Digital Trust: Critical to Digital Business Success

Hello, I'm Richard Hill, a senior analyst at KuppingerCole, and today we're having a webinar about digital trust, critical to digital business success. This is a webinar supported by Okta and joining me today is Ian Lowe, director of solution marketing at Okta in the EMEA region. Before we start here's some quick information and some housekeeping notes, and then we'll jump into the topic for today's webinar. As you may have already noted. We have a series of upcoming KC live events on the very modern format with panels and presentation, keynotes, and much more. The next upcoming KC live virtual event is cyber access summit 2021, starting June 9th. This is a KC live event where you could learn how to equip your IAM strategy and give you insights into industry expert projects and best practices in the areas of PAM and IGA. And I am in managing digital workflows with servicenow on June 23rd. In which you could hear about the current state of it, service management and see live service. Now use cases demonstrated by the platform.
Then on July 7th is the cloud strategy optimization ensuring efficient and secure collaboration on the cloud, where you can learn from experts about plans and practices to protect data in applications hosted in the cloud. So there are a lot of virtual events as well as other type of events throughout the year. So please take a look at our website, research, blog, posts, and videos, and now for some housekeeping notes, everyone is automatically muted. So there's no worry about muting yourself. We'll be recording the webinar, which will be available on the KuppingerCole website. Also we'll save time at the end for questions and answers. The go-to meeting control panel has an area to type in your questions at any time in which we'll answer during the question and answer session at the end, let's have a look at the agenda for today. I'll start out by touching on the topics of digital transformation, digital identities, digital trust, and how it ties into the zero trust model. Once I'm done, I'll turn the webinar over to Ian who will talk about how IDEXX solutions can enhance productivity, loyalty, customer engagement, and creating that digital trust. Finally, as I mentioned, we'll save time at the end for that question and answer session.
So what do we need for digital transformation? You need some essential capabilities to be successful, such as agility in being able to respond, to changing it, requirements, cybersecurity, having that those technologies tools, processes, practices to protect the network devices and data from attacks and innovativeness. That ability to build on existing technologies in a new, interesting and effective ways. You have some drivers for change, which gives you the reason to go into that digital transformation, such as opening new kinds of business opportunities, allowing your it organization become more flexible and to react to new requirements, to becoming more competitive by lowering it costs for example, by using different types of automation. And there are a number of new technologies like moving to the cloud platforms, which are things that are increasingly becoming as a service model, or even a trend towards smart manufacturing, that industry 4.0 that uses industrial IOT or AI and robotics.
And at the center of digital identities, one of the important technologies to consider, we need to really push that digital transformation in a positive direction in order to carve out that new strategic option is Jeff Bezos says here, where can it contribute to this digital transformation it's led by business, but really it's it that must deliver it. And it must also be cost conscious, meaning that you put the money into the technology where it's most effective and address business priorities. It starts with that agility and innovation where it needs to adapt to the business changes and support the new requirements that are talked about like blockchain distributed ledger or new technologies like security automation, such as streamlining the access requests and onboarding applications or using risk analytics and machine learning to reduce that potential attacks. It must also deliver that security to avoid high profile network application, or even dated data breaches, which costs companies millions of dollars or euros per breach, but more importantly, it also damages company integrity and its reputation in the market. And in the end, it's about identities, identities for business employees, consumers, partners, and even things. The foundation and key takeaway here is really, this will only succeed if digital transformation builds on digital trust and digital trust builds on digital identities.
So today the world is where everything is connected. People, devices, things, organizations, the business challenge to solve is how do you support the growing connected, intelligent enterprise environments. Businesses require support for business processes that include external partners and customers. They need access to external systems and rapid onboarding of those externals for controlling and having compliant access to those internal systems. They need to request access to external services such as cloud services, as well as capabilities to use that acquired access data to drive the intelligence within their systems. Their required use of mobile devices is also leveraging being leveraged onto organizations as we experienced with the pandemic that that changing workforce, you know, is, is being moved to work from anywhere from any device. It has to provide an infrastructure for this increasingly connected intelligence enterprise, both for incoming and outgoing access also for customers and other externals, such as those business partners, including existing and new on prem applications, cloud services and mobile devices. And in this connected world, there are associated identities and they need to be ensured that these identities are well-managed regardless from who to what, to where, and in this world of connected devices and things, and people static security models really just don't work anymore.
