Security tools among the fastest-growing business apps

it security lock cybersecurity breach alignment by chakisatelier getty
ChakisAtelier / Getty Images

Businesses are rapidly embracing a four-layered “modern security stack” as adoption of cloud-based applications allows them to sidestep the upgrade paths of legacy security platforms, a new study has found.

Okta’s latest Businesses@Work study, which tracks application usage and installation patterns amongst the identity-management company’s user base, found that companies had deployed more than 150 different security-related applications.

These applications fell into four key strategic layers – protection of people, devices, infrastructure, and networks – with adoption of password managers growing 84 percent year-on-year as companies embraced new options for tightening up the human firewall.

Tools for improving infrastructure recorded the fastest overall growth of the four layers, with applications from the likes of KnowBe4 and Mimecast growing 61 percent year-on-year as companies redoubled their efforts to tighten their exposure to emailed threats.

People-layer tools – which include account and credential management, physical security solutions, identity and access management (IAM), privileged access management (PAM), identity governance and administration, cloud access security brokers (CASBs), and more – were the first choice for companies that were just commencing the construction of their modern security stack.

And 34 percent of companies chose such a people-focused tool as their first security layer to address what is well known to be the biggest vector of exposure for cybercriminal attack.

Fully 42 percent of customers were running people-security applications, Okta’s analysis found – up from 18 percent four years ago – while network-security app adoption had also grown dramatically over the same time, from around 13 percent to 33 percent.

The top security apps are “coming within striking distance” of the most popular overall applications – which include

“Attackers are increasingly targeting users and their credentials to gain unauthorised access to accounts,” the report noted. “Security teams are adjusting to these dynamics, increasing their investments in security tools and prioritising the protection of their people first.”

The devices layer includes tools for security analytics, endpoint management and security, and certificate management while network-layer tools include secure web gateways, VPNs and firewalls, and proxies.

Finally, the infrastructure-security layer includes tools for content delivery network providers, server access, and infrastructure monitoring.

Based on the results of the study, a company choosing best-in-breed applications for their modern security stack would choose tools including KnowBe4 (people layer), Jamf Pro (devices layer), Palo Alto Networks Prisma Access (network layer) and New Relic (infrastructure layer).

Security tools had become so popular that they were “within striking distance” by number of users of the most popular apps Okta users were running – including Microsoft Office 365, Salesforce, AWS, G Suite, Atlassian, Slack and Zoom.

Okta also analysed the data to find out at what size companies started to take security “seriously” – and found that level to be at 150 customers. Businesses with 150 or more users, the report concluded, were twice as likely as smaller organisations to have a people or device-layer tool in place while network-layer tools were 2.4 times as likely to be found in larger companies.

“Across Australia and New Zealand, we are seeing businesses increasingly place emphasis on shaping and securing digital experiences for both their workforces and their customers,” said Okta APAC general manager Graham Sowden.

“Okta has also seen a clear preference for technologies that enable choice, flexibility, and use of data insights, whilst also maximising security…. We expect to see more and more specialised and customisable apps driving greater efficiency, and enabling companies to do their best work through the next decade.”


Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies