The world has changed
The COVID-19 pandemic has created unprecedented challenges for organizations around the world. With millions of people suddenly working from home for the first time, companies need ways to ensure productivity, connectivity, and security—quickly.
The healthcare industry is at the forefront of the pandemic, with its own unique set of circumstances and concerns. Even while many healthcare workers and administrators are being rushed to the front lines, others have had to learn to work from home, separated from their patients for the first time.
Healthcare providers face new challenges on two fronts. Urgent ramp-ups of doctors and nurses has necessitated rapid provisioning and access for both on-prem electronic medical record healthcare systems and telemedicine apps. The shift to telemedicine and remote work requires secure remote access for clinicians. As patients adapt to distanced modes of care, the industry has also had to quickly enable virtual patient experiences by deploying patient and provider apps.
This mid-year update to Businesses @ Work looks at the data from the Okta Integration Network (OIN) to understand how organizations are employing new apps and increasing adoption of existing technology to improve productivity and secure their remote workforce during this unique crisis. Our network now includes nearly 8,000 customers and over 6,500 integrations with cloud, mobile and web apps, and IT infrastructure providers. This version of the report has been customized specifically for the healthcare industry, which includes healthcare providers and pharmaceutical companies.
Remote work requires more apps and tools
Each month we see an overall uptick in the number of apps deployed as companies adopt more tools to get work done. Other than a typical dip in December around the holidays, our total number of unique users tends to uptick steadily as well. Between this February and March, that uptick grew substantially as more users adopted new functionality. We see growth in two major areas across our network: collaboration tools, especially video conferencing apps, and network security tools such as VPNs that extend secure access to remote workers.
Our fastest growing apps were determined by the percentage increase in the number of unique users who logged in at least once during a 30-day period ending March 31 compared to a 30-day period ending February 29. Note that our data looks primarily at workforce usage.
Video conferencing has suddenly become pervasive in our lives: not only do home-based workforces need it to be productive, but families are using video conferencing to stay in touch, friends are scheduling get-togethers, and both educational and extra-curricular classes are moving online. So it will probably come as no surprise that three of our top seven fastest growing apps are video conferencing tools. Zoom was the fastest growing app in the OIN with an amazing 110% growth in unique workforce users in March over February, 2020. (For comparison, Zoom grew only 6% during that same time period in 2019.) RingCentral ranks at #6 with 39% growth, and Cisco Webex takes #7 with 37% growth in that same month-over-month period.
Network security and performance tools share the spotlight. Palo Alto Networks GlobalProtect showed 94% growth in March over February, compared to 20% for that same period in 2019. Cisco AnyConnect was close behind with 86% growth. These VPN tools provide security and ensure business continuity as organizations move workforces to the cloud at scale. Citrix ADC, which accelerates application performance and secures apps from attacks, had 56% month-over-month growth in that same period.
Proofpoint Security Awareness Training was the fifth fastest growing app, with 40% growth in March over February, indicating that companies aren’t just scrambling to get everyone up and running remotely—they are taking the extra step to protect the organizations’ notoriously weakest link, human error. Proofpoint also appeared at #10 with 22% growth, representing the increased usage of their Proofpoint Protection Server, Proofpoint Secure Share, and ProofPoint Threat Insight Dashboard products.
An unexpected transition to working from home often requires a new set of problem-solving skills. Many users are turning to Freshservice for their cloud-based IT service desk solution: between February and March of 2020, the number of unique users grew 25%. And LinkedIn Learning experienced 23% month-over-month growth, showing us that users are expanding their skill sets and possibly using this time to invest in themselves.
Fastest Growing Apps by Unique Users
Palo Alto Networks GlobalProtect: 52%
Citrix ADC: 49%
Cisco Webex: 46%
Between February and March, the number of unique users who logged on to Zoom grew more than any other app. Healthcare workers also increased their use of Webex for video collaboration.
As healthcare institutions brought on new staff while others began to work remotely, the workforce increased their use of network security and performance tools, including GlobalProtect and
In the move to the cloud, many healthcare workers have turned to ServiceNow for help with digital workflows.
We took a closer look at our fastest growing apps and tools to see how the percentage growth of unique users changed day by day from late February through March, looking for a correlation between the growing impact of the pandemic and users’ behavior. We used a 28-day comparison to ensure weekdays are always compared to weekdays.
Looking at typical weekday login cycles across all industries, we estimate that Friday, March 6, 2020 was the last day of “normal” app usage, before user activity was affected by the pandemic. Across our network, looking at all industries, we see an upward trend beginning on Monday, March 9, 2020 for many apps, including the three featured above.
In the healthcare sector, Zoom had the biggest peaks in increases in unique users when compared to 28 days prior. On March 23 Zoom had 211% growth, and the following day, Zoom reached a peak of 218% growth. Webex had a peak of 122% growth on both March 18 and 25. GlobalProtect reached a peak of 108% growth on March 31.
Many factors have impacted the number of logins during this period of time, but we noticed that specific moments in time, such as government-issued social distancing directives, correlated to jumps in usage. By Monday, March 16, many European countries had announced lockdowns; we saw a sharp increase in unique user logins across our network compared to the previous Monday. On Friday, March 20, California began a shelter-in-place directive, and New York asked non-essential businesses to close. The UK announced lockdowns on Monday, March 23, and the following day, Zoom reached its peak increase in unique users.
