular app by examining not only which apps are used by the most organizations, but which apps have the highest number of monthly active users. Office 365 tops the list for most deployed app for the third consecutive year. It also has the highest number of monthly active users, with impressive user growth of 92% in the past year. That said, the email race is never over. Our data shows that Google has been adding G Suite customers faster than Microsoft has been adding Office 365 customers over the past three, six and 12 months. Also noteworthy, wall-to-wall business apps like Workday and ServiceNow are much more “popular” based on number of monthly active users (2nd and 3rd most popular apps, respectively) than they are based on the number of customers using these apps.

Most Popular Apps Number of Customers

Most Popular Apps Unique Users

Competition among collaboration tools: Collaboration tools are essential for businesses, and this year we see two of Slack’s competitors on the fastest growing apps list. Cisco Spark is the second fastest growing app in Okta’s network with 377% growth in the past twelve months, and Workplace by Facebook is the fifth fastest growing app, with 163% growth in the same time period. Meanwhile Slack has graduated from the fastest growing apps chart (congrats Slack!) and is now to 7th most popular app overall, based on number of customers.

A glimpse at the modern employee. This year, we explored what else modern workers care about when it comes to the technology they use at work, looking at how they consume the news, book travel, bank online — and continue their educations. As it turns out, today’s business travelers prefer using Southwest and United Airlines, which are the top two travel apps in our network. They turn to CNN and The Wall Street Journal for their news, and PayPal for banking. Their preferred online learning tools are, Coursera and Pluralsight.

Developer tools are a priority. With more businesses moving to the cloud and pursuing everyone’s favorite buzzword, “a digital transformation,” supporting developers is absolutely critical. Our customers have taken note, with 47% using at least one developer tool today. 48% of these developer savvy customers use JIRA. We’re also seeing the pace of adoption of developer apps vary across industries. While companies in technology and media & entertainment are currently leading industries in their usage of developer tools, consulting & business services and retail companies are catching up!

Identity threats originate worldwide. It’s well known that 81% of hacking related breaches are caused by compromised credentials – but what else do we know about attacks against identities? We took a look at the identity threat landscape and found that while we may see China in the news for hacking, the real threats are coming from, well... everywhere. We may not hear about them because more than 50% of global attacks we analyzed do not have prior intel from the open source community. And of those attacks with no prior intel, 36% are coming from Europe – of these, 19% are coming from France, 12% from the Netherlands, 11% from Russia, and 10% from Germany. But the real non starter for most businesses? The 23% of attacks coming from Tor exit nodes (more commonly described as the dark web). Unless you have a reason to interact with Tor, we’d suggest just blocking those IPs.

business at work global threat landscape

Beyond the 8 character minimum. Threats are coming from everywhere: how well are you protecting against them? We took a look at the average Okta password policy (as passwords are rightly encrypted in Okta so we can’t see them) to see first what companies are doing to protect against identity focused attacks, like brute forcing (trying a bunch of passwords against one account), password spraying (trying a small number of general passwords like ‘password123’ against a bunch of accounts) and phishing (tricking you into giving up your credentials) to see how they’d fare. We compared this analysis to a list of publicly-exposed passwords and discovered that (surprise, surprise) the average person isn’t making good choices about their passwords. But the good news is that companies of any size can mitigate many password-based attacks by enforcing longer credential length – and by adding MFA.

Is multi-factor authentication as easy as 1-2-3? Again, passwords are an important piece of the security puzzle, but businesses should implement a second (or third or fourth…) factor to ensure the best protection. The good news is that MFA adoption continues to grow among Okta customers, and nearly 70% of customers offer three or more factor options to their users today (compared to 62% last year). Even so, our data reveals that customers continue to use less trusted factors of authentication such as SMS and security question. As with passwords, strong MFA factors and policies are crucial to improving overall security posture and protecting businesses’ well-being in the long run.

The times they are a changing, and that’s a good thing. You can find additional findings in the full report here and video below.