KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
So I think when we all took a break at the end of last year, and we sat down with our families wondering what the year ahead would hold, none of us could have predicted what has happened in the past six months or so. 2020 really has been a year of change in it security fundamentally because it's been a year of change for the business, or even half a year of change for the business. We've seen digitization buzzword, which has gone from something that people maybe talked about.
Maybe there are a few chief digitization officers around, but there were not wholesale programs to go and redesign the business at scale. And what we've seen in the last six months is 2020 has, has just taken a totally different approach to digitization. We've seen a huge acceleration in the speed of change in business and Paul, some of our customers have said they've delivered three years of change in three months, as they've tried to help the businesses that they're supporting adapt. We've seen change control, which is often, especially in large corporates, a, a huge limit to change.
We've seen that melt away as organizations have actually seen security, become an enabler of digitization. And that's one of the topics we're gonna talk about today, as well as the changing dynamics of the workforce. Can we go to next slide please? So there's been a very interesting study by the global workplace analytics team.
It's, it's the largest of its kind. It's been run over the last few months, looking at employees and employers all around the world. So there's been a significant input from Europe, both central Europe, Western Europe, Northern Europe, but also the United States and also from Asia. And what they've seen is over half employees have a job where they can work from home to an extent, and going forward, they reckon that 83% of those will see an increase in the work from home frequency. So what does that mean?
That means that when you look into the data, employers have gotten over the mental hump to understand that their employees can be more productive from our home setting, where distractions are minimized. People can get on with a piece of work and really drive that outcome faster. We've also seen that employees like to work from home and also they miss their colleagues. They miss the collaboration. So the conclusion of the report is a balanced environment where we'll have people working from home a couple of days a week in, in EA Europe, middle east and Africa.
The view is two to two and a half days a week from home for those that can, and, and then also that time in the office, which will be collab around collaborative work, but also engaging with your coworkers. So from the business perspective, we are seeing a real change in what the workforce wants, but also what the management will trust the users to do or, or to be able to do their work.
And so that poses interesting questions for the security organization around how can they keep that resilience as high as possible with a user base that might partly be at home where the existing control sets that may have been deployed in the corporate really aren't gonna be of a huge amount of use. And also then using those still using that corporate environment where all the, the investment in the security controls has traditionally been.
And throughout all of that, we're gonna see huge acceleration and digitization as the business rapidly accelerates its adoption of SaaS in order to enable users to work at scale from anywhere. Next slide peaceful.
Now, normally I would give some of this data, a level of skepticism because you know, we all, we are, we are human and we tend to, we tend to revert to type after time. But what the conclusion of the report showed was there's actually real financial incentive for the CFO. When you look at the benefits with regards to real estate, overhead employee cost travel cost of, of asking employees to work from home a couple of days a week, and employees want to do that. And furthermore productivity and efficiency goes up on top of all of that.
You've got the environmental benefits of people not having to travel and commute every day. So really there's benefit in it for the workforce, for the people, for profit and for the planet. And when you dig into the data, it's for free report, I'd recommend you, you downloading it, you start to see the challenges we're gonna face.
And the questions we as a security community have to ask ourselves as we are, if we try and look to deploy controls that that support users, whether they're at home, whether they're at the workplace, but also introduces other questions, especially those we've seen over the last three months, such as, how do you cater for employee own devices? How do you protect employee own devices? And how do you balance that with privacy, where you may not be able to deploy corporate controls onto those employee own devices, and yet you still need to find a way to protect them.
These are some really difficult questions to answer, and yet we've been working very hard with many organizations to do just that. So Paul, as we've seen this, you know, we we've seen our client base adapt so much. We've seen the, you know, from a, from a duo perspective, we've seen 35% more traffic in terms of authentications come to us in a, in a six week period. So we've seen a huge change. We've seen companies adapt as they've, as they've accelerated their approach to digitization. How have you seen customers adapt in your business? Yeah.
Thank you, Ali. So I think from, from our side, we've seen a dramatic shift to different sectors making fuller use of technologies like umbrella and J from a perspective, education has been a really large shift of educational line using various different collaboration solutions. So for instance, one example, I saw 200,000 students within a district having to move to remote, working and using umbrella as a way of protecting that user base very quickly. And they had to deploy within weeks using a solution that would normally be done over many months or even a year in previous times.
Other examples include customers we've worked with where they've taken financial services agents from a contact center, and we they've moved them to home working to make sure there's continuity in that service. And in that case, there was over 10,000 agents across many different countries.
