Businesses at Work

powered by Okta

Welcome to the seventh Businesses at Work report, an in-depth look into how organisations and people work today — exploring workforces and customers, and the applications and services they use to be productive.

Okta Customer Identity.

This year, as the pandemic became a global concern, our worlds were flooded with change. We turned to technology to stay afloat. Families scrambled to get equipped, companies rushed to support their remote workforces, and organisations quickly developed new online experiences for customers. And as the pandemic accelerated, tech solutions once preferred only by “early adopters” became survival tools for companies across all industries, and the population as a whole.

It’s from this unprecedented lens that we view the data from Okta’s more than 9,400 customers and the Okta Integration Network (OIN), which includes over 6,500 integrations with cloud, mobile and web apps, as well as IT infrastructure providers.

A shakeup in our top apps underscores the new necessities of remote work: collaboration, security, employee engagement... and a well-equipped home office. This year we welcome Amazon Business, along with hot collaboration tools such as Miro, Figma, and monday.com, to our fastest growing apps. We also see that organisations are moving quickly to protect remote workers with next-gen security tools, such as Fortinet FortiGate and Palo Alto Networks GlobalProtect. And HR teams are increasingly investing in employee engagement tools such as Culture Amp and Lattice to supplement their existing resources.

Summary of key findings

Looking at the most popular apps and services by number of customers, Amazon Web Services (AWS) has jumped up to claim the #2 spot, and tools enabling collaboration, including Zoom and DocuSign, have made large gains. We extend a warm welcome to two security-focused apps, KnowBe4 and Palo Alto Networks GlobalProtect, that, for the first time, have earned spots in the top 15 most popular apps.

App use varies by region: for example, AWS and the Atlassian Product Suite rank higher in Europe, the Middle East, and Africa (EMEA) and Asia Pacific (APAC) than in North America.

And while the number of monthly unique users stalled for most apps in the first months of the pandemic, Zoom and Palo Alto Networks GlobalProtect thrived.

See more data

We look at the platform effect, how certain apps which become an integral part of a company's operating technology tend to have longterm staying power. Since our first report in 2015, Microsoft 365, Salesforce, and Google Workspace (formerly G Suite) have held three of our top four spots. Network effects amplify the stickiness of these platforms.

See more data

For the first time in the history of our report, 90% of our fastest growing apps are brand new to the top 10. Companies needed to enable remote work, which meant supporting at-home workspaces and virtual collaboration, and these apps helped them do it. Amazon Business, which enables organisations to quickly access and purchase from an online store, takes top billing with an impressive 341% year-over-year growth, followed by collaboration tools Miro, Figma, and monday.com.

Also for the first time, security tools claim four top spots in the fastest growing category, and an HR-centric tool appears for the first time since 2016. Another first since 2016? Zoom is not a global fastest growing app. But it’s the #1 fastest growing app in EMEA. AWS is the fastest growing app in APAC.

What’s hot? Looking at products from companies that had an initial public offering (IPO) or direct public offering (DPO) in the past year, we see Jamf Pro, Asana, and Snowflake claim the largest numbers of customers, while Sprout Social has seen the largest percentage growth post-IPO.

See more data

With an average of 88 apps per customer, we see some interesting breakdowns:

  • Larger customers deploy an average of 175 apps, and smaller companies average 73
  • Tech companies deploy the most apps with an average of 155 (no surprise there)
  • Over the past four years, the government sector has seen the largest increase in average app deployment, at 140%, including a 43% jump in the past year alone

Okta’s customers that use Microsoft 365 (referred to in this report as Okta’s Microsoft 365 customers) continue to invest in top functionality apps. Over the past five years, the number of these customers simultaneously deploying best-of-breed apps has increased by seven percentage points. Of Okta’s Microsoft 365 customers, nearly 10% deploy six or more best-of-breed apps. And while Microsoft Teams and OneDrive come standard with the Microsoft 365 Business Basic subscription, Okta’s Microsoft 365 customers invest in best-of-breed apps as well.

  • 42% also deploy Zoom
  • 32% also deploy Slack
  • 26% also deploy Box

Meanwhile, these customers also double-bundle: over 36% of Okta’s Microsoft 365 customers now deploy Google Workspace as well.

See more data

This year we are proud to collaborate with Segment, the market-leading customer data platform (CDP) recently acquired by Twilio, to provide a more in-depth look at the customer journey. We get a look at where businesses are collecting and gathering data to drive customer engagement: spoiler alert, JavaScript was the most popular data source. Looking at Segment’s data, we see that company size affects the number of apps receiving customer data across the organisation: the average number of destinations used by larger customers stands at 14, while SMBs use a more modest nine. Diving deeper into the types of apps being adopted on Segment’s platform, we get an in-depth view of how the SaaS market is evolving. Analytics apps remain the #1 category on the Segment platform, while digital advertising rose to #2.

Okta data shows us that regardless of size, companies are building customer-facing apps at roughly the same pace, at a median of four apps. And developers’ most popular SDK tool is JavaScript, used by 63% of customers using an SDK tool, a significant jump from 24% last year. Developers need a deep toolbox to build the hottest apps. The Atlassian Product Suite tops our developer tools, and we welcome Sentry and Atlassian Opsgenie as well.

As our Customer Identity and Access Management (CIAM) customers continue to add security protections for their end users, easy-to-deploy SMS is the most popular choice, growing eight percentage points in the past two years. Over the past two years, stronger factor Okta Verify (including Okta Verify with Push Notifications), has increased by 15 percentage points.

See more data

Our remote work stack features the top tools our customers overwhelmingly choose for specific needs, such as Smartsheet for project management, Lucidchart for wireframing, and Miro for whiteboarding. Dialing in to video conferencing, top tool Zoom grew over 45% between March and October. And in HR, we see employee engagement tools have made especially large gains: Culture Amp grew 75% in the past year, and Lattice joined the top HR tools for the first time.

Since the pandemic began and companies needed to protect remote workforces, Palo Alto Networks GlobalProtect has been one of our fastest growing security tools, with 50% growth since the end of February. Looking at people-centric tools, security awareness training tool KnowBe4 has grown 46% since the start of 2020. One app was an exception: Airbnb saw nearly 11% growth year over year, including 3% growth since the end of February.

In the health and wellness space, top exercise apps saw more growth in January than during the pandemic. And in this difficult year, we’re proud to report that over 930,000 users have been assigned Apps for Good.

See more data

Compared to traditional brittle forms of authentication (i.e., simple two-factor methods), higher assurance factors are on the rise. We see that the use of Okta Verify (including Okta Verify with Push notifications) is growing, from 78% last year to 82% today. The number of authentications with Okta Verify increased 184% between February and October.

Once again, we see weaker factors on the decline from two years ago: the percentage of Okta customers using SMS has dropped from 53% to 49%, and the percentage using security questions has dropped from 18% to 15%.