So we need a new type of security approach, which is zero trust. And the perspective is zero trust has evolved over time to networks were boundaries of trust in the past. Segmentation would help to quarantine and isolate networks zones if breach without crippling the entire system or network. And you may even have a hierarchy of enclaves network enclaves with, with different access restrictions, where your most critical systems have the strictest access policies down to your least critical access enclaves. But it's now more than just trusting networks. Security is added to systems like verifying users through identity proofing and authentication or hardening servers that the systems run on by closing off unused ports, things like that. Data security could also be added through the use of encryption backup and recovery data masking tokenization. And I, I would actually add system API to the list here, protecting those.
And now identities could be considered a new perimeter with identity and access management at the center of its protection. And there are also noticeable uptakes in access management solutions, providing some level of fraud detection capabilities, such as the ability to detect on authorized account takeovers, or it may be user and device profiling, orchestration of fraud signals, as well as you know, including in collecting and analyzing information for fraud prevention, as some examples, and you can't even trust software anymore. As we learned from solar winds, software providers typically send out updates to their systems, which is pretty typical these days, and whether it's fixing a bug or adding new features, but here the application monitoring or Ryan platform was compromised allowing that distribution of the Trojan ISED update to the software users. And this revelation is really put more emphasis on moving from standard software libraries to SAS type of services. So need to take a broader perspective, an integrative perspective, realizing that zero trust is an imperative. And it's also the foundation for things like the cyber supply chain risk management by identifying, accessing, and mitigating the risks associated with information technology products and to always verify users, things and other devices, but really identity is a really the essential thing to focus on. Okay.
So what are those blocks? Zero trust when someone is accessing some information so controls around users is probably the easiest to implement identity and access management capabilities. Is this mature, still evolving, verifying a user's identity and controlling the level of access to a particular system through strong authentication and risk-based authorization controls around devices are relatively more complex. Corporate legal devices are easier to secure with endpoint management using device lifecycle patch management, and point management. But, you know, the bring your own device could be more considered more difficult. Although approaches such as container or containment management could also be used. Networks are a bit more complexity control with the number of different vendor devices and policy rules to maintain as well as the encryption key management for secure communication authentication should also be used to verify that machine to machine communication. And then there's systems and applications are comparatively easier with the right tools, such as, you know, access governance, which provides tools for businesses to manage their workflows and access entitlements, run compliance reports and access certification campaigns, and then layer on top of that is the access and analytics and machine learning techniques that could provide pattern recognition to give intelligent type of insights for process optimization or role design, automated reviews and anomaly detection with dev sec ops or security operations, or centers that use things like the security information event management.
And that's also used. And then data is also considered a medium level of complexity starting with understanding where your data throughout your enterprise and its level of sensitivity. And you could use tools like data discovery and classification and tagging or employing data loss prevention and encryption strategies, and then identity and access management and controls to bring it on. And then finally bring it under that data governance control. So briefly users have access to devices and applications or whatever it is over the network to access systems and applications. And then it does something with data where we could get a good grip on this is really what the user, because authentication should always happen at the system and applications, which is part of that identity and access management and identity and access management is essential with a focus on identity at its core. So when we talk about digital trust, we must also talk about digital identity and identity and access manager.
And this becomes clear when we look at the zero trust architecture and its components with network security technology, whether it's using software defined networks or transport encryption of firewalls or endpoint security using that endpoint detection and response that monitors and mitigate says cybersecurity threats or using a unified endpoint management system to control the device life cycle of patching. And then of course the identity and access management providing that strong authentication authorization policies, and even privileged access management as some examples, but identity management is a very important element. You also have things like data management or governance, but to really succeed with defining this kind of architecture, you need to first identify what your gaps are and then prioritizing your investments. Okay.
And with I am, there are other capabilities consider identity bedding, having that certain level of assurance that someone is who they claim to be AI based, anomaly detection, risk management, to monitor, identify, and minimize risks, having both anomaly detection and risk management available at deploy time. And runtime is important, adaptive authentication that uses conceptual information and to determine, you know, which authentication factors to apply in a given user access situation, including, you know, multi-factor authentication. And of course, identifying those risks, also identity governance and administration. There are other things to consider as well, but in addition to access governance and data governance and beyond static entitlements, you may just consider using just in time provisioning. And of course the use of policy-based access is important. We look at digital trust and what we need for digital transformation, we need identity management is what makes identities work. We need digital identities to create digital trust. Digital trust becomes a foundation for digital business and digital businesses need that digital service that can be trusted. And all these things put together are what you need to succeed in the digital transformation. So I think I will stop there and now I will turn over the next portion of the webinar to our guests, Ian, from Okta.