So again, they're looking for those kind of solutions to be secure, but then rapidly delivered and really only, only cloud solutions that are, have been viable to, to roll out such as speed over, over a number of weeks from that just leading in from that O there's a number of other challenges that we we see across businesses of all shapes and sizes. Some of the things that that really are top of mind here, that I, I would say we should all be thinking about and, and areas we discuss actively daily. So the first one is, is the, the threat landscape.
If we think about the potential threats that are out there right now, because of the remote marketing aspect of user base, because of the fact that users using their own devices, as well as corporate devices, that threat landscape has changed, but we need to think about what simple can we do? You know, what are basic hygiene steps around security in how we can continue to protect those users when they're using their own devices? If they're connecting directly to the internet from home, as well as the workplace of the past.
So from our perspective, we've seen an increase in the number of users that are on umbrella. So we're now resolving around 200 billion DNS requests every day. So DNS is a capability is just the baseline first point where someone connects to the internet. And if you're protecting against malicious sites, bad actors at that point, that's, that's kind of a basic hygiene.
So I think from that perspective, one, one thing about protecting against threats is to think about how can we block, you know, bad known actors at that first point of, of connection to the internet from a malware ransomware fishing perspective. The other aspect that goes through my mind when I'm talking to customers and looking at what's, what's been happening is there is existing security controls as existing infrastructure that's already invested in. How can we continue to realize the benefits of that by, by effectively integrating into those components?
So again, from a cloud security perspective, the simple things that you need to think about there is that, that integration, you know, if you've got threat intelligence from other sources, can we make use of that to help block when we're, we're connecting the device to the infrastructure, if we're reporting on vulnerabilities or, or aspects that we're picking up around particular users being affected, can we report that into other systems as well? So that, that simple kind of API integration is something that is very much out of the box and capable within cloud security solutions.
So these are the things that we think about around adding value to the existing solutions that are there. And I'll say, you know, examples of how we're working with J from perspective of identity.
I mean, OIE, what's what you seeing around that kind of identity, the user, those types of devices, what, what's your experience? Well, thank you, Paul.
So, so I think as if acceleration to a remote workforce has happened over the last few months, we get back to many of the same questions that we ask, you know, as consultants. So when I read note the consulting team at Cisco, the, the most common questions, we we'd always start when doing assessments were, you know, who are your people? Who are your employees, who are your contractors, who is trying to access your assets?
What assets are those that you have that people are trying to use to access your applications, your data sets, what are the software levels that they're using are those compliant? And, you know, how do you establish trust for the user? How do you establish trust for the device that that user is coming into your environment from? And for many of these organizations, they are employee-owned devices currently because they might have a workstation at work, but the, the user has a personal device at home. And then thirdly, you know, how do, how do you establish the trust with the application?
And really it comes, it, it comes back to the, the basic problem of, you know, how do you establish visibility? How do you understand posture and how do you do that in an adaptive and continuous manner, not just point in time. And then how do you harmonize your policy for on-premise and for those workers who are remote and how do you do all of that in a simple way. And really there, there are a lot of the questions that, that people have been coming to duo with, and they're the things that we, we specialize in and we've been able to support them on.
So, you know, visibility for users, devices, and those applications from an MFA perspective, you know, that's just the starting point. There's so much more you can do to contextualize that around location, the device that people are using, the applications that they have, the rights to use, all of that can be looked at, but, but really it comes down to speed and time to security coupled with user experience. So we believe that that users should be able to self enroll. You should have very, very, very few tickets or any overhead to the rest of the it organization, that stretch.
And as an example, we've seen, we've seen entire multi-thousand organizations roll out in a couple of days, we've seen health organizations come to us saying we've got doctors, we've got nurses. We want to bring them back into the workforce. We want to do that in the next 24 hours. And we've had those doctors and nurses enrolling in 45 minutes in 45 minutes, having done the integrations, not days of professional services in 45 minutes, you have the actual users who are, who are being enrolled.
And Paul, that speaks to what you've been talking around, which is the speed that you can move. Once you have things in the cloud, once you have things in a software as a service model, and those integrations are already done, there's clear documentation, there's videos, and it's just simple and transparent for the it administrator and for the security teams. So they can focus on the compliance, the policies and all the, the, the work they've gotta do to, to, to meet the various standards of their, of their industry.
So going into, you know, going forward, Paul, what do you think are some of the questions we've gotta ask ourselves as we, as we prepare for this new normal? Yeah.