See more data

Looking at Okta’s ThreatInsight data we see that, while the number of authentications has risen steadily over the past six months, the overall growth of detected threats shows a significant increase in the late summer and fall. The most-targeted industries may not be the ones we expect. Of all industries, education has the largest ratio of detected threats compared to the volume of authentications — more than twice as many as finance and banking, and more than five times as many as healthcare and pharmaceuticals.

See more data

Methodology: how did Okta create this report?

To create our Businesses at Work reports, we rely on data from Okta customers. We anonymise Okta customer data from our network of thousands of companies, applications, and IT infrastructure integrations, as well as millions of daily authentications and verifications from countries around the world. Our customers and their employees, contractors, partners, and customers use Okta to manage identity, log in to devices, websites, apps and services, and leverage security features to protect their sensitive data. They span every major industry and vary in size, from small businesses to some of the world’s largest organisations, with hundreds of thousands of employees or millions of customers. 

As you read this report, keep in mind that this data is representative of Okta's customers, the applications and integrations we connect to through the OIN, and the ways in which users access these tools through our service. The terms “app” and “tool” are used throughout this report to refer to applications, services, and integrations that are available through the OIN. The trends we describe for Okta’s Microsoft 365 customers may differ for those Microsoft 365 customers who do not use Okta (i.e., those using Azure Active Directory or other identity platforms that do not provide strong cross app integration support.)

Each year, we look at app popularity in two different ways: first, by number of customers with an app deployed, and second by the number of active unique users, defined as users who have logged into an app via Okta at least one time in the past 30 days. 

We have worked carefully to standardise our data. Unless otherwise noted, this report presents and analyses data from November 1, 2019 to October 31, 2020, which we refer to as “this year,” “today,” and “in 2020.” Similarly, when we refer to “last year” or “in 2019,” we are referring to data from November 1, 2018 to October 31, 2019. “2018” refers to the same period in its respective year. When referring to company size, Okta uses the term "small" to refer to companies with 1,999 or fewer employees, and "large" to refer to companies with 2,000 or more employees.

Unless otherwise specified, the data included in this report is limited to Okta customers that have deployed at least one app through the Okta Integration Network. Also, unless otherwise noted, this report looks at apps deployed for corporate use.

Apps at Work: 2020's most popular apps

Remote work and security tools have the wind in their sails

We have seen some exciting changes in our top ranks. Cloud platform AWS has risen steadily from sixth place five years ago to become this year’s second most popular app by number of customers. Tools enabling collaboration, including Zoom and DocuSign, have also jumped in the ranks. 

And we extend a warm welcome to two security-focused tools that have earned spots in the top 15 most popular apps for the first time: after three years as a fastest growing app, KnowBe4 graduates to become one of the most popular apps by number of customers, and Palo Alto Networks GlobalProtect becomes one of the overall most popular apps by active unique users. Congratulations, and welcome aboard!

Customers have been investing in the tools they need to ride out a challenging year. Looking at the most popular apps by number of customers, tools enabling collaboration and security have seen the largest gains.

Microsoft 365 continues to hold the top spot, but there has been a significant shakeup in the ranks overall. With 35% year-over-year growth, AWS jumped into the second place spot, which had previously been held by Salesforce since our first report in 2015. Salesforce now takes third. Google Workspace holds onto its fourth place position for the fourth year in a row, but in the lower ranks, the waters are churning.

With 64% year-over-year growth, driven in part by the global move to remote work, Zoom surged past the steady growth of Slack and the Atlassian Product Suite to claim fifth place — especially impressive considering this is only Zoom’s third year as a most popular app by number of customers. DocuSign jumped three spots to eighth place as people everywhere needed to sign documents digitally. And KnowBe4, providing security awareness training, came on strong, joining the ranks at #14.

Note: the Atlassian Product Suite now includes Trello, as well as Confluence, Jira, and Bitbucket, which are frequently accessed together via a subscription to Atlassian Access.

Apps make the world go ‘round

When we break out our most popular apps by region, we find some striking differences. At the top of our ranks, we see that the new second-place global rank for AWS is driven by its strong growth in EMEA and APAC, where it has seen over 25% growth since April, 2020, compared to 16% growth in North America during the same time period. 

For many apps, their popularity in North America drives their rank on the charts. Salesforce and Zoom’s global ranks are underpinned by their popularity in North America: each ranks two spots lower in APAC and three spots lower in EMEA. 

But some apps find their sweet spots outside of North America. While the Atlassian Product Suite (headquartered in Sydney, Australia) ranks sixth on our global list and in North America, it ranks third in EMEA and APAC, beating out such popular tools as Salesforce and Google Workspace. Other examples of higher rankings in EMEA include Slack (1 spot higher than in North America), Zendesk (6 spots higher), and GitHub (4 spots higher). 

Some apps that don’t appear in our global rankings make cameo appearances in regional breakdowns. Social media giant Twitter left our global top apps in 2017, but in EMEA, Twitter still sits in the top 15. Jamf Pro, our #1 fastest growing app in 2018 and a recurring fastest growing app through 2020, appears in the EMEA top 15. And APAC customers’ deployment puts ServiceNow (IT service management support), Mimecast (email security), Xero (small business accounting, headquartered in Wellington, NZ), and Palo Alto Networks GlobalProtect (network security) into APAC’s top 15. 

Most Popular Apps by Number of Customers, by Region

Increase vs global
Decrease vs global
  Global North America EMEA APAC
1 Microsoft 365 Microsoft 365 Microsoft 365 Microsoft 365
2 AWS Salesforce AWS AWS
3 Salesforce AWS Atlassian Product Suite Atlassian Product Suite
4 Google Zoom Google Salesforce
5 Zoom Google Salesforce Google
6 Atlassian Product Suite Atlassian Product Suite Slack Zoom
7 Slack Slack Zoom Slack
8 Docusign Docusign Zendesk Docusign
9 Box Box GitHub Mimecast
10 Cisco Meraki Cisco Meraki DocuSign ServiceNow
11 SAP Concur SAP Concur Cisco Meraki Xero
12 GitHub KnowBe4 Box Zendesk
13 Zendesk GitHub Twitter Palo Alto Networks GlobalProtect
14 KnowBe4 Zendesk Jamf Pro Box
15 Lucidchart Lucidchart Lucidchart Cisco Meraki

As the world changed in April, so did app usage

Popularity by active unique users looks at which apps are being adopted by the most users across organisations. Each year this chart sees seasonal dips around the winter holidays as users log off, but this year we also see the dramatic impacts of quarantine and shelter in place orders. Over the span of nine weeks, starting in mid-March 2020, more than 38 million Americans filed for unemployment across the country. Employees across industries were furloughed or laid off, and app usage data reflects that. Looking at our top app, for example, we see that 57% of Okta customers with Microsoft 365 had a decrease in unique users in April. 

