The need for choice is especially apparent when drilling down into the tech industry. AWS is the most popular tool in the tech sector. And, since 2018, the percentage of customers deploying both AWS and GCP solutions has more than doubled, rising from 1.2% to 2.6%. While impressive, these stats alone are not surprising; I’m more interested in the story this combination is telling. Once again, it’s all about choice.
Robust security is forcing modernization
Of course, security is always top of mind, every year. Our data shows that modernizing your security posture by replacing legacy authentication (simple, traditionally weak methods, like passwords) with adaptive forms of authentication, like Okta Verify, is a critical step to take right now. Here’s why:
In 2019 we introduced ThreatInsight, a tool that detects potentially malicious IP addresses, and was designed to prevent credential-based attacks. Now deployed at scale for over a year, we’ve leveraged its data to test our theory that modernization matters. Here’s what we found: Microsoft Legacy Authentication is simply more vulnerable to attack than modern forms of authentication. This means that organizations allowing legacy forms of auth are more frequently subject to credential-based attacks.
Using this ThreatIsight data, we compared Okta organizations that allow any legacy auth (i.e., those unable to support MFA) to those that require modern authentication practices. We see that, on average across all industries, organizations using Microsoft Legacy Authentication face a 53x higher ratio of threats to authentications, compared to organizations that don’t allow it. We see a 90% reduction, at least, in the ratio of threats to authentications when an organization denies legacy auth requests. This metric can go as high as 99% depending on the industry. It suggests that the attackers behind large-scale, credential-based attacks are more likely to target organizations that support legacy auth.
Okta’s senior director of cybersecurity strategy, Brett Winterford, sums up the findings by saying “in many of the most prolific breaches of 2021, attackers gained initial access to a target's inbox using stolen credentials—and was not presented with an MFA challenge. When your organization allows Microsoft Legacy Authentication, your security is only as strong as the weakest user-defined password."
The second half of this year’s modern security story is the continuing march towards Zero Trust. Okta customers are preparing for a Zero Trust future by investing in the building blocks of their Zero Trust journey. We’ve seen a 91% increase in risk-based policies, a 31% increase in customers deploying WebAuthn, and a 9% increase in device trust configuration.
A last look at the landscape
In wrapping up 2021, I find one continuation especially comforting. Companies and individuals clearly remain enthusiastic about giving back. The number of companies deploying at least one App for Good has grown 36% YOY, and the number of active, unique users assigned to Apps for Good has now reached over 1.2 million.
As we head into 2022, new Covid variants remind us that change is not only inevitable but persistent. Standing still is not an option, but being prepared with the right tools will always win. Read our full report findings here.
And here’s a list of all our previous reports:
Businesses @ Work 2021
Businesses @ Work 2020
Businesses @ Work 2019
Businesses @ Work 2018
Businesses @ Work 2017
Businesses @ Work 2016
Businesses @ Work 2015