After seeing the significant change in the percentage of unique users accessing these apps each day, we were interested in “double clicking” on the number of daily logins for the three top apps: Zoom, GlobalProtect, and Webex. We compared the data from January 13 through March 31, 2020, against the same period in 2019. All three apps had similar trend lines, with steep growth after March 13, 2020.
Zoom had already surpassed Cisco Webex to become the top video conferencing tool in our overall network by 2018, and the app showed a meteoric rise in our 2020 Businesses @ Work report. Zoom has become a go-to tool not just for healthcare workforces, but as a way to maintain relationships and commitments outside of work as well.
As healthcare organizations plan to enable large numbers of employees to work remotely with uninterrupted access and a seamless user experience, rapidly scaling secure remote access capacity is key. GlobalProtect extends network security to endpoints to protect an organization’s mobile workforce, regardless of location.
The healthcare industry has shown it values multiple video collaboration tools. When the workforce is required to work remotely, Webex helps users connect, communicate, and collaborate.
Security: now more than ever
Attackers are trying to take advantage of the chaos around the COVID-19 pandemic by launching a flood of phishing and identity attacks. Barracuda researchers have observed a 667% increase in spear-phishing attacks since the end of February, 2020. Even the FBI has issued a warning about an increase in fraud schemes due to the pandemic. Next Caller reports that about 32% of 1,000 surveyed Americans believe they've already been targeted by fraud or scams related to COVID-19, and the company predicts “a second wave of fraud will leverage broadscale confusion and the sheer volume of activity...to prey on desperate individuals and overwhelmed businesses.” Add in a nation waiting for stimulus checks, and opportunities abound for deception. With the traditional perimeter gone, healthcare providers need to protect their workers and patients more than ever.
Evolving attacks leverage fears and changes in behavior
Proofpoint, an Okta partner, has observed the rapid rise of COVID-19 lures. Threat actors are actively using COVID-19 social engineering themes to try to take advantage of remote workers, health concerns, stimulus payments, trusted brands, and more. As the pandemic has occurred over a number of weeks, and remains an area of concern worldwide, the overall collective volume of lures only continues to increase.
This winter, attackers have shifted very quickly from holiday-based lures to COVID-19 lures. Attacks come in many forms. For example, in a business email compromise, the sender may request “urgent” help under the guise that the sender’s town is locked down. Attachment threat emails may look like an internal office email with instructions to download an attachment about how to stay safe from the disease. URL-based threats also may look like an internal office email requesting employees fill out a survey about disease awareness, or register for a “mandatory” seminar. COVID-19 was used in conjunction with well-known brands and entities such as financial institutions and technology companies, as well as more specific brands such as the World Health Organization (WHO).
As we have seen in data from the OIN, video conferencing adoption as a whole has increased considerably, so it’s no surprise attackers are trying to leverage these top apps. Since March 27, 2020, Proofpoint researchers have observed an increase in video conferencing company-themed attacks seeking to steal credentials and distribute malware. These attacks do not leverage or attack video conferencing software directly: threat actors are using the names and brands of these video conferencing companies as themes in their social engineering lures, which lead to the theft of various account credentials, malware distribution, or credential harvesting for these spoofed video conferencing accounts.
While all industries have been targeted, Proofpoint has seen specific targeting of healthcare, education, manufacturing, media, advertising, and hospitality organizations in certain attack campaigns.
Users ramp up Multi-Factor Authentication for protection
As more and more healthcare professionals work remotely, healthcare providers are using Multi-Factor Authentication (MFA) to ensure their workforce has secure access to critical data. In the past month, we've seen especially large upticks in certain factors network wide. In the healthcare industry, Google Authenticator, Okta Verify (including Okta Verify with Push notifications), and YubiKey have shown the most growth in the percentage of unique users per day over 28 days prior. On March 24, YubiKey had a peak day of 115% growth. Duo, SMS, and Voice factors grew as well. Our customers are reacting quickly and implementing factors that are easiest to deploy—”some MFA is better than none.” Our annual Businesses @ Work data tells us that many customers, especially newer customers, will migrate to using fewer but stronger factors.
Now, and looking forward
Our healthcare-centric customers around the world have reacted to the pandemic quickly and astoundingly. In addition to racing to save lives, they have rolled out remote communication apps, extending VPNs, and added MFA to ensure the productivity, connectivity, and security of their workforces. This first phase of evolution enables remote work so healthcare professionals and their patients can thrive.
Once the dust settles, we believe healthcare providers will be ready to face a second phase of evolution, adding apps and tools that will not just enable remote productivity, but enhance what will likely become a “new normal” of dynamic healthcare work.
To create our Businesses @ Work reports, we anonymize Okta customer data from our network of thousands of companies, applications, and IT infrastructure integrations, and millions of daily authentications and verifications from countries around the world. Our customers and their employees, contractors, partners, and customers use Okta to log in to devices, apps and services, and leverage security features to protect their sensitive data. Our customers span every major industry and vary in size, from small businesses to enterprises with hundreds of thousands of employees or millions of customers. As you read this report, keep in mind that this data is representative of Okta's customers, the applications we connect to through the Okta Integration Network, and the ways in which users access these tools through our service.
We have worked carefully to standardize our data. Unless otherwise noted, this report presents and analyzes data from January 13, 2020, to March 31, 2020. When looking at daily trends, we look at data from week days, excluding weekends.
This report looks at apps deployed for corporate and personal use. Unless otherwise specified, the data included in this report is limited to Okta customers that have deployed at least one app through the Okta Integration Network.