Many top apps, such as Microsoft 365, Workday, ServiceNow, Salesforce, Zscaler, Cornerstone OnDemand, and Slack, showed a noticeable dip in user activity after March 31, 2020, all reaching a turning point at the end of May. By the end of July, Microsoft 365, Salesforce, and Cornerstone OnDemand monthly unique user levels had rebounded to equal or higher levels of use, and by the end of August, Workday, ServiceNow, and Zscaler rebounded as well. Slack recovered by the end of September.

Two tools notably thrived during this period. Zoom, which had only joined the top apps by unique users for the first time in 2019, ended this current data period in sixth place. In our Businesses at Work (from Home) report in April, when we highlighted apps that had seen significant growth in numbers of corporate and personal users in March, Zoom was our fastest growing app by number of unique users. While unique users dipped a bit over summer, by the end of September they were reaching new highs, likely related to Zoom’s extensive efforts to support distance learning

Palo Alto Networks GlobalProtect also thrived. As companies rushed to protect their remote workers with secure remote access, it joined the top ranks by unique users for the first time. It was the second fastest growing tool by number of unique users in our supplemental April report: GlobalProtect usage climbed over 230% in late March when compared to 28 days prior, and has only continued to rise.

The platform effect

Apps secure a solid foothold at the top

Some of the apps Okta connects to serve as platforms in their own right: moving beyond specific functionality, companies can build on top of these platforms, integrating their functionality into other systems, and even baking the platform’s underlying technology into the company’s own app stack. These platforms become a core, integral part of the company’s operating technology and would be expensive and cumbersome to replace. They have long-term staying power because they are so intertwined with how business gets done.

How do platforms rank among our customers’ app usage? Since our first report in 2015, Microsoft 365, Salesforce, and Google Workspace have held three of our top four spots. They may have rebranded once or twice, but they are embedded in our desktops and our work lives. Since 2015, AWS has improved its global rank by number of customers from #6 to #2. And Atlassian, ranked #6 globally by number of customers, has built a pervasive platform for developers. Network effects amplify the staying power of these platforms, making it easier to adopt and integrate new pieces of technology to solve evolving problems.

Okta Customer Identity.

The fastest growing apps

Companies flock to tools that support remote work

This year has been an anomaly for so many reasons, and that’s reflected in the record-setting turnover in our fastest growing apps and integrations. For the first time, 90% of our fastest growing apps are brand new to the top 10. 

While we always expect frequent turnover — it’s tough to maintain explosive rates of growth over multiple years — we see a shift in the type of apps that customers are adopting. Last year we noted that collaboration apps were being replaced by data- or security-focused tools. This year companies needed to enable remote work, which meant supporting at-home workspaces and virtual collaboration, as well as helping employees thrive as they work apart from one another. 

While collaboration tools have rejoined the fastest growing ranks, companies continue to invest in security tools as well: for the first time, security tools claim four out of the top ten spots.

View LegendView Full Screen

Fastest Growing Apps

    Year-over-Year Growth

    Congratulations to Amazon Business, our fastest growing app and the first shopping-centric tool to ever join the ranks. This spring, as workers around the world collectively discovered that kitchen bar stools don’t make good office chairs, organisations raced to launch tutorials on ergonomics and build online company stores selling stand-up desks and quality webcams. Amazon Business offered an immediate solution to employees who were already comfortable with shopping on Amazon for personal use. This delivered 341% growth for the Amazon Business app in the past year. 

    Three hot collaboration tools share the spotlight with Amazon Business. Second-place Miro, an app offering whiteboard functionality for teams, experienced 301% growth; measured by unique users, it grew 449% year over year. Third-place Figma is an interface design and prototyping software that has also been adopted by remote workers who need a virtual whiteboard or presentation tool. In 2019, Figma was named by Forbes as one of 25 companies to make the cut for its latest Next Billion-Dollar Startups list. Both Miro and Figma secured $50 million in funding in April, 2020, a Series B for Miro and Series D for Figma. And in fourth place, project management tool monday.com gives remote workers a way to collaborate on project management.

    Fastest Growing Apps, by Region

    Region By Number of Customers By Unique Users
    North America

    Amazon Business

    346%

    Amazon Business

    2,143%

    EMEA

    Zoom

    86%

    Zoom

    227%

    APAC

    AWS

    49%

    AWS

    86%

    The fastest growing security tools provide a full range of protection. Our fifth fastest growing app, Fortinet FortiGate, provides next-generation firewalls. Our eighth fastest growing app, VMware Carbon Black, offers cloud-native endpoint and workload protection. In ninth place, Sentry provides application monitoring. And rounding out our top ten, 1Password helps consumers manage their passwords.

    With employees working remotely, HR departments are providing additional support. Our sixth fastest growing app is Lattice, a people management platform that helps managers develop teams and keep employees engaged, from anywhere. It’s noteworthy that an app supporting employee culture is ranking as a fastest growing app. The last time an HR-related tool appeared in this category? BambooHR in 2016.

    And finally we give a friendly “welcome back” to data warehousing provider Snowflake, our #1 fastest growing app in 2019. It takes seventh place in 2020 with 105% year-over-year growth. Good to see you here again!

    Who’s missing? After being the top fastest growing app in 2016 and maintaining a presence on the list for an unprecedented total of four years, Zoom fell off the top 10 list and was “only” our 15th fastest growing app this year, with 64% year-over-year growth. (Yep, even with a pandemic it’s hard to sustain the hefty growth achieved by fastest growing apps!) But broken out by region, Zoom still takes the fastest growing prize in EMEA.

    Innovation’s heart is in San Francisco (and Silicon Valley)

    The shift to remote work brings the opportunity to tap into talent around the world — but headquarters aren’t necessarily packing their bags just yet. This year, four of our fastest growing apps are headquartered in San Francisco: we give a home-town shout-out to Figma, Miro, Lattice, and Sentry. Fortinet and Snowflake are nearby Silicon Valley neighbours. Seattle-based Amazon joins us on the West Coast, while VMware Carbon Black represents the East Coast from Waltham, Massachusetts. Toronto-based 1Password and Tel Aviv-based monday.com bring some international flavour.

    We like to recognise big moments in our app leader’s journeys. Going public is a milestone that warrants some festivities, but in the spirit of the era, we eschew a super-spreader celebration in favour of a socially-distanced shout-out to these apps that joined the public markets.

    The past year brought some hot IPOs, including Jamf, the parent company of our 2017 fastest growing app Jamf Pro, and Snowflake, the fastest growing app of 2019. The nine IPOs and one DPO, Asana, represent a wide range of tools, including endpoint protection, project management, cloud computing and data analytics, developer tools, cloud-based payments, social media, ecommerce, a business database, and even a medical provider. While the markets may have given some of these tools a turbulent ride, they generally had smooth sailing within the OIN. Sprout Social saw the largest post-IPO growth at 50%. Bill.com grew its Okta customer base by 19%, Jamf Pro by 10%, and Snowflake by 3% since their IPOs. Asana’s DPO and Sumo Logic’s IPO in September were too recent to show measurable growth.

