Businesses at Work 2022: Familiar Players in a Changing Landscape

Today, we released the findings from our eighth annual Businesses at Work report, our yearly exploration of how organizations and people work today. For many of us, 2021 felt like a continuation of the challenges of 2020—a year stuck in limbo. However, the most innovative companies found ways to push forward and evolve. Our data shows that organizations around the globe leaned heavily into two areas: choice and collaboration. This matches a drum we’ve beat since our inception, and we’re excited to see more organizations around the world put them at the forefront of their technology strategies.

The key learnings of 2021

This year’s top categories provide a bird’s eye view of what matters to companies today. They increasingly lean into collaboration apps, which consistently ranked #1 in customer adoption, with security tools close behind. Collaboration and security were the two most popular categories of tools deployed through the Okta Integration Network (OIN) in 2021.

A case in point: for the first time ever, our fasting-growing apps include five collaboration tools—Notion, Figma, Miro, Airtable, and monday.com. Keeper joined the list at #6, as a new leader in the ever-changing security space. TripActions’ rank at #2 indicates a surprise shift back to corporate travel, led predominantly by the tech industry and North America.

This year some of our top collaboration tools formed a “power trio” of MVPs that’s been years in the making, with an added boost from remote work. Google Workspace, Zoom, and Slack continue to rank highly, and they show especially strong growth among small businesses (under 2,000 employees), and across Asia-Pacific (APAC) and Europe, the Middle East, and Africa (EMEA).

We’re also seeing Okta customers increasingly supplement their productivity suites with industry-leading collaboration tools, demanding best-of-breed functionality. Among Okta’s Microsoft 365 customers, 45% also deploy Zoom, 33% deploy Slack (even though Teams comes standard with a basic business subscription), and 38% deploy Google Workspace (which has a lot of duplicative functionality)—all up from last year’s report.

The rise of the multi-cloud platform

This rise in cloud platforms speaks to another trend that solidly arrived in 2021—multi-cloud. 14% of Okta customers who deployed a cloud platform in 2021 deployed two or more—a number that was only 8% in 2017. I consider this the death knell of the one-vendor shop, and another indication that companies are demanding choice.

The need for choice is especially apparent when drilling down into the tech industry. AWS is the most popular tool in the tech sector. And, since 2018, the percentage of customers deploying both AWS and GCP solutions has more than doubled, rising from 1.2% to 2.6%. While impressive, these stats alone are not surprising; I’m more interested in the story this combination is telling. Once again, it’s all about choice. 

Robust security is forcing modernization 

Of course, security is always top of mind, every year. Our data shows that modernizing your security posture by replacing legacy authentication (simple, traditionally weak methods, like passwords) with adaptive forms of authentication, like Okta Verify, is a critical step to take right now. Here’s why:

In 2019 we introduced ThreatInsight, a tool that detects potentially malicious IP addresses, and was designed to prevent credential-based attacks. Now deployed at scale for over a year, we’ve leveraged its data to test our theory that modernization matters. Here’s what we found: Microsoft Legacy Authentication is simply more vulnerable to attack than modern forms of authentication. This means that organizations allowing legacy forms of auth are more frequently subject to credential-based attacks.

Using this ThreatIsight data, we compared Okta organizations that allow any legacy auth (i.e., those unable to support MFA) to those that require modern authentication practices. We see that, on average across all industries, organizations using Microsoft Legacy Authentication face a 53x higher ratio of threats to authentications, compared to organizations that don’t allow it. We see a 90% reduction, at least, in the ratio of threats to authentications when an organization denies legacy auth requests. This metric can go as high as 99% depending on the industry. It suggests that the attackers behind large-scale, credential-based attacks are more likely to target organizations that support legacy auth.

Okta’s senior director of cybersecurity strategy, Brett Winterford, sums up the findings by saying “in many of the most prolific breaches of 2021, attackers gained initial access to a target's inbox using stolen credentials—and was not presented with an MFA challenge. When your organization allows Microsoft Legacy Authentication, your security is only as strong as the weakest user-defined password."

The second half of this year’s modern security story is the continuing march towards Zero Trust. Okta customers are preparing for a Zero Trust future by investing in the building blocks of their Zero Trust journey. We’ve seen a 91% increase in risk-based policies, a 31% increase in customers deploying WebAuthn, and a 9% increase in device trust configuration.

A last look at the landscape

In wrapping up 2021, I find one continuation especially comforting. Companies and individuals clearly remain enthusiastic about giving back. The number of companies deploying at least one App for Good has grown 36% YOY, and the number of active, unique users assigned to Apps for Good has now reached over 1.2 million.

As we head into 2022, new Covid variants remind us that change is not only inevitable but persistent. Standing still is not an option, but being prepared with the right tools will always win. Read our full report findings here.

And here’s a list of all our previous reports:

Businesses @ Work 2021

Businesses @ Work 2020

Businesses @ Work 2019

Businesses @ Work 2018

Businesses @ Work 2017

Businesses @ Work 2016

Businesses @ Work 2015