So wonderful kickoff Richard, and thanks and appreciate the time from anybody, everyone that's on the call. So my name is Ian Lowe, and I'm going to continue the conversation around digital trust and how it's critical, not only to your digital business, but to your business success overall in general. So I'm the director of solutions marketing here at Okta. I look after our, our go to market strategies around digital trust in and around the region and Octa, we, you know, it's our mission to accelerate a world where everyone can safely use any technology. And today every one of us, every, every business on the planet really is, is a technology company. So at its highest level, what Okta does is we enable simple and secure access to any application for people and organizations everywhere. Okay.
In 2020 or last year, you know, the pandemic really accelerated it and digital transformation, whether we were ready for it or not, it's both really exciting, but it's also really, really challenging time for all of us and for all of you as it leaders. But it's also super exciting because it confirms how critical identity and establishing trust is for any organization and why really the CIO is becoming the CEO of the future. Okay. Trust is not only about the business. It's also about customers. It's about citizens. It's about the workforce. It's all about their experiences with your business, your workplace, and the services and apps that you deliver. So to find out how the pandemic has affected trust at Okta, we commissioned a survey and that covered over 13,000 office workers and executives all around Europe. And we wanted to answer a whole bunch of different questions, but some of the results from that survey survey were really interesting.
And I'm just going to focus on the first two here. So 39% of those, you know, 13,000 respondents said service reliability was one of the main criteria that most likely would make them trust a digital brand. And this is things like ensuring items arrive, arrive on time when we order them and they come in good condition and then walking 88%, the majority said that they would not use a service of any organization that they didn't trust. It really shows how critical trust is in everything that we do, whether that's for the workforce and for our business or for our customers.
One thing we realized while conducting our survey is that digital transformation is moving at a new speed. It was already the most exciting and fast paced area in most organizations. And we were already, it was already moving at light speed, but with COVID the speed of light, just wasn't enough. And most organizations went far beyond that, bringing it to what we call ludicrous speed. And if you, if you watch the movie Spaceballs and I'm showing my age here, you know exactly what I'm talking about, what we mean by ludicrous speed is this most digital transformation projects taken during the pandemic have been delivered way faster than any of us could have ever predicted projects like enabling rope, remote work collaboration. These projects normally took 450 days to implement quite a long time. But with the, you know, with the pandemic, they were reduced to just 10 and a half days to delivering these very large projects.
And the second, the second quickest was all around delivering new, online customer experiences and new digital services. These projects went from an expected 585 days, almost two years to just 21 days, but we know acceleration doesn't come for free. And to deliver at this pace, we most likely took additional risks. We would never have taken a normal situations when you see these numbers and the challenges you get, really two things. One is we could be scared. There's so much to take care of at such an increase pace. And second, this is really a macro change and it's happening to every one of us on the planet and great leaders treat these macro level changes as opportunities. This is a way that we can differentiate our company, and this is a way that we can even differentiate ourselves. So like Winston Churchill said we never waste, never waste a good crisis.
So let's talk about, you know, how you can take advantage of this opportunity. So there's, there's really three, three areas that I want to talk through that really can help us accelerate digital transformation. So the first area is trust at work. The second area is customer centric, digital experiences. And third, how identity really is central to establishing trust. And, and Richard was kind of talking that in, in zero trust architectures. So in each of these opportunities, we'll walk through very high level because we don't have a lot of time here, how you can think about the immediate and long-term strategies. And then I'll, I'll use some customer examples on that. And my goal here is not to give you a full exhaustive list of everything you should be doing, but to offer some prescriptive guidance on how to connect these trends to the value of identity and how they help you deliver trust.
Ultimately, first opportunity areas trust at work. And during the pandemic, there were a lot of technology purchases that were made to solve, you know, immediate needs around enabling remote work in, in the office and, and for, for employees. But now organizations are really sitting down to reevaluate. If these models that they implemented in the past year are going to stay for the long haul. And when you're saying, well, actually, how do I get back and secure all of this? I've, I've made a snap decision to bring in zoom for video calling and collaboration. I brought in teams and another organization. How do I make sure that all of these new apps that I brought into make it easier to collaborate in this remote world really easy? And how do I move from what is everything about remote work and how do I deliver in this new dynamic work environment as we come out of the pandemic, we're seeing a real change in our, in our work structures and even our way of working. So it's about bridging the digital with both the physical and the digital and the physical worlds for a more seamless and adaptive workforce in the long run.