    View LegendView Full Screen

    Top Apps from IPO/DPO Companies of the Past Year

    Number of Customers

      Apps here, there, and everywhere

      App deployment grows across companies and industries

      The average number of apps deployed per customer has risen steadily across all industries and company sizes, for a combined growth of 22% over the past four years. This year, the average number of apps per customer remains at 88.

      We broke that out by customer size and found that our largest customers are adopting more apps than our smaller customers. Our larger customers, with 2,000 or more employees, deploy an average of 175 apps per customer, while our smaller customers, with 1,999 or fewer employees, deploy an average of 73 apps per customer.

      New customers tend to initially deploy fewer apps through the OIN, then add more over time. Customers who have been with Okta for less than a year adopt an average of 23 apps. That number increases to 55 apps between one to two years, and 101 apps between two to four years. This year we see that customers who have been with Okta for four years or more deploy an average of 207 apps, an increase of 9% over the previous year. At the high end of the app deployment scale, 10% of our customers deploy 199 apps or more.

      When we break out app deployment by industry, it makes sense to see technology companies at the high end of the spectrum. These organisations live, breathe, and even build the tools they are using. In the past three years, their average number of apps has increased 57% from 99 to 155, with 17% growth in the past year.

      Average Number of Apps per Customer, by Industry

      Average Number of Apps per Customer, by Industry.

      Other sectors have seen significant growth in app adoption as well. Over the past four years, the government sector has had the largest increase in average app deployment at 140%, which includes a 43% jump in the past year alone — the largest increase in any sector in the past year. Remote work has driven governments to deploy a wide range of apps and tools that were previously a much lower priority, if not completely unnecessary. The U.S. Bureau of Labor Statistics monthly Current Population Survey consistently found public-sector employees working remotely at a higher-than-average rate: 57% of government employees worked remotely in May, which dropped steadily to 34% in September, compared to the entire economy, where 35% worked remotely in May, dropping to 23% in September.

      The education sector ranks high in app deployment, with more tempered growth. While their average app deployment trend line has increased over the past few years, they did see a dip down to an average of 119 apps per customer in 2019. However, in 2020 the education sector’s average number of apps rose 6% year over year, possibly as they ramped up to provide remote learning.

      Some of the other industries seeing large increases in average app adoption this year include professional services (36% increase), healthcare and pharmaceuticals (19% increase), and finance and banking (18% increase). Retail average app deployment grew 7% in the past year, but 58% over the past four years.

      Best of breed rules, incumbents drool

      As employees settle into remote work, it’s critical they have the best tools to keep them connected and working productively. When it comes to interacting with co-workers, customers, partners, vendors, and others on a common platform, we see that for many companies, a “good enough” solution isn’t actually good enough. We’re seeing that “one size fits all” is not fitting, at all.

      Over the past few years, we have looked at whether companies that invest in the Microsoft 365 suite — the most popular app in our network — are finding it meets all their needs. We also wonder if deploying Microsoft 365 means customers commit to an exclusively Microsoft environment. The answer to both questions is decisively “no.” While the Microsoft 365 suite offers basic personal productivity, communication, collaboration, and content management tools, Okta’s Microsoft 365 customers continue to invest in many other best-of-breed apps. And when they need CRM software, project management tools, data visualisation software, or cloud platforms, they look for bestof- breed options as well. Over the past five years, the number of Okta’s Microsoft 365 customers deploying at least one bestof- breed app has increased by seven percentage points.

      Like the strictly-controlled French designations of “champagne” or “cognac,” “best of breed” is a distinction we don’t take lightly. Best-of-breed apps dominate their category for the standalone functionality they provide. This year, best-of-breed tools Salesforce, AWS, Box, Slack, and Zoom are joined by project management tool Smartsheet and data visualisation tool Tableau, which compete against Microsoft Project and Power BI, respectively.

      Microsoft Teams comes standard with the Microsoft 365 Business Basic subscription, but during a global shift to video meetings, video classes, and video cocktail hours, companies increasingly dialed in to Zoom. Over 42% of Okta’s Microsoft 365 customers now also deploy Zoom, a jump of more than 10 percentage points over the previous year. (This number has increased nearly 35 percentage points in the past four years.) And when it comes to chatting, Slack is also part of the conversation. The rate of increase has slowed, but this year nearly 32% of Okta’s Microsoft 365 customers also deploy Slack. And, while they most certainly have access to OneDrive, a standard feature in even the most basic Microsoft 365 bundle, 26% also deploy Box.

      View LegendView Full Screen

      Okta's Office 365 Customers with Best-of-Breed Apps over Time

        Percentage of Okta's Microsoft 365 Customers

        Note: Salesforce data for 2017 and 2018 are the same at the time of the report, as are 2016 and 2019.

        In April, Goldman Sachs predicted that companies would slash spending by 33% in 2020. By fall, JP Morgan found that global corporate profits had “tanked” by 33%. While companies may splurge on a few best-of-breed apps, we might expect they would tighten their belts where they see clear redundancy.

        However, 36% of Okta’s Microsoft 365 customers now also deploy Google Workspace, the largest jump in the past three years. Top collaboration tools have never been more important for productivity.

        The concept of a company choosing to lock in as a “Microsoft shop” continues to fall out of favour, too. 44% of Okta’s Microsoft 365 customers deploy Salesforce, 41% deploy AWS, 15% deploy Smartsheet, and 14% deploy Tableau.

        This year, with eight apps featured, we see that 81% of organisations are supplementing their Microsoft 365 suite with one or more best-of-breed tools. Nearly 10% of customers are deploying six or more. These numbers have grown steadily year over year. Even in a difficult year — or perhaps specifically because of it — customers are prioritising functionality over established software suites.

        View LegendView Full Screen

        Okta Customers with Microsoft 365 and Best-of-Breed Apps

        Percentage of Okta's Microsoft 365 Customers
        • Number of Best-of-Breed Apps
           
        •  

          0 Apps

        •  

          1 App

        •  

          2 Apps

        •  

          3 Apps

        •  

          4 Apps

        •  

          5 Apps

        •  

          6 Apps

        •  

          7 Apps

        •  

          8 Apps

          Okta + Twilio Segment.

          Developers at Work: The most popular tools for building digital experiences

          If the first phase of COVID-related technology adoption was to support remote work, the second was to accelerate digital transformation projects and initiatives. Whether consumers are connecting with loved ones, depositing checks, tracking workouts, ordering groceries, or shopping, almost every interaction between consumers and brands is now happening online. This has driven organisations to invest in building delightful digital experiences that are frictionless, personalised, and seamless.

          In addition to our workforce identity products, Okta also offers customer identity and access management (CIAM) solutions to help organisations build and scale seamless digital experiences for their customers. This is a growing area of focus for Okta. In this section, we dig into various aspects of how CIAM powers modern customer experiences.

          This year we are proud to collaborate with Segment, the marketleading customer data platform (CDP) recently acquired by Twilio, to provide a more in-depth look at the customer journey. Over 20,000 companies use Segment to collect and unify customer data from dozens of different customer touchpoints, and send that data downstream to over 300+ SaaS tools.

