Okta’s latest 2025 Businesses at Work Report is a wake-up call for IT professionals—and a fascinating window into the evolution of enterprise software and security over the past decade. In an era defined by smartphone saturation, global remote work, and a dramatic shift toward cloud-based operations (not to mention an alarming rise in professional cybercrime), Okta’s report brings hard data and surprising insights that every Windows user should consider when evaluating the broader IT landscape.
For those of us in the Windows community, these findings reinforce the importance of continuously re-evaluating our strategies and embracing a flexible, multi-vendor approach when it comes to integrating productivity and security solutions. As digital workforces expand and threats evolve, staying informed and ahead of the curve isn’t just an IT best practice—it’s a necessity in today’s interconnected world.
Source: SC Media Who's using what: Results from the 2025 Okta Businesses at Work report
Evolving Workforces and the Rise of Best-of-Breed
Over the last 10 years, the enterprise technology scene has morphed significantly. Okta, an identity-security provider that has chronicled this evolution since 2015, offers a decade-spanning view of how organizations acquire and deploy modern applications and security solutions.- A Changing Digital Landscape:
As CEO Todd McKinnon noted, we’ve witnessed a shift toward a cloud-based lifestyle, remote work, and even the emergence of professional cybercrime. The report, which gathered data from November 2023 through October 2024, captures this transformation, showing how organizations have adapted to an ever-evolving set of challenges and opportunities. - Best-of-Breed vs. Bundled Solutions:
Despite many companies already having similar functionalities as part of bundled offerings, a large number are embracing a “multi-stop shopping” approach. Instead of putting all their eggs in one vendor’s basket, many IT leaders prefer selecting best-of-breed solutions that excel in specific functions—even if it means purchasing overlapping tools. This trend illustrates a nuanced understanding that when it comes to security and productivity, sometimes specialized tools outperform “one-stop-shop” bundles.
Top Application Trends: Then and Now
A decade ago, Microsoft Office 365 was the undisputed leader among the applications powering modern workplaces. Fast forward to 2024, and while the core utility of Microsoft remains, the landscape has grown more complex and competitive:- Persistent Leaders:
- Microsoft 365: Despite rebranding and evolving its service portfolio, Microsoft 365 still sits atop the list, proving its resilience and adaptability.
- Google Workspace: Having jumped from fourth position in 2015 to second in 2024, it now challenges long-established players for dominance in the productivity space.
- Amazon Web Services (AWS): Rising from sixth to third highlights not only its growing ecosystem but also the critical role of cloud infrastructure.
- New Entrants and Shifting Rankings:
- Zoom: Now ranked at number five, Zoom illustrates how video communications have become a staple in today’s remote work culture.
- Atlassian Suite: Products like Bitbucket, Confluence, Jira, and Trello have carved out a spot in the top six, signaling a shift toward software that streamlines collaboration and development work.
- The Vanishing Act of Former Favorites:
- Applications that once held strong positions in 2015—such as Box and SAP Concur—have disappeared from the top 15. Meanwhile, former mid-tier players like Dropbox and LinkedIn have given way to new collaborative giants like Slack, GitHub, and Lucid.
Multi-Factor Authentication: A Decade of Transformation
Security practices have also come a long way in the past decade. The report highlights significant shifts in multi-factor authentication (MFA) usage—a change that resonates deeply with Windows security administrators and enterprise IT leaders.- From Outdated to Cutting-Edge:
In 2015, security questions such as “What was your mother’s maiden name?” were common. Today, these archaic methods have been dropped from the top lists, replaced by more robust, open-standard solutions. Unfortunately, SMS-based one-time passcodes have only slightly improved—from the second most common factor in 2015 to fourth in 2024—demonstrating a persistent reliance on less secure methods. - Gaining Ground with Modern Solutions:
Google Authenticator, for instance, has climbed from a mid-tier position to number three, underscoring a broader shift toward app-based MFA that leverages open standards. Equally noteworthy is the rise of phishing-resistant measures:- WebAuthn-compliant Factors: Securing the network at the protocol level, these solutions now sit in a healthy sixth position.
- Yubikey Hardware Tokens: Once a niche product, they are now recognized as a reliable cryptographic tool at number nine.
- Okta’s Own Innovations:
Okta Verify has leaped from fourth to first place, while Okta Verify with Push now sits at number two. The introduction of Okta Verify FastPass—a passwordless solution that wasn’t available in 2015—secured fifth place, signaling the organization’s commitment to next-generation security.
Fast-Growing Security and Compliance Platforms
Among the standout findings of the report is the impressive year-over-year growth of several security and compliance tools. These findings underscore a growing recognition of the need for fortified cyber defenses in today’s complex digital landscape.- Notable Growth Figures:
- Vanta’s Compliance Platform: At a staggering 72% YoY growth, Vanta leads in the compliance space, reflecting regulatory pressures and the critical need for robust data governance.
- Bitwarden Password Manager: Growing by 63% YoY, Bitwarden emphasizes the increasing awareness of password hygiene and the broader importance of secure credential management.
- TailScale VPN: With a 59% YoY increase, TailScale’s rise indicates that secure remote connectivity is more crucial than ever.
