I just do not get companies like Asana, where some high level executive probably decided it is a good money making scheme to include security features in the list of optional extras you have to pay extra for, by requiring (almost) the highest end tier plan possible - Enterprise.

I get things like SSO, advanced audit reports and other compliance features are enterprise grade and belong to the corresponding plan. However basic security features to help strengthen the platform for any kind of user should never be bundled as an extra-to-pay-for. Specifically these options: