Nonprofits at Work 2024: Mission-critical tech and security
Tech is mission critical
The pandemic was a major turning point in nonprofits’ use of technology. Remote work required organizations to quickly adopt new tools to sustain employee productivity at home and connect with those they support. In the field, services began to be delivered digitally or with more digital components — increasing ease of use and safer accessibility.
Tech is no longer just infrastructure or an overhead cost. It's non-negotiable and infused into program execution and outreach to communities. It’s essential to nonprofits’ success in achieving their missions, leading to increased gains in their overall impact according to the Salesforce Nonprofit Trends Report.
Okta’s just-released Businesses at Work 2024 Report calls out specific insights on the nonprofit sector. This summary of trends helps illuminate nonprofits’ use of tech and its benefits in productivity, automation, and security. Unless otherwise noted, all data stated in this article derives from the results of the Businesses at Work Report.
What nonprofit tech growth looks like
Overall, our data reveals that nonprofits are adopting and deploying technology and applications at higher than average rates compared to other industries. A few highlights:
- Many orgs focused on data compliance and identity workflow automation, but nonprofits prioritized design software and foundational security tactics like security training and endpoint management
- Nonprofit organizations, and many others, are doubling down on security by adopting higher assurance multi-factor authentication (MFA) factors, like biometrics.
Security is challenging — for everyone. On top of this, nonprofit organizations are often understaffed and may not have the funding to keep up with security standards and requirements. However, you’ll see in this report that nonprofits are making gains in security, particularly in adopting and deploying phishing-resistant MFA and strong use of security training tools.
Nonprofit growth by app category
Fastest growth overall: Design software. This year, nonprofits’ use of design software, like Adobe Creative Cloud and Canva, increased by 29%. Canva alone grew 90%. These tools enable nonprofits to quickly create their own graphics and tell their stories more visually, ultimately helping them better fundraise and make a greater impact.
Fastest growth by unique users: AWS. AWS offers nonprofits managed databases, analytics, and optimized program delivery through scalable websites and applications.
Middle of the pack: Developer tools. We know technology can have an impact on nonprofits achieving their missions. And now there’s a small but growing contingent of nonprofits building their own technology.
Lowest growth: Video conferencing. The lowest growth area for nonprofits was in the video conferencing category. However, growth in this area is still higher than most other industries in a post-pandemic world. Nonprofits see conferencing as an essential tool as they grow and work from many places.
Battle of the bundles
When it comes to working digitally, organizations have to start somewhere. And there’s no denying the value of email, cloud storage, and documents. Enter Google Workspace and Microsoft 365: Overall this year, Google Workspace grew 28%, and Microsoft 365 grew 20%.
The report states: “Productivity suites offer a wide range of apps, broad compatibility, and solid, dependable functionality. But for many enterprises, that’s not enough to base a business on. And when these companies need more — more functionality, more specialized tools — they turn to more specialized apps that can augment their basic software suites. Our data shows companies continue to deploy best-of-breed apps (apps that dominate their categories for a particular standalone functionality) to expand the capabilities of their productivity suites.”
This applies to nonprofit organizations as well. Many nonprofits want more than a bundle to support their unique ways of working and see the value in leveraging best-of-breed apps. But, growth in best-of-breed app deployment that peaked during the pandemic years has slowed down slightly, except for Google Workspace and Zoom.
See below for Office 365 users that also have other best-of-breed apps.
Automation for increased productivity
While nonprofits weren't the fastest-growing industry to use Okta's workflows for automating IT tasks, they still grew significantly: ”Nonprofits, ranking in the middle of the pack by the number of accounts deploying Workflows, grew an impressive 71% year-over-year (YoY)”, up from 21% growth last year. Workflows is Okta's no-code scripting framework for automating IT processes between Okta and external systems. When a record gets added to a volunteer spreadsheet, Workflows adds the user to the org's volunteer app in Okta to log their activity, or vice versa. When a user gets added to an app group, Workflows can add a row to a volunteer spreadsheet, post a message in Slack or Teams, or send an email to welcome the volunteer. So, perhaps this growth is not a surprise in a year when AI was everywhere. We see this as an important area of growth for nonprofits that often lack IT personnel resources and need simple and approachable ways to get work done.
Security trends
Nonprofits are the second-most-attacked sector, second only to government. And we understand 65% of humanitarian organizations aren't confident in their cybersecurity capabilities.
Further, social engineering attacks plague all industries. However, nonprofits are responding accordingly. They’ve significantly grown their use in security training tools, while VPN/firewall security and endpoint management remain top security priorities.
Note: Okta’s products not included in this analysis
Authentication
Additionally, 74% of Okta’s nonprofit customers have adopted MFA. Furthermore, they're deploying strong factors for authentication, like biometrics. Nonprofit deployment of biometric factors grew 35% YoY, second to government, and up from 22% growth last year. This is important because nonprofits are prioritizing phishing-resistant factors. Phishing-resistant authentication detects and prevents the disclosure of sensitive authentication data to fake applications or websites. WebAuthn (FIDO 2) and Okta FastPass (a verification option in Okta Verify) are phishing-resistant authenticators that prevent email, SMS, and social media phishing attacks intended to gain unauthorized access to systems.
It appears that nonprofits are taking a realistic approach to balancing security and usability and perhaps accounting for change management: They have grown in all groups of authentication factors, more so than many industries. This is often a useful approach to mitigate resistance to change and a balanced way to introduce new security protocols within their organizations.
Note: Empty cells indicate insufficient data to determine YoY growth. Note: This data is limited to Workforce Identity Cloud customers.
What about passwords? Only a small contingent of nonprofits are moving away from them. Nonprofits grew 22% in their deployment of passwordless authentication, lagging behind all industries. Also at the bottom of the pack was government.
Device trust
We know nonprofits are working hard to secure their organizations, and they often have to do this with limited personnel and financial resources. They can’t do it all at once! However, one area we encourage nonprofits to keep an eye on is device trust. Put simply, device trust helps prevent unmanaged devices from partners or end users from accessing sensitive resources like personally identifiable information (PII).
As traditional network perimeters disappear, your end users typically need to access applications from anywhere across a broad set of clients, platforms, and browsers. As an integral part of Okta's Zero Trust security offerings, Okta Device Trust ensures that your end users are accessing applications from a device that you know is trusted.
From the report: “As enterprises scale and automate, they develop policies to help them grow effectively while minimizing risk. Broadly speaking, these policies can be put in three buckets: Risk policies that focus on the network, behavior policies that focus on the user, and device trust policies. Device policies help ensure that devices being used for authentications aren't introducing any additional risk. “
This is an area of security where nonprofits grew a small amount and lagged behind all other industries.
While many industries focused on device trust over risk or behavior policies, and device trust grew notably across all industries, nonprofits strayed from this trend, leaning into network and user behavior policies.
Final insights
Diving into nonprofit app usage, we gained some interesting insights into how nonprofits work.
In particular, given the staggering statistics around nonprofit security, it is positive to see the high adoption rate of phishing-resistant and biometric MFA factors, as well as growth in other security tools that protect against phishing attacks. We applaud nonprofits for taking a strong focus on this, and it couldn’t have happened without the dedicated work of our many ecosystem partners in the space providing security resources for nonprofits.
See below for tools and resources from our partner organizations on improving cybersecurity.
NetHope Center for the Digital Nonprofit
Tech Impact Cybersecurity Resources
We’re proud to offer discounted pricing to help nonprofits manage their organizations’ complex Identity needs and to amplify the impact of their important work. Contact Okta for Good sales here to learn how Okta can help your organization with identity management.