          Okta and Segment look at two sides of the CIAM coin

          On one hand, our tumultuous year is expected to force companies to tighten their belts and reduce costs. Gartner predicts that, while application consulting, implementation, and management services are a $426 billion market, “the long-term CAGR of 5% will be interrupted in 2020 by a dip of -9% caused by the COVID-19 pandemic and ensuing recession.”1 On the other hand, Gartner predicts that “through 2024, organisations will bring forward digital business transformation plans by at least five years to survive and get ahead in a post-COVID-19 world focused on agility and digital touchpoints.”We see evidence of this in the increased investment our customers are making as they build out CIAM apps.

          First we wondered, is there a relationship between company size and the number of apps they’re building?

          Okta data shows us that companies are building customer-facing apps at roughly the same pace, regardless of company size.

          Okta’s CIAM customers have built a median of four apps that are customer facing; when broken out by customer size, this becomes a median of six apps for our largest customers, and four for our smaller customers. This implies that regardless of size, companies place equal importance on ensuring their customers have seamless experiences. If digital transformation has truly accelerated during this time period, we can expect the median number of apps to rise across all segments in the coming months.

          Next, we dug into the data to understand the technology choices and ecosystem that powers these customer experiences. While Okta looks at how organisations build apps for their customers (i.e., what programming languages and environments are used), Segment helps us to understand where customer data is coming from and traveling to as part of the customer experience. Let’s dive in.

          Okta’s most popular SDK tools represent the tech stack developers are using to build applications. These tools are reflective of the broad set of environments and deeper integrations that Okta supports, and this year JavaScript moved to the top spot. Over 63% of customers using an SDK tool are now using JavaScript, a significant jump from 24% last year. Over the past year we saw the usage of Java, the enterprise king, slip from 27% to 23% in regards to SDK usage, mirroring an industry-wide trend shifting more development work to the front-end. Use of Go increased from 11% last year to nearly 24% this year. And as expected, many organisations are using Windows and developing on C#.

          [1] Gartner “Forecast Analysis: Application Services, Worldwide” by Colleen Graham, Susan Tan, Neil Barton, Jaideep Thyagarajan, Susanne Matson, September 8, 2020.

          [2] Gartner “Forecast Analysis: Application Services, Worldwide” by Colleen Graham, Susan Tan, Neil Barton, Jaideep Thyagarajan, Susanne Matson, September 8, 2020.

          View LegendView Full Screen

          Okta Customers Using SDK Tools

            Percentage of Customers

            Note: Data limited to customers with at least one SDK event between November 1, 2019, and October 31, 2020.

            If we turn our attention to the most popular sources of data being fed into Segment’s CDP, we can get an inside look at where businesses are collecting and gathering data to drive customer engagement.

            This year, in addition to Okta ranking JavaScript as the most popular SDK tool, Segment sees JavaScript as the most popular data source. This shouldn’t come as a surprise, given that JavaScript tags have become the ubiquitous method for data collection. Android comes in at #2, and iOS is close behind at #3. Both of these data sources are used to collect in-app user behavior data. Such high rankings are a reflection of customer behavior as the world becomes increasingly mobile-centric, with 81% of the adult U.S. population owning a smartphone.

            Finally, it’s worth highlighting that server-side data sources had a strong showing this year as well. Node.js, Python, and Ruby were among the top ten data sources, revealing that CDPs are used not just to help marketing and product teams collect behavioral data client-side, but also for technical work by development and engineering teams.

            Developers expand their toolboxes to build the best user experiences

            Developers are expected to move quickly, and efficiently. And they need a deep toolbox to build the hottest apps.

            This year we welcome two new developer tools, Sentry and Atlassian Opsgenie, to our top-ranking developer tools. If you’ve been paying attention, it should be no surprise that they joined us here: Sentry is our ninth fastest growing app for 2020, with 86% year-over-year growth, and in 2019 Opsgenie was our second fastest growing app, with 194% year-over-year growth.

            Our top three developer tools have held their previous spots. The Atlassian Product Suite, whose rank as a developer tool includes customer deployments of Jira, Bitbucket, and Fisheye, continues to stand firmly in first place. Deployment of these tools in the Atlassian Product Suite has grown over 283% over the past four years. GitHub and PagerDuty have held tight in second and third place, respectively.

            However, there is significant movement below the top three. Upstart Datadog, a monitoring, security and analytics platform, pulled sharply ahead of Application Performance Monitoring (APM) tool New Relic this year to claim fourth place. We also see APM tool Splunk — last year’s fourth fastest growing app, with 102% year-over-year growth — pull ahead of Atlassian’s incident communication tool Statuspage to take sixth place. And deployment of the open source automation server Jenkins has grown 51% over the past year.

            Turning to Segment’s data, we see that company size affects the number of apps receiving customer data across the organisation. While the rise in data destinations can be seen across customers large and small, the average number of destinations used by larger customers stands at 14, while SMBs use a more modest nine. Given tech stack growth and adoptions of large companies versus small ones, this is a trend that appears to be growing year over year.

            Overall, Segment sees that the average number of apps businesses are connecting to their CDP has risen to 11, up from eight last year. As businesses further embrace digital operations on the back of COVID-19, their tech stacks are becoming populated with more and more software.

            Diving deeper into the types of apps being adopted on Segment’s customer data platform, we can get an in-depth view of how the SaaS market is evolving.

            Analytics apps remain the #1 category on the Segment platform. As 2020 drives more customers into digital experiences, it’s having a second order effect on marketing technology adoption, driving more and more businesses into analytics apps.

            Meanwhile, digital advertising tools rose to #2 this year, up from #3 in the same period last year, reinforcing the hypothesis reported in Segment’s COVID Tech Stacks Report — businesses are going all in on advertising tools to match consumer behaviour.3

            Finally, there is growing adoption of what can be broadly categorised as customer engagement tools. Based on Segment’s data, customer success, email marketing, and heatmaps/ recording tools all saw increased adoption in the region of 18- 25%, indicating that many companies are continuing to lean in to digital engagement and transformation efforts, despite the uncertain economic circumstances.

            Average Number of Destinations to Which Segment Customer Data is Being Sent
            Average destination count 11
            25th percentile count 5
            Median destination count 5 
            75th percentile count 15

            Note: Data from November 1, 2019 to October 31, 2020.

            [3] Segment, “How COVID-19 is Impacting Tech Stacks [According to Our Data],” June 10, 2020.

            With security attacks on the rise, CIAM customers turn to easily deployable factors

            Forrester reports that after software vulnerabilities and web applications, the use of stolen logins and encryption keys known as credential stuffing is the top attack vector for applications in 2020, accounting for 27% of external attacks.4 Many of our CIAM customers add additional security protections for their end users via Multi-Factor Authentication (MFA).