So in the short-term first and foremost, it's about continuing to think about how you enhance employee productivity. Did you just turn on remote work or do you have a complete remote strategy and how do you enable and move beyond just remote work to this new philosophy, a philosophy of trust at work so that employees can work wherever they are. It doesn't really matter. This means optimizing self service tools like password resets. So they're not eating away from it organizations three times. It also means being really people focus and being the best friends with the end users to understand how they're using your technologies. That you're, that you're just putting out there. It's all about optimizing remote enablement, putting digital support structures in place. Now more than ever, organizations need to build flexibility, but also empathy into these structures. So for example, as HR, reimagines hiring from either all over the region or country that you're in or all over the globe in some, in many, in some cases, instead of just concentrating on a city, how are you going to support that?
You know, global enrollment and hiring process, maybe it's establishing a single source of truth across the company, in terms of your identities, maybe it's supporting new ways of engaging with candidates. Streamlining lifecycle management is another fast, you know, option part, part of, you know, enabling trust at work. Employees will join. They move and they leave the organization. So how do you keep tabs on that? Some quick wins include automating onboarding and offboarding processes and automating all of your identity processes. So it decreases security around, you know, across the board, reducing the risk from human errors and increasing productivity between groups. And I'll talk to a customer example on this in a minute. So from a longterm strategy perspective, as a CSO from one of our customer says identity management when done right, is not an it service like granting access or service desk tasks or resetting passwords, but rather identity management is a control.
Like, how do I know it's you? And why do you need access right now? And why does that need to be independent independently provisioned from, from what you know, from the whole entire process, if you're running identity management as an it service in the long run, you're not running it really optimally. So second long-term strategy is all about zero trust is Richard kinda was describing earlier the S the D you know, the old security, premiere perimeter no longer exists, and the world is getting much more complex. Zero trust is about delivering productivity and security with the least friction possible. That means the right people have the right level of access to the right resources in the right context. And that it's assessed continuously. If you're not thinking about security controls, rooted in rooted in identity, you absolutely need to be, and I'll share how authentic district council has done this.
One of our, one of our customers here in the UK. So Thanet district council provides continuous support to citizens even while, while working from home. And they use technology to help them do this. And, you know, the changed a lot of process to enable that. So some of their challenges was enabling their 400 strong workforce to remotely access applications. When the pandemic hit, they also needed to manage user identities more efficiently without relying on manual processes, because nobody was there to support that and enforce security to prevent, you know, risks around cyber attacks. So the solution, you know, that they chose was taking the Okta identity platform and specifically Okta single sign on and Okta multi-factor authentication technology and capabilities to strengthen security by integrating their core applications. So they used Google suite. They used a lot of applic HR systems, common HR systems. And with Okta, we integrate already over 7,000 apps straight out of the box. So making it really easy for them to stand up multi-factor authentication and single sign on really rapidly.
We also enabled automation of all of their hiring tasks and onboarding tasks and leaving tasks from an HR perspective, using Okta lifecycle management, which further boosted their agility and security, and then enabling employees to, you know, with Okta, we enabled all their employees to keep using the same work tools, their HR system, their master directory with no further training. So if we look at opportunity, number two, it's all around our customer centric, digital experiences in terms of digital transformation. So the first opportunity was enabling our workforce to work. You know, we're from wherever to support our customers. The second opportunity is all about our customer centric, digital experiences. And this opportunity is transformed by a few factors market trends accelerated by the consumerization of digital experiences. So how consumers are expecting, you know, to interact with your portals, your applications, your mobile apps, they expect them to have a similar quality and user experience as what they use in their personal lives.
They expect that Amazon experience and what this means for it, or a good is you're having not only to focus on protecting your employees, but you're not having to focus on, you know, enabling your customers to have a better experience with your, your applications. So in the short term, apply learnings from workforce identity projects. A lot of it, a lot of thinking about securing customer experience is, is the same as, as, as your workforce identity, we see many companies start their identity journeys first with employees and take those learnings, and eventually scale those up to customer identities. We talked about zero trust as a strategy to solve for changing security landscape. The challenge for customer identity is that those controls were never there. So zero trust doesn't really apply, but what does is identity driven security. We can still apply similar principles from zero trust, but we will use, you know, different risk signals.
