Centralised app authentication boosting business cloud use: Okta survey

Use of security questions to verify users' identities declined throughout 2015 as SMS authentication grew, according to an audit of cloud-application usage that also revealed small businesses were as likely as large ones to adopt cloud applications.

The latest Businesses@Work survey, conducted by application-authentication provider Okta based on usage statistics collected from its users, suggested businesses had overcome early concerns about cloud security and were enthusiastically adopting managed-authentication tools to secure a growing number of cloud applications.

Businesses' sweet spot for cloud usage sat at between 10 and 16 apps – up 20 percent from a year earlier – but a particularly significant finding was the use of application-authentication tools by partners and customers external to the organisation.

External identities surpassed internal identities for the first time in Okta's latest findings, growing 488 percent over the previous year compared with growth in internal identities of 138 percent. Some 83 percent of customers and partners using at least one off-the-shelf cloud app, and the average customer or partner was accessing 5 total applications using the company's authentication tools.

These figures suggest a rapidly changing security landscape within companies adopting cloud technologies, which have long been fingered as confounding factors to security practitioners' attempts to boost overall security in the face of growing cloud-application adoption.

“Enterprises are more focused than ever on securing corporate data outside the firewall,” the report's authors noted, “but they also don't want to slow their end-users down with cumbersome second factors. While nothing has emerged as an obvious trend [to replace security questions and SMS]... the fastest growing factors are those focused on end user experience.”

Strong demand for cloud-based authentication – which for some time remained a bugbear of security providers who struggled to implement consistent authentication of cloud resources in environments dominated by pre-cloud security tools – has driven growing investment in the authentication tools market, with Okta rival Centrify also reporting strong growth and integrators like cloud-computing consultancy Paradyne jumping on the authentication bandwagon early on.

Strong use of cloud-authentication capabilities was reflected in the widespread use of Okta's tools to roll out a range of online applications – most significantly Microsoft Office 365, which has rapidly grown in popularity and recently passed Salesforce.com to become the most frequently-commissioned cloud application amongst Okta's user base.

Box, the third most-commonly authenticated app, is the most common cloud-storage tool, followed by cloud applications including Google Apps, Amazon Web Services, Concur, Zendesk, LinkedIn, DocuSign, Dropbox, Twitter, and the Slack messaging app – which beat Tableau and New Relic to finish as the fastest-growing cloud app in the second half of 2015.

Read more: As cloud rolls in, SunRice plants infrastructure seeds with security refresh

Security Assertions Markup Language (SAML), used in 90 percent of Okta customers, was by far the most popular security policy – well ahead of deprovisioning (43 percent) and multi-factor authentication, used by just 30 percent.

Google Apps, Microsoft Office 365, Ultipro, Concur, and Slack were the five most widely-deployed cloud apps, all being rolled out to 75 percent of employees or more. The least widely assigned apps, suggesting those with a niche purpose within the business, were Microsoft Azure and Amazon Web Services. A cluster of apps with approximately the same low frequency – including Twitter, Facebook, NetSuite, Google Analytics, FedEx US, and New Relic – suggested these tools were typically rolled out together to specific business units.

Google Apps was most popular in Internet, marketing and advertising, and education companies while Office 365 was most dominant in finance, biotechnology, and construction firms.

The survey also identified regional variations in the use of some types of cloud apps, with Asia-Pacific companies trailing North America in adoption of sales & marketing (53.3 percent versus 71.3 percent); HR apps (21.1% vs 55.2%); videoconferencing (24.4% vs 42.6%); and expense management (11.1% vs 42.5%) applications.

Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.

Start Survey NOW


Join the CSO newsletter!

Error: Please check your email address.

Tags ConcurNorth AmericadropboxSecurity Questions’Microsoft Office 365LinkedInOktaslackUltiproGoogle AppsCloudDocuSignSAMLtwitter

More about Amazon Web ServicesCentrifyDocuSignDropboxFacebookFedExGoogleMicrosoftNetSuiteNew RelicOktaParadyneSalesforce.comTwitterVisaZendesk

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place