            Okta’s CIAM customers have different use cases, which affect their choice in factors. For B2C relationships, companies typically choose more familiar factors, such as email and SMS, which are inherently weaker factors. On the other hand, B2B relationships warrant a higher level of security.

            We see that SMS continues to be the most popular choice because it is one of the easiest and most familiar factors to deploy for B2C end users. Across CIAM customers, use of SMS has grown nine percentage points in the past two years. Looking at the total volume of MFA authentications, SMS is by far the most popular choice, with eight times more authentications than second-place Okta Verify. We see a 226% increase in the use of SMS year over year.

            The second most popular factor for our CIAM customers is Okta Verify (including Okta Verify with Push Notifications), whose usage has increased by 15 percentage points over the past two years. The total volume of MFA authentications with Okta Verify (including Okta Verify with Push notifications) has grown by 266% year over year. This stronger factor is more popular with B2B customers.

            [4] Forrester, “The State of Application Security, 2020,” May 4, 2020.

            View LegendView Full Screen

            Okta’s CIAM Customers Deploying Each Factor

            Percentage of Customers

              We notice an overall increase in the percentage of customers deploying email as an MFA factor. Use of this weaker factor has risen six percentage points from 26% to 32% in the past two years. The most recent rise (eight points between the start of July and the end of November) suggests companies may be deploying email MFA as a way to go passwordless for a better customer experience. Or, companies might be adding email MFA on top of usernames and passwords to add low-friction security. For example, Google Nest is now requiring customers who have not enrolled in two factor authentication to verify their identity via email. Turning to look at the volume of authentications, we do see a dip in authentications via email in May and June, followed by four months of rapid growth. This dip roughly parallels the May/June dip we have observed in detected threats, followed by an overall increase during this same time period.

              Use of another weaker factor, security questions, has dropped nine percentage points over the past two years, but isn’t dead yet due to its ease of deployment. Looking at the total volume of authentications, we see peak use in August 2019, which has dropped by 82% since then. We hope the trend away from security question usage continues into the future.

              Okta Customer Identity.

              Remote Work: winners and consumer's choice awards

              The most popular apps by category

              The user experience is critical for workforce apps as well. All the most popular tools across our categories delivered amazing digital experiences during the pandemic, and that's why they're winning.

              When we delve into our data, we sort categories in two ways. For some workforce-focused categories, such as collaboration apps, developer tools, HR platforms, and video conferencing apps, we look specifically at tools that have been deployed at a company-wide level for corporate use.

              Increasingly, however, our work lives and our personal lives intersect. For certain categories, such as travel, health and wellness, and philanthropic efforts, we expand our lens to include apps that employees adopt personally through Okta, in addition to those assigned by their IT teams.

              Taking care of business: apps deployed company-wide

              As COVID-19 spread rapidly in the spring of 2020 and an unprecedented half of the world’s population, nearly four billion people, went into lockdown, companies quickly deployed new tools to enable employees to work remotely. Collaboration tools come in every size, colour, and flavour, but sometimes having too many options can be overwhelming. What do our customers choose for specific collaboration needs? These tools easily walk away with top honours for their specific functionality. This year gave rise to the latest tech stack everyone needs to support a new way of working.

              Remote Work Stack

              Remote Work Stack.

              Highlights of our remote work stack:

              • Deployment of project management app Smartsheet has grown 170% over the past three years. It boasts around 1.5 times as many Okta customers as its nearest competitor, Asana.
              • Box is the top file sharing app, with 59% more Okta customers than its nearest competitor, Dropbox.
              • DocuSign is far and away the most popular option for electronic signatures. Deployment has grown 208% in the past three years, and nearly 49% in the past year alone as digital signatures became critical to completing all kinds of transactions. DocuSign has more than seven times as many Okta customers as second-place Adobe Document Cloud.
              • Top surveying tool SurveyMonkey has seen nearly 13% growth since February 2020, as companies rushed to understand what their employees needed to work remotely. SurveyMonkey has more than three times as many Okta customers as secondplace Typeform.
              • Slack ranks clearly as the top messaging tool, with nearly 190% growth in the past three years. Slack has more than ten times as many Okta customers as the second most popular messaging app, Workplace by Facebook.
              • Lucidchart is by far the most popular app for diagramming and wireframing. It has enjoyed 239% growth over the past three years, and has ranked as one of our top apps by unique users for the past two years. Lucidchart has nearly three times as many Okta customers as competitor InVision, and four times as many as our third fastest growing app, Figma.
              • The most popular note taking app, Evernote, has seen a rise and fall in popularity, and now has the same number of Okta customers it did three years ago. We’ll keep our eye on competitor Notion, which is rising rapidly through the ranks.

              Within days of pandemic lockdowns around the world, use of video conferencing apps skyrocketed, as detailed in our spring supplemental report, Businesses at Work (from Home). Looking at the number of customers, we see a strong inflection point between February and March for both Zoom and Cisco Webex. Deployment of Zoom grew over 45% between March and October, while Webex grew 15% and RingCentral grew 18% during this same period. But 2020 will be remembered as the “year Zoom became a household name.” For the first time, the app became part of many people’s daily lives. Days of Zoom meetings and Zoom classes were capped by evenings of Zoom cocktail hours and Zoom dinners, until “video conferencing fatigue” became a thing.

              It’s interesting to contrast the number of customers versus the number of active unique users of competitive apps. While Zoom had more customers than Webex as of February 2018, Zoom had less active unique users than Webex until March 2020, at which point Zoom’s unique user growth rapidly passed Webex and remained higher.

              While this year gave remote work a dramatic boost, we think the future of work is dynamic. This translates to a global workforce, in widely distributed locations, working wherever, whenever, and however they want. Gartner predicts "48% of employees at large enterprises will work remotely at least some of the time after the pandemic, a significant increase over the 30% of employees who worked remotely at least some of the time prior to the pandemic.”5 Now more than ever, HR departments need a robust set of tools to keep managers and teams connected, support distributed workers, and ensure every employee feels valued.

              While HR tools have grown again across the board, employee engagement tools have made especially large gains. With 75% growth in the past year, Culture Amp jumped two spots to pass SAP SuccessFactors and claim fourth place. Lattice, our sixth fastest growing app overall with 109% year-over-year growth, joined the top HR tools for the first time and rose quickly to seventh place.

              Large, end-to-end human resources tools continue to attract new customers. Reigning top app Workday has held a solid lead among HR tools with 23% year-over-year growth. Second-place BambooHR has seen more substantial growth, at 38%.

              [5] Gartner, “9 Predictions for the Post-COVID Future of Work,” May 14, 2020.

              There's been a rapid rise in the need to accommodate a distributed workforce, and we're seeing businesses tackle it in a few ways — secure remote access solutions, like Palo Alto Networks GlobalProtect, VPNs like the many listed here, as well as standalone zero trust network access (ZTNA) solutions like Zscaler. As organisations move past the initial “firefighting” and get into long-term strategy, we’ll be watching to see which wins out next year.