And what you need is a way to manage risk for your customers. Another fast, you know, a quick win here is creating a flywheel for experimentation. So when, when you come to customer experiences, you can't build great experiences. If you don't know what the customers want. So start collecting and connecting customer data so that you can improve your customer retention. Personalized personalization is really key data cleanliness as a KPI is another quick one. As you are integrating data views, ensure the data is good data, and the view is standardized and then set standard procedures. I hear this from most of the successful customers. It's all about aligning as an organization on standard taxonomy, a standard taxonomy for identity and protect it. Pro protectively, bringing in proactively, sorry, bringing in legal compliance and your security teams for your longer term strategy around customer centric, digital experiences. It's really important to establish trust as a differentiator. Trust is, is a crucial driver for modern day customer expectations for all digital experiences and in highly regulated industries like healthcare and financial services and government agencies, trust is even more important. Deliver one consistent experience across the platform. We saw this from one of our customer examples, and I'll talk to one in a, in a second, providing a single consistent technology foundation enables the organization to build out and roll out digital experiences with really great return on investment.
So now I'm going to talk through vectors. So Victus serves as a national information center, helping insurers providers and the public understand the cost and realities of healthcare in the Netherlands. And before Okta, each of the company's applications had its own that they served out for their customers had its own identity store with some internal applications using Microsoft active directory, but as their client list grew, the work of managing client accounts for, for the Victus portal simply became too conflict, convoluted and complex. So their challenges were enabling their 4,600 customers and millions of Dutch citizens to access and validate health data securely, and simply they wanted to unify their user identity. So they had eight separate applications with eight separate user identity stores, and they wanted to enforce strong security cross the login experiences. So they S they, they selected Okta. And what were they, they were able to do is using Okta universal directory, which is an app application within the Okta identity cloud.
They were able to connect and integrate those separate eight separate identity stores and unify that into a single view of all of their identities. They were able to use Okta API APIs to connect with their applications using open standards, such as SAML and open ID connect, which is very common across cloud applications. Okta enables vectors to add new applications and services quickly with Mila, no changes, but the real, you know, topping on the cake was that they never have to bother people anymore. By saying, I have to log in like this for application a and then actually you have to log in differently for application B now, their enrollment and sign up and their login experiences consistent with whether whichever application can you choose for them.
Most organizations, the world is hybrid, right? We have systems that are on premise, and we have applications that are in the cloud, and this is going to stay for many, many years. And in this environment, interoperability, interoperability is really critical. It's key your it and your personnel and your S your solutions. They need to be interoperable regardless of the hosting model, whether that's on-prem single cloud or multi-cloud so enable to do that. There's one critical opportunity, which is unified identity. And this is going to be a really important word for this year. Lots of customers made purchasing decisions based on short-term needs and assumptions about how last year would progress. And the pandemic also defied all of our expectations in terms of implementation timeframes for new projects. So now is really the time to think deeply about what's going to move the dial. And much of that is in the cloud.
And it much of that is not only in the cloud, but it's between the cloud and your on-prem application relationships. It is normally maintained this and circum circumvented this over the years. So in the short term, take inventory of existing practices, there are different approaches first enable and secure what will stay. These are things like your enterprise resource planning solutions, or your HR management solutions. Secondly, retire, what's lost value. And the other side of this thinking is, you know, what some of these systems are they right for retirement, let's put a plan in place, get these off of our plates, because we're not going to get a lot of business value out of them rethink what's holding you back. So for example, SharePoint, maybe legacy active directory, or maybe you've got multiple disparate, disparate identity stores. So with COVID forcing all of us to re evaluate what is truly brisk business critical, it becomes more important than ever to think from the lens of planning for the future, for your longterm strategy around identity.
It's really about unifying identity across cloud on-prem and hybrid environments. And at Okta we're best known for being that vendor to help you secure and manage your cloud-based software as a service applications. And we deliver a lot of business value on authentication, multi-factor authentication and securing APIs and pure cloud environments. And it's easy to do this for all of the cloud apps because they support open standards like SAML and they support SSO. And then it's just a user adoption issue, but for truly unifying your identity approach, you have to do it across both cloud, and on-prem, it's gotta be simple, and you have to be able to make it work without changing the application itself. Unifying doesn't mean everything rolls up to the cloud. It means having a single view of your data so that you can choose where to best execute it, whether that's in the cloud to take advantage of machine learning of compute scale, or at the edge to address some of the latency and data filtering issues, the world, as we see it today has really become really complex.