So it's, it's a good point there O in regards to thinking about that simplicity, thinking about the user experience while still having that control and ability to, to set the policy within the organization, because now the reach is far bigger. Realistically, we are not going to go to the same levels of users sitting within the workplace. There's gonna be a bit more of a new norm around that flexible remote working environment.
That's, that's definitely the, the feedback that, that I'm hearing from customers around that balance of more users distributed within the workforce. So the, the kind of aspects that, that we think about there is how can we continue to evolve?
What, what we've already been doing. You've talked about digitization, moving at speed from, you know, three years down to three months, and in the same way, security is helping enable and support a lot of that as well.
So, so the first thing for me around that is how do we continually protect that user base when effectively they may not be on a secure VPN as such a direct corporate connection? So, so areas like that is, is something that the umbrella solution very much does from a starting point where it'll protect a user from a perspective of being on network or off network. You can have a, you can have a setup. That's very simple to push onto both a corporate own device, as well as a, a consumer device.
And that ensures whenever they connect to the internet, they're, they're having a secure connection wherever they are, whatever network they're on. So that's something that's already there as a capability and, and continues to, to evolve. I think going back to the, the risk profile because it's cloud delivered and the risks do change, you know, malware changes, fishing attacks change, and that they we've seen that how they've evolved to, to, to the current climate that we're in because it's cloud delivered.
Again, the, the actual profiling of the threat intelligence evolves and changes. We've, we've seen that update from a perspective of our customer base. And because already they're utilizing this solution from the cloud, it can be updated very easily. There isn't any sort of localized effort that's required on the user. So that user experience stays the same if the type of devices they're using moving forward changes as well.
Again, that can evolve with that, that kind of usage base may, may be a, you know, a device from apple may be an Android device, may be a windows device or whatever the future device may be. I think these are the things we need to think about around, you know, keeping an eye on those risks, but then balancing that with, with the user behaviors and also the types of devices from that perspective.
I mean, what, what are you seeing? What's the kind of next steps that geo when you're thinking about that?
Well, I, I think one of the challenges people are really trying to tackle is, is it comes back to the same things who who's accessing my applications and from what devices and how do I ensure that matches my corporate policy in a continuous and in an adaptive manner.
So once you, once organizations have put duo between their applications and their users and their devices, they've often found whole groups of users who are able to access the applications that they didn't want to be able to access the applications they've found compliant devices, which have been able to access those applications. And as we know, you know, less than 1% of devices, which are compromised through external attacks, you are due to net new vulnerabilities, 99%, you know, vulnerabilities we know about. So being able to understand the posture of those devices in an adaptive manner.
So whilst not interfering with the user's privacy, and this is really crucial.
So, so one of the things that we've seen is, is a, a huge uptake in the ability to check the user's compliance, whether it's the operating system, whether it's having antivirus on having firewall turned on these checks, which, which look for a basic view of compliance, but also being able to integrate with antivirus technologies and next generation EDR technologies, if the user's happy to have them on their machine, and then ensuring that those devices, as well as the users can be trusted when they're accessing those applications.
And that's been a real growth in, in interest as people realize, it's not just about who is it accessing my data, it is, and what device are they using to access my data. And that is absolutely critical when you are using, when you're seeing users move outside of the corporate boundary, and you're starting to lose some of the traditional controls, be they physical or, or, or cyber that you'd you'd have for your workforce. So Paul back to you to close things out, Thanks Ali. So some key action points that can be taken.
So these, this is an evolution and we can discuss it a bit further in, in the interview in the next stage. But the first thing is we need to verify the identity of users coming in a posture of their devices, establish that trust. That's quite a, a basic necessity for security. We need to be thinking about how security allows our users to work anywhere in a secure fashion.
And, and that security evolves with the user as well. Again, the evolution of the threats are changing, keeping on top of that. And what's absolutely key is that integration into other platforms and the existing investments that you've made in technology and services and security as well, and, and evolving that from the business perspective. One thing that, that you can do as a kind of call to action is because these are cloud delivered services. There's free trials.
We've been running these with customers 90 day trials to test out and also get some visibility of the potential threat landscape within the user base, but as also the usability of, of these types of solutions that Ali and I have talked about. So a call to action is go to this link, try that out and get a feel for the benefits to your organization around what Ali and I have discussed as well. So that's a quick call to action.
There, there is a poll that we've started in the background. So please feel free to complete that. There's three questions in there. We'll also use that to talk through, join the next stage, which is the interview coming up. So please stay tuned for that as well.