              Palo Alto Networks GlobalProtect provides enterprise security protection to mobile users. It has seen consistently strong adoption, growing a remarkable 1983% over the past three years. Since the pandemic began and companies needed to support remote workforces, GlobalProtect, which provides encrypted tunnel access to Palo Alto Networks next-generation firewalls and Prisma Access products, has been one of our fastest growing secure remote access applications with 50% growth since the end of February.

              Cisco AnyConnect, which provides secure endpoint access, has grown 1130% in the past three years, and 46% just since the end of February. Netskope, which provides contextual security and mitigates cloud-enabled threats as part of a modern secure access service edge (SASE) architecture, has grown 74% in the past year. AWS Client VPN, which allows companies to easily deploy a scalable client VPN solution, burst onto our radar in May and has quickly passed many tools to take seventh place. And open source option OpenVPN has seen 43% growth in the past year.

              Some remote workforces are best served with virtual desktop infrastructure, known as VDI. Desktop environments are hosted on a central server and desktop images are delivered to end clients over a network. We also saw a noticeable jump in VDI tools as workers became remote.

              Between February 29 and April 30, 2020, our most popular VDI provider, Citrix, saw 11% growth. Also during this time, Amazon WorkSpaces grew 33%, and VMware Horizon View grew 13%.

              People are notoriously the weakest link in the security chain, and hackers are well aware of the fact. Verizon’s 2020 Data Breach Investigations Report finds that “attackers have become increasingly efficient and lean more toward attacks such as phishing and credential theft,” while there has been a corresponding decrease in attacks using Trojan and RAMscraper malware.6

              Our customers invest in a wide range of people-centric security tools. This category includes security training, email security and password management, ID proofing, privileged access management (PAM), identity governance and administration (IGA), as well as on-site visitor management tools.

              While most tools have seen significant growth in the past few years, our top-ranking tools generally focus on security training, email security, and password management. Security awareness training tool KnowBe4 has grown 46% since the start of 2020, and 194% in the past two years. Our tenth fastest growing app this year, 1Password, has had a major growth spurt of 582% in the past two years. Visitor management tool Envoy is an interesting case: with sharp drops in workers’ physical presence in offices, but growing concerns about managing the number of workers in a space at one time, Envoy — our eighth fastest growing app last year — grew 32% in the past year.

              [6] Verizon, “2020 Data Breach Investigations Report,” May 19, 2020.

              The balancing act of life and work: corporate + personal app adoption

              By the end of 2020, we were marveling at the layer of dust on our passports and the length of time between our trips to the gas station. Our “big outings” had become dog walks in new parts of town. Most people weren’t getting on a plane unless they absolutely had to. It’s no surprise that the number of airline passengers tanked year over year. Compared to the same month the prior year, there was a -51% change in March, and a whopping -96% change in April, with only small upticks by summer. Our lives seemed frozen in place, and corporate and personal adoption of travel apps generally froze as well. In fact, the ranked order of our hotel and lodging apps stayed exactly the same as last year.

              For most of our top hotel and lodging apps, growth was measured in the fractions of percentages, or negative numbers. Bonvoy (the combined rewards program which includes Marriott and Starwood hotels) measured -1% year over year, Hilton Hotels grew 3%, and Hyatt Hotels gained less than 1%.

              There was one standout exception in this field. For travelers who ventured out, the option of a private living room won out over a chic hotel lobby, and a private kitchen was more appealing than the all-you-care-to-eat breakfast buffet. Use of popular travel alternative Airbnb saw nearly 11% growth year over year, including 3% growth since the end of February.

              Health and wellness meant one thing to us in January when we made our New Year’s resolutions and looked forward to the new decade with eager anticipation. By the end of March the year wasn’t turning out the way we had expected, and health and wellness took on a whole new meaning altogether. Around the world, many workers who were fortunate enough to still have jobs were trying to figure out how to work from home, while some became impromptu school teachers for their children. During this incredibly stressful time, a dedicated few were inspired to turn to exercise to improve their overall well-being, or just to get outside.

              Which were more powerful drivers for personal health and wellness: New Year’s resolutions, or pandemic resolutions? It seems we were more collectively focused on January 1. Our gold medal health and wellness app, Fitbit, saw nearly 5% growth in January 2020, compared to 3% growth in April. (Overall, the app saw over 21% growth in 2020.) Growth of silver medal MyFitnessPal was 3% in January, but nearly flat in April. Bronze medal app Strava grew nearly 4% in January, and another 3% in April.

              Remember how many of us showed off our homemade sourdough successes (and fails) last spring on Instagram? Well, after more than two months of shelter in place, our kitchen ambitions caught up with us. The surge in WW (formerly Weightwatchers) tipped the scales at over 7% growth over the months of June and July, a bit shy of their 11% growth in January.

              In a difficult year, companies embrace Apps for Good

              According to Giving USA, Americans gave $450 billion in 2019, reflecting a 5% increase from 2018. But the pandemic and quarantine left tens of millions of people unemployed or underemployed, and sent communities reeling. The need is greater than ever.

              Apps for Good helps Okta customers support their employees’ charitable spirits. These unique tools enable companies to simply and securely deploy world-class “giving apps” to their workforces, so employees can donate time, money, expertise, and more. With Apps for Good, companies can select the tools that fit their corporate giving culture and goals, deploy them directly to employees’ Okta dashboards, and start giving back immediately. It’s a nearly frictionless way to make a positive impact.

              We’re proud to report that over 930,000 users have been assigned to Apps for Good. Which apps do they use most? More than 50% of Okta customers who have deployed an App for Good are deploying CareerVillage, which connects students with real-life professionals for free personalised career advice; the number of organisations adopting the app (for personal and non-personal use) has grown 91% year over year. The number of companies deploying Kiva, an app that allows people to lend money via the Internet to low-income entrepreneurs and students around the world, has grown 12% year over year. And Benevity, which provides companies a robust giving and volunteering management platform, grew 29% year over year.

              Security at Work: today’s safety checklist includes masks, hand sanitizer, and stronger factors

              Most popular factors

              This past year, like never before, we have lived the concept of collective responsibility for our shared well-being. In our physical world, that has meant mask wearing, hand washing, and deciding whether or not we saw our family and friends over the holidays. In our work lives, as many people moved to remote work for the first time, that has meant adopting security measures to protect employees, and critical company data.

              Proofpoint’s State of the Phish report, released in January 2020, makes it clear that IT managers had quite the job ahead of them as employees moved to remote work.While 95% of survey respondents said they use a smartphone, 10% had no lock on their device. 95% of global workers surveyed had home Wi-Fi networks, yet only 49% password-protect their network, and 11% said they find Wi-Fi security measures too time-consuming and/or inconvenient to implement.7 (IT managers, please take a moment to breathe…)

              Of course, hackers never let a good crisis go to waste. F5’s 2020 Phishing and Fraud Report saw a 220% increase in phishing attacks during the pandemic compared to the yearly average, with large spikes in phishing activities that closely coincided with lockdown rules and used “covid” or “coronavirus” in their subject lines. And where are employees most vulnerable? F5 warns that the login page of our most popular app, Microsoft 365, is one of the most popular targets for generic phishing because “attackers know that stealing Office 365 credentials can grant them access not only to email but also corporate documents, finance, HR, and many other critical business functions.”8

              Okta customers are stepping up to the challenge. They are deploying multiple factors in addition to, or instead of, passwords, and they are choosing stronger factors.