There's more personas that we have to deal with. There's more connectivity, more infrastructure, more applications, more platforms, more API APIs, more devices, more of everything, sorry. And that means we really need to look at identity as the center of every strategic decision we make. And there's, there's four pillars to identity. There's actually five, but I've, I've lumped two together. So there's really our citizen and our personal identity. This is the identity that we use passports travel globally, or that we use to log into, you know, our social media applications to vote for government as a citizen to access healthcare. Then there's our customer identity, which is the one that we authenticate to our bank accounts. Or we log into Amazon to conduct some retail transactions to make a purchase of something. Then there's our work identity, which is the one that we need to conduct our daily business to log into the applications that we need to do our best work.
And then there's the machine or IOT identity. These, these are the things that are coming online and need to collaborate with other systems that we might have either on-premise or in the cloud. These are cameras or cars or fridges or whatever it might be. And identity is central to making all of our digital lives as seamless and simple as possible. Each, each identity pillar is unique in its scaling and deployment challenges, but there are common, you know, horizontal threads and knowing who or what is really important, it really matters. And that's why, you know, at Octa, we make building managing and maintaining trust simple so that your customers and your workforce can focus on what matters to them.
I'll leave you with three key takeaways. COVID really accelerated digital transformation. It really accelerated our focus on trust for everyone. So there's three opportunities to help you continue to accelerate that digital transformation in your organization. The first one is all around trust at work. And how do we enable the work from wherever? The second one is all around delivering better experiences to both our customers and our workforce. And in order to deliver the first two, we need a unified approach to identity and ultimately delivering great online experiences is extremely complex, but start with identity it's central to establishing trust and accelerating your digital transformation. So with that, I'm going to say, thank you. And I'm going to open up to any questions I think, is that right, Richard?
Yes. So we are at the question and answer section of the webinar. As I mentioned, the recording of the webinar and the slides will be available on the website. And if you have any questions on your end, don't hesitate to enter those. Now, as I mentioned, the go-to meeting control panel has an area to typing your question at any time. So we do have a question here, and it says zero trust seems to run counter to the need for trust as a cost saving or risk transfer mechanism. And they give an example when consuming SAS services, one, trust the provider and includes risk language in the contract.
Hi Richard. I'm not sure I understand. W w I'm I'm not sure I understand the question. Could you repeat that? Sure.
So the question says zero trust seems to run counter to the need for trust as a cost savings or risk transfer mechanism. And then they gave an example who consuming SAS services, one trust the provider, and includes risk language in the contract.
So I understand where, where the question might be coming from. So, yes, I mean zero trust. I mean, for me, everything is about trust at the end of the day. And there are different levels of trust, right? But zero trust paints, a picture of you should never trust anyone or anything. So therefore you always have to apply the most stringent criteria when establishing trust. So that means, yeah, creating, you know, documents that you have to sign before you, you log in and you're going to sign away that you know, that they have the right to use your identity data for other other purposes, you then have to authenticate yourself with not just your username and password, but you know, multiple other things, which doesn't create a very good experience and that kind of erodes trust. I'm not sure I'm going to be able to answer the question correctly because I'm not sure I fully understand the exact question, but I think I understand that the question is how, you know, zero trust in itself is kind of, you know, causing challenges around establishing trust at the same time. If that makes sense. Okay. Sorry if I didn't explain that very well.
That's fine. Yeah. Thanks. Here's another question COVID-19 pandemic has exposed how organizations had to trust their employees to work from home and consumers had to trust businesses with their information when it comes to building trust. What do you think consumers care most about?
Yeah, it that's a great question. So when we conducted our survey around around trust, the things that the respondents said was that service, reliability, strong security, and really great handling of our data and the practices around data handling were really important. And that, you know, trust in our digital world directly impacts what we've seen from like the respondents in the survey is that trust in the digital world, it directly impacts purchase decisions. So many as a that 88% number in the, one of the slides that presented 88% of the respondents said that they, you know, would not buy from somebody that either they didn't trust or didn't know. So that's really important to establish that trust.
