KWS: Global plant business reroots its IT infrastructure effortlessly in the cloud
saved per month on onboarding tasks
ready for use in the cloud and on-premises
using Single Sign-On and Multi-Factor Authentication
- A down-to-earth cloud journey
- Picking the right tools
- Security made easy
- From little seeds grow big trees
- Laying the groundwork for more innovation
Since its founding in 1856, plant breeding company KWS has thrived on innovation. KWS uses leading-edge plant breeding methods to increase farmers’ yields and improve resistance to disease, pests, and abiotic stress. To support its global workforce to be equally successful in their daily work, the company adopted a cloud infrastructure with Microsoft Azure to enable employees to access digital tools from wherever they are, be it the office, laboratories, or on the field.
Before rolling out its new cloud-based work tools globally, such as Office 365, the KWS team responsible for implementing the company’s IT guidelines from the headquarters in Germany needed a way to efficiently manage the 4,500 internal user and 1,000 external identities that were about to be onboarded to the new system from across 120 locations worldwide. With partner Beck et al., KWS landed on the Okta Identity Cloud as its identity management solution of choice to enable employees to access their new tools securely and hassle-free no matter how far from headquarters they are.
What started off as a way to simplify the access to multiple new applications for users soon became a company-wide project to secure applications and automate IT helpdesk support. Following a successful Adaptive Multi-Factor Authentication and Single Sign-On implementation, KWS also integrated Universal Directory and Lifecycle Management solutions to enable agile and remote working globally, with security in mind.
Since the Okta implementation, KWS has saved around 125 hours per month on onboarding tasks such as user account creation. It has also integrated 187 applications across its hybrid cloud and on-premises infrastructure. Using Okta to automate identity management processes related to people resources, such as redistributing, onboarding, or offboarding team members, KWS has also sped up the process of granting the right people with the right access to company tools and information.
Next, KWS plans to adopt Access Gateway to integrate more of the applications that are still on-premises with cloud-based ones to continue increasing their accessibility. This way, employees can be equally productive from the office to the fields in their mission to continue supporting farmers from sowing to harvest.
We wanted to roll out Office 365 for 4,500 users globally. From headquarters, we needed to coordinate all user identities while making it easy to use the new system securely. With Okta, we achieved this in a completely agile way.
Matthias Helmke, Head of Expert Hub Infrastructure & Service Management, KWS
Did you know that before it was domesticated 9,000 years ago, corn was a barely edible tall grass with 10 hard kernels, and tasted like a dry, raw potato? Thanks to selective breeding and other advances in agriculture, today’s corn is much larger, more nutritious, and much easier to grow, peel, and chew. Even though the same could be said about many foods, scientists worry that global agricultural production will need to increase by 60% if we’re to feed a human population that has more than doubled since the 1950s and is projected to reach 9.15 billion by 2050. Enter KWS, the plant breeding company and supplier that’s using innovative and sustainable plant breeding methods to help farmers feed the world.
Founded by a farmer in 1856 Germany, the family-owned company has specialised in increasing and improving the genetic potential of seeds for more than 160 years. It focuses on plant breeding, as well as the production and sale of seed for corn, sugarbeet, cereals, rapeseed, sunflowers, and vegetables. Today, the company invests €206 million annually in research and development to improve crops’ resistance to diseases, pests, and abiotic stress, tailoring their seeds to the operational methods and climatic conditions of farmers to help them increase yields and have a successful crop.
Bringing this vision to life is a workforce of more than 5,500 employees spread across 120 locations worldwide, all supported by digital communication and productivity tools that they can access whenever they need them, and from wherever they are, be it an office, laboratory, greenhouse, or a customer’s plantation field. To understand how KWS got here, Matthias Helmke, the Head of Expert Hub Infrastructure & Service Management at KWS, takes us back to 2016. Back then, connecting with employees from around the world and giving them access to company information and resources from a remote field wasn’t an easy job.
Laying the groundwork for more innovation
From its headquarters in Einbeck, Germany, Matthias and his team cherry-pick the IT guidelines and tools that can best support all KWS employees, globally. One of his priorities is to empower them with technology that helps them in their daily work, regardless of how far they are from headquarters and the IT department.
“Technology needs to enable productivity and flexibility,” says Matthias. “This means that not only did we want to find and implement the best tools to support the work of our colleagues, but that we needed to make it as easy as possible for people to access and use them,” he explains of the strategy.