- Unexpected Contenders:
- Ramp and Uber: Sharing a 56% YoY growth rate, Ramp (a spending-tracking platform) and Uber (which is now pivoting towards corporate travel management) defied expectations. Their growth highlights how organizations are not only seeking security but also innovative solutions to streamline business operations.
- Market Competition:
Market dynamics are also shifting among competitors. Drata, a compliance-platform partner of Okta, and Zip—a rival to Ramp—are making significant inroads, suggesting that even well-established markets are ripe for disruption.
The Shifting Threat Landscape
One of the more startling revelations of the report is not just what tools organizations are buying, but which sectors are experiencing the highest rates of malicious authentication attempts.- Unexpected Targets:
Contrary to popular belief, nontraditional sectors such as natural resources (including energy, mining, and oil and gas) topped the list, accounting for 32% of authentication attempts that were flagged as threats. This suggests that critical industries with traditionally less digitized infrastructures are becoming prime targets for cybercriminals. - Comparative Vulnerabilities:
- Nonprofit Organizations: Coming in second at 18%, nonprofits are also vulnerable—likely due to perceived gaps in cybersecurity investments.
- Healthcare Versus Other Sectors: Despite the common assumption that healthcare is perpetually at risk, the report indicates that healthcare and pharmaceutical sectors see malicious attempts around 1.7%, perhaps highlighting stronger security protocols or less aggressive authentication practices.
- Global Impact:
Increased threat rates are seen across leading economies, with countries like the U.S., U.K., Germany, and the Netherlands all recording rates above 5%. This global pattern underscores the pressing need for continuous security vigilance.
Implications for the Windows Ecosystem
Though the report spans a wide range of industries and technologies, its findings have particular resonance for enterprises dependent on the Windows ecosystem.- Integration Challenges and Opportunities:
Microsoft 365 continues to dominate as a productivity suite, yet the data shows a robust overlap with other service providers. For example, many organizations deploy Microsoft 365 while also incorporating Google Workspace, AWS, and even Slack to harness best-of-breed solutions. This trend highlights a critical point: even if your organization is deeply invested in Windows-based solutions, the IT strategy may well include a mix of third-party applications. - Vendor Consolidation vs. Multi-Stop Shopping:
The phenomenon of multi-stop shopping challenges the once-popular idea of vendor consolidation. Despite the perceived cost and simplicity benefits of bundled solutions, many organizations prefer to cherry-pick their tools based on performance and reliability—even if it results in overlapping functionalities. For Windows IT departments, this means a need for greater strategic integration and API management to ensure that disparate systems can communicate effectively and securely. - Security Integration:
As Windows users, you’re likely familiar with the Windows Hello ecosystem and similar integrated security measures. Okta’s report suggests that even large organizations are looking beyond a single-vendor approach for authentication and security solutions. With Okta Verify solutions leading the pack and the emergence of phishing-resistant options like Yubikey and WebAuthn factors, there’s a clear signal that integration of multi-factor authentication with native Windows security features could further bolster enterprise defenses.
Looking Ahead: Strategies for Enterprise IT
The expansive insights from the Okta Businesses at Work Report offer critical takeaways for enterprise IT leaders and Windows users alike:- Embrace a Hybrid Approach:
Relying solely on bundled services might not offer the flexibility or the state-of-the-art security that dedicated, best-of-breed solutions do. Evaluate which areas—be it productivity, collaboration, or security—could benefit from specialized, cutting-edge tools. - Invest in Robust MFA:
With passwords increasingly falling out of favor and traditional authentication methods showing vulnerabilities, it’s vital to adopt more secure, streamlined multi-factor solutions. Enhancing existing systems with modern approaches like Okta Verify, Google Authenticator, or hardware-based solutions can help fortify defenses. - Stay Agile in Security Spending:
Rapid growth in security and compliance platforms underscores the competitive nature of the cybersecurity market. Enterprises should continuously assess their security posture, remaining agile in their investments to counter emerging threats—especially in sectors that may not traditionally prioritize digital security. - Interoperability is Key:
As organizations juggle multiple cloud services and security tools, ensuring smooth interoperability across platforms becomes critical. For Windows environments, which often serve as the backbone of corporate IT, this means aligning with vendors who offer robust integration capabilities.
Final Thoughts
Okta’s 2025 Businesses at Work Report doesn’t just offer numbers and rankings—it provides a narrative of technological evolution, reflecting how enterprises are balancing innovation with the imperatives of cybersecurity. Whether it’s the evolution from aging security questions to cutting-edge passwordless solutions or the surprising vulnerability of natural-resource sectors, the report serves as both a status check and a roadmap for where enterprise IT is headed.For those of us in the Windows community, these findings reinforce the importance of continuously re-evaluating our strategies and embracing a flexible, multi-vendor approach when it comes to integrating productivity and security solutions. As digital workforces expand and threats evolve, staying informed and ahead of the curve isn’t just an IT best practice—it’s a necessity in today’s interconnected world.
Source: SC Media Who's using what: Results from the 2025 Okta Businesses at Work report