Okay. Thank you. Next question. As consumers have come to embrace all kinds of digital experiences from online grocery shopping to virtual doctor's appointments to zoom, social gathering, what do you think will be the post pandemic scenario?
Yeah, I think many of us expect digital habits that we've picked up over the past year will continue in perpetuity, right? They'll just keep going and the shift to digital as an only accelerated, but we'll, you know, we'll be forever. Our European customers are more aware of cybersecurity threats and many organizations have stepped up to put in hat security measures in place. But while the definition of trust will evolve as the digital landscape matures throughout this year. And, and in the future, I think it's important for all of all businesses to keep a strong pulse on consumer concerns. I was, it was interesting. I was reading an article in the BBC news, actually just before this call, where they said that many payments will now be made predominantly by card, right. And in the EU in Europe and in the UK, actually many payments were made by cash, but they're saying that only 7% of payments now will be made by cash. So that really shows an acceleration in our digital, you know, in our digital lives and our digital experiences.
Hmm. That's interesting. Okay. The next question, what's next in the world where both our personal and professional lives unfolds online,
Building trust and, you know, understanding identity is more important than ever. Everyone is more aware of how our data is being. I mean, we're all aware of how our data is being used and protected and brands won't succeed with poor security practices, or if they mishandle our data, that's not going to make us very happy and it's not going to make us trust them. And such careless practices can damage brand loyalty, but which can be challenging and almost impossible to win back. So for an example, we had one there's one customer in the UK, sorry, not customer one organization in the UK, big, massive retailer that had a problem with service reliability, and their biggest retail day in terms of revenue was black Friday. And their, their site went down during a black flight Friday last year that that retailer is no longer in business. So reliability is one of those key things, which I mentioned earlier as on top of strong security and good data handling is really important as part of establishing trust. And at the end of the day, we're all technology companies and digital first is really here to stay and identity and trust are the cornerstone of building build, building those secure, you know, customer experiences.
Okay. Let's see. Next question has to do with, you know, who do you see already going down that path of zero trust? What, what's the industry trend
Many? I mean, most of our customers are already taking that. If you're taking a step into multi-factor authentication for your workforce, that's a step in your zero trust journey. I mean, zero trust is not just a technology, you know, framework. It's also a cultural framework. It's a, it's a personal framework. It's about, you know, asking the right questions. Does this URL look right? Does it have the lock on it? Is this email coming from somebody? I know it's all of these best practices that we both as, you know, workforce or customers, but also just as people who are collaborating online need to, to be looking at all the time. So yeah, zero trust is really, really happening everywhere that we, that we look in different in different phases. I would say, you know, there's different people are at different phases of their approach.
Next question is how does Okta see, or in regards to MFH adoption?
Well, MFA abduction is very high. We see lots of organizations adopting that. And many, many organizations are all taking the NEC next step, which is more around, you know, that continuous assessment, which is, you know, making authentication more adaptive. So with taking that adaptive authentication and taking a look at, so let's say I'm logging in from my home network regularly from eight till five. And all of a sudden my PC is logging in at 4:00 AM, from, I dunno, from, from a coffee shop in the middle of London, when I'm normally at home and in Manchester, for example, having an adaptive solution there, we'll take a look at those, you know, those risk parameters, those, those, those cues, and say, well, look at, this is not a normal practice. So let's step up the authentication. Let's ask for some more detail details before we allow this login to happen on the flip side, you know, with adaptive, you can say, well, if he's logging in or she, or, you know, the employees are logging in from their normal home between eight and five, therefore we don't have to apply all of these, apply all of the extra security, you know, authentication methods.
We can just say username and password is fine.
Okay. And then the next question is, is kind of in line with that. How could MFA policy settings improve MFA adoption? So it's kind of like the static setting versus a more dynamic type of setting.
Yeah. The challenge with MFA is actually leads to potentially a poor experience, right? A poor online experience, because if you're always being asked to provide a, one-time not only your username and password to log into an application, but also a one-time code that's either sent to your phone or through an app on the phone or through some other device having to do that every time you log into the application, that can be painful, right? So being more adaptive to say, look at I've logged in once. And this, this is where single sign on really comes into play. So I've logged in to the two AA application and, you know, many organizations have tens dozens of applications that employees are using. So it could be, you know, Google documents or, or slack or zoom, or, you know, Microsoft teams, whatever it might be. So you can log into Microsoft teams once.