              [7] Proofpoint, “2020 State of the Phish Report,” January 23, 2020.

              [8] F5, "2020 Phishing and Fraud Report,” November 11, 2020.

              Digging into MFA, we see that, compared to traditional brittle forms of authentication (i.e., simple two-factor methods), higher assurance factors are on the rise. Consumers and services are moving to adaptive forms of authentication, such as Okta Verify. Of customers authenticating to Okta with a factor in addition to, or instead of a password, we see that use of Okta Verify (including Okta Verify with Push notifications) is on the rise, from 78% last year to 82% today.

              Once again we see weaker factors such as SMS and security questions on the decline. SMS as a factor has dropped from 53% two years ago to 49% today. Security questions have dropped from 18% two years ago to 15% today.

              In March, 2019, W3C made a recommendation for Web Authentication (FIDO 2.0) as a simpler, stronger authentication. In October 2019, the new MacOS Catalina 10.15 included Safari 13 by default; it was the first version of Safari to support WebAuthentication (WebAuthn). From that point on, any new Mac sales or OS upgrades supported WebAuthn. WebAuthn has been maturing quickly as overall security awareness improves. Since the fall of 2019, we have seen a steady increase in WebAuthn, matched by a proportionate decrease in U2F (FIDO 1.0).

              When Fortinet conducted a global survey of IT decision makers in June 2020 for their Remote Workforce Cybersecurity Report, they asked respondents where they were planning to make new investments. The largest group (30%) chose MFA.9 Companies have their sights set on protecting their workforces.

              [9] Fortinet, “2020 Remote Workforce Cybersecurity Report: Enterprises Must Adapt to Address Telework Security Challenges,” August 19, 2020.

              As remote workforces required secure access to company data, organisations ramped up MFA for protection. Use of Okta Verify increased 184% between February and October, compared to 28% over the previous six months. And while we mentioned that use of SMS has decreased among our customer base overall, some customers need to find any port in a storm. They turn to SMS as a factor they can quickly and easily deploy. Use of SMS grew 116% between February and October.

              184%

              Increase of use of Okta Verify between February and October

              116%

              Increase of use of SMS as a factor between February and October

              View LegendView Full Screen

              MFA Authentications with Each Factor

              Number of MFA Authentications

                There are many imposters among us

                The rise in detected threats

                With identity-related attacks increasing, organisations are continuously evaluating how to optimise the security policies in their environment. In late 2019, Okta ThreatInsight — a baseline security feature which helps organisations secure themselves against large scale identity attacks, especially attacks which target passwords — became generally available. ThreatInsight is a component of Okta’s risk engine and security intelligence, in which login patterns are analysed to enable secure access decisions. When Okta identifies password spray and brute force across all customers, those IPs are added to the ThreatInsight database. Organisations can then choose to block access from those IP addresses. ThreatInsight allows organisations to secure their business before becoming the victim of an identity attack.

                Not every organisation experiences a large volume of attacks. ThreatInsight protection is like insurance. With the average cost of a data breach now estimated at $3.86 million in IBM’s 2020 Cost of a Data Breach Report, this is an insurance policy well worth enabling.10

                Detected threats include password spray and login failures. Password spraying is a variant of a brute force attack, where an attacker gets past the usual security measures by “spraying” the same password across many accounts before trying another one. Login failures are flagged when too many failures happen within a short period of time. When we see password spray or numerous login failures coming from an IP address, we flag that IP address as suspicious.

                The number of authentications has risen steadily over the past six months; meanwhile the overall growth of detected threats have been less consistent, but the trend line shows a significant increase in the late summer and fall.

                [10] IBM, “2020 Cost of a Data Breach Report,” July 2020.

                Threats Detected and Authentications with Each Factor

                Threats detected and authentications with each factor.
                Businesses at Work 2021.

                Large attack surfaces = large numbers of detected threats

                We detect a significant number of threats across our customer base, but the volume of threats against authentications varies by industry. The most-targeted industries may not be the ones we expect, such as banking or healthcare. Sectors that are highly distributed right now, such as education, have a large attack surface with fewer financial resources than industries like healthcare, which are highly-regulated and often more tightly contained.

                In fact, education has the largest ratio of detected threats compared to the volume of authentications of any industry — more than twice as many as finance and banking, and more than five times as many as healthcare and pharmaceuticals.

                The Verizon 2020 Data Breach Investigation Report tells us that within the education sector, 67% of threat actors are “external,” and 92% of actor motives are “financial gain.”11 In June, The Hill reported that an organisation obtained a list of thousands of university email addresses that included students and administrators at major institutions including Harvard, Stanford, and Iowa State University, then fraudulently used the email addresses to apply for loans.

                Hackers have had their eyes on the healthcare industry during the pandemic. According to the APWG Phishing Activity Trends Report, as early as March 26, ransomware attacks on healthcare facilities were up 35% (versus similar attacks from 2016 through 2019).12 And by late 2020, news of vaccines brought phishing attacks on the vaccine distribution chain. So why do the healthcare and pharmaceutical sector in our customer base have a relatively small ratio of attacks? It may be partially thanks to organised efforts by the CTI League, the first global volunteer emergency response community established to neutralise cybersecurity threats to the life-saving sectors related to the COVID-19 pandemic. Our data may also be lower for this sector because ThreatInsight mitigates account takeover and account lockout, but the healthcare industry is often the victim of infrastructure vulnerabilities including malware or ransomware.

                Similarly, finance and banking tend to see a wide range of types of attacks, including social engineering campaigns leveraging malicious emails that lure victims to install malware which steals financial data and other valuable personal information, as well as fake apps/maps, trojans, backdoors, crypto miners, botnets and ransomware… all in addition to phishing attacks.

                [11] Verizon, “2020 Data Breach Investigations Report,” May 19, 2020.

                [12] APWG, “Phishing Activity Trends Report: First Quarter, 2020,” May 11, 2020.

                Ratio of Detected Threats Versus All Authentications, by Industry, over Six Months

                Ratio of Detected Threats Versus All Authentications, by Industry, over Six Months.

                Looking forward, moving ahead

                Whether we think of 2020 as memorable or a year we would rather forget, we can all agree that this year has fundamentally changed how we work and how we live. As we experience the rise of the digital economy, companies are increasingly investing in the apps and tools needed to build the best customer experiences. And to support their workforces, organisations are reaching for tools that support the most important aspects of remote work, including collaboration, security, and employee engagement. In a world of shelter-in-place, we have relied on digital tools to bring us all back together.

                Okta Customer Identity.