With this vision in mind, it became clear to Matthias and his team that its infrastructure, until then 100% hosted on-premises internally and on external data centres, was hindering users from being productive remotely as applications were constrained to the location of its servers. To protect them from cyber breaches, some could only be accessed via a VPN network which required users to be in the office. So that employees could be equally productive from anywhere else, KWS decided to modernise its entire infrastructure by moving to the cloud.
Alongside digital transformation expert and long-time partner Beck et al., KWS started migrating the company’s systems to Microsoft Azure in 2016. Having chosen Office 365 as its new primary set of collaboration and productivity tools, KWS and Beck et al. had one question to answer before going live with the new tools: How to make it as easy as possible for users to access these applications in the cloud without opening up any security vulnerabilities?
“That’s when Beck et al. introduced us to Okta,” Matthias recalls. “We wanted to roll out Office 365 for 4,500 internal users globally. From headquarters, we needed to coordinate all user identities while making it easy to use the new system securely,” he explains. “With Okta, we achieved this in a completely agile way.”
Security that’s easy on employees and light on IT
Just before Okta came into play for KWS, the company had tried using a ticketing system for authenticating and resetting passwords for Office 365 applications such as Outlook and Skype for Business which were being tested and used in Germany before being rolled out on a global level. “It simply wasn’t comfortable for users,” Matthias recalls of the ticketing system.
“To authenticate users when they forgot their login details, the system auto-generated a password for each application, not for each user, which makes it difficult for them to memorise and keep track of. We were worried about securing these multiple logins. People were being locked out of their email and needed a lot of IT support to authenticate their identity,” he explains.
Martin Labes, Technical Consultant at Beck et al., was working closely with KWS to solve the problem at the time. It was 2017, and KWS was still in the middle of its migration journey to the cloud. Beck et al. was acting as its IT service provider to help users access Office 365 securely.
The suggestion to adopt a new, cloud-based identity management solution was well received and quickly prompted a proof of concept to integrate Adaptive Multi-Factor Authentication and Single Sign-on to Office 365 before KWS could roll out the new tools globally.
“When we understood that the challenges and concerns KWS had regarding accessibility could be solved with a good identity management solution, we brought Okta to its attention because it is the best identity management solution in the market,” says Martin of the decision. “Okta makes multi-factor authentication much more user-friendly, with screen pop-ups to verify login security questions, a biometrics option, and the freedom to pick your own password. As a result, employees no longer need IT support to access their applications securely,” he explains. Martin calculates that his team went from handling peaks of 250 user creation requests per month, each requiring around 30 minutes, to handling zero. “That’s around €7,500 per month saved on onboarding and offboarding tasks,” he says.
Instantly mapping access to job role
Satisfied with the results from its identity management solution project, KWS invited Beck et al. to implement more Okta solutions across its infrastructure, even as the migration to the cloud was still ongoing.
“Once we realised how Okta works as a cloud-based identity management system, we wanted it as the gateway to all of our cloud applications,” Matthias says of what marked the second phase of implementation: integrating Lifecycle Management, API Access Management, and Universal Directory to connect cloud with legacy applications, such as the SAP Identity Management systems which remain restricted to the reach of its server’s VPN network.
“Using Okta, we predefined user access configurations according to who needs what,” Matthias explains. “Universal Directory is our ‘profile master’, storing all our user identities, while Lifecycle Management helps us swiftly provision and deprovision users. Today, if employees change departments, join, or leave KWS, its distribution lists are automatically updated by Okta, instantly giving them access to everything they need in their current role, no more and no less.”
Harvesting the rewards of a modern infrastructure
Four years after its cloud migration started, KWS has achieved a modern setup made of a hybrid environment, 187 applications integrated with Okta, and a workforce empowered to work in an agile way from anywhere in the world. Next, KWS plans to implement Access Gateway to integrate more of the applications that remain on-premises with cloud-based ones to continue increasing their accessibility.
Meanwhile, Matthias’ team continues to make security and frictionless IT a priority for all KWS workers, whether they’re in the lab creating new varieties of food, or meeting with farmers to help them succeed from sowing to harvest. “Being able to access any application from a single platform, signing in just once using Okta, has been a game-changer for our colleagues. We get a lot of positive feedback about how easy they find it to log in securely,” he says, with a smile. “So much so that today our global rule is: no onboarding of new cloud applications if they’re not integrated with Okta. That’s the real proof of our success.”