And with single sign on that login could be used again, it can be revalidated so that you don't have to re log into zoom the next time, if the system is set up, rightly, but if not set up rightly many organizations fall afoul of this, where they, you know, put in multi-factor authentication, but it's just a one it's just set up with one profile where one parameter against all of the applications. So that means the, the end users, the employees have to log in to each application with MF a every time, which is a poor experience. So being more adaptive and more selective of how you apply this and combining it with like SSO and, and other capabilities can, you can create a better, better experience while, while also retaining, you know, as your security posture.
Okay. Does Okta see the consumer identity silo and the business identity silo converging in the digital transformation? What do you see in your customers?
Yeah, absolutely. So I've got a great example, which is our, one of our customers, which is the Royal Belgium football association. So they, they have a bunch of different personas that we're reviewing their whole digital, you know, digital experience, their online digital experience. So they run many different applications, applications for players to book, you know, field times applications for referees to, to, you know, to figure out what games they're assigned to. They have applications and mobile apps for customers who want to buy, you know, the red devils memorabilia or, or branded items, you know, t-shirts or whatever it might be. And those all were in different databases. Kind of like one of the customers I talked about earlier, Avectus that eight separate identity store, six story, separate identity stores across these different applications. So what they wanted to do was when you signed up for one application, either as a referee or a player, or as a customer, you already provided some details to the Federation.
They already know you at that point when you registered for that application. So why should you have to provide that same information again, when you register for another application? So for example, a player may also be a customer want to buy, you know, that branded red devil t-shirt or a referee may also be a customer, want to buy that rep branded red devil t-shirts. So when they log into the referee site, why couldn't they just use the same login that they use for their free site to log into the retail site? So, yes, we're seeing a convergence. It's not right for necessarily every customer, but we are seeing a convergence across different customers of both customer and, and workforce identity.
Hmm. Okay. I think we're getting close to the end of the questions here. So what do you see is accelerating digital transformation in organizations? W what do you think is actually triggering that need to do the digital transformation as far as, you know, what you see with your customers?
Well, I think the pandemic definitely is one of the, one of the major drivers right now that has accelerated, you know, digital transformation. You know, there's nothing like a crisis to drive things forward quickly. So, you know, remote work and, and, you know, the new dynamic work, or, you know, most of us won't be going, especially, you know, workers that don't have to be in the office, don't have to go in the office everyday now. So going to be, you know, that dynamic nature will continue. So that will drive transformation in terms of workforce experience, the customer experiences. I mean, every one of us have been ordering food online or Amazon online, and having that delivered to our houses, that's only going to continue taxi services, vacations, whatever it might be, that that digital experience is, is critical. And that, that is only going to continue and accelerate. And at the center of all of that, as I said, in my, in my slides is, you know, understanding the different identities that you need to, to manage and provide security around is really important. So having that unified view of identity is critical to delivering that, that digital transformation.
Okay. And the last question that we have for today's webinar is what, what are you seeing with your customers as far, what what's keeping them from making this digital transformation? So you've talked about, you know, what's driving them to do it, but sometimes there are roadblocks or challenges that customers must first overcome in order to get down that path.
Yeah. Complexity, I think is one of the big barriers and also not understanding where to start or what to start with. So when we, you know, many organizations have had to make really quick decisions and snap decisions on new technologies that they want to implement over the last year, and now is a really good time to take a step back and look at what is my digital transformation strategy. And again, a good example of that. Is there a role, a Belgium football association where they took a real big step back, they identified all of the different personas that they had to deal with and deliver a digital experience for that then helped them, you know, put in place. This is the digital experience we want to deliver for all of those personas. This is the technology, the processes, the things that we're going to have to do to enable that digital experiences. And they had a lot of legacy to deal with as well. So it's, it's understanding who your customers are, both from, you know, the workforce perspective, but the consumer perspective as well, and looking at those different personas and how identity is, is central to delivering a great experience. And then understanding what that experience is at the end of the day, complexity is going to be a challenge, but, you know, there are tools available to help you address that complexity like, like Okta.
Great. Well, we are at the end of the time that we have for today's webinars. So thank you all for who attended the webinar. And we hope to have you soon at one of our upcoming events. And thank you, Ian, for your presentation and to the audience. I hope it was interesting to all. Thank you. Yeah. Thank you. Thanks for your time.