New Zealand Avocado Growers Association reduces risk with CyberArk Workforce Identity

New Zealand Agricultural Organization leverages Single Sign-On to Improve its Security Posture.

Afro-descendant farmer harvesting avocados from the tree

Company profile

New Zealand Avocado Growers Association (NZ Avocado) is the public face of the $130 million New Zealand avocado industry, created to promote the sale and consumption of avocados. As a non-profit, NZ Avocado manages research and development programs, coordinates and disseminates industry information, lobbies and liaises with government officials and provides a structure to foster growth across the industry.

Challenges

Find a Single Sign-On solution to dramatically reduce complexity, minimize calls for password assistance, increase security and help keep users engaged and using key apps.

Designed to act as a portal for growers, packers, exporters and local marketers, the NZ Avocado system provides access to highly-specialized apps including a Spray Diary to log essential information about growing activities, as well as an AvoTools app and associated websites used to ensure compliance to international regulations.

“In order for New Zealand growers to export overseas, they must register with the association and record all use of sprays on their orchards,” says NZ Avocado Communications Manager Midge Munro. “This is an essential component in assuring quality, guaranteeing that international standards are met and protecting a multi-million dollar industry.”

But with over 1350 members, NZ Avocado was having significant issues with users logging into their applications and online tools. Each app required its own set of credentials for access and that meant users had to remember multiple passwords.

Compounding the issue was the fact that each orchard required its own username and password as well, so owners of multiple orchards often found themselves managing dozens of passwords. As a result, the NZ Avocado team was frequently inundated with calls for password assistance. The problem was so great that the organization resorted to keeping usernames and passwords on a spreadsheet that was available to most of the office staff.

Lacking its own IT department, NZ Avocado contacted IT consultant Andrew Nimick with Point Concept, and enlisted his help in finding a solution that would dramatically reduce complexity, minimize calls for password assistance, increase security and help keep users engaged and using the apps.

Solutions

NZ Avocado selected CyberArk Workforce Identity due to its feature set, its ability to reduce system load and incorporate legacy apps, and its ability to provide security at a reasonable cost.

Nimick considered developing an in-house solution that could leverage Active Directory by building an LDAP service from the ground up, but that seemed too labor intensive.

“The best option was to find an SSO service provider whose solution could fit into the existing infrastructure with minimal pain and cost,” says Nimick. “And that would also give us access to complementary features as the organization grew and evolved.”

Nimick started looking at different service providers, but found the response from most to be lacking.

“We were on a tight budget and most weren’t forthcoming on pricing details,” he says. “The response from CyberArk was anything but ordinary.”

After an evaluation of all options, Nimick recommended CyberArk Workforce Identity due to its feature set, its ability to incorporate legacy apps, and its ability to provide security and increase customer satisfaction at a much lower cost than building an in-house solution. “In terms of future data sharing with government departments, the SAML component was also very important,” he says. “SAML is the official protocol recommended by the New Zealand government for authorization and access control.”

Results

Passwords are confidential and password sharing has been eliminated. User access is trackable. NZ Avocado has now implemented widely accepted security practices.

Unlike many organizations that implement leading technologies, NZ Avocado is not a corporate environment. “Our users are agriculture-focused and while many have experience with technology, they aren’t experts,” says Munro. “We needed a solution that average, everyday people would see the value in, embrace the technology and use it regularly. And we’re off to a great start.”

“We knew this wouldn’t be a typical corporate single sign-on implementation,” says Munro. “We were going to try to manage old, outdated legacy apps with a very modern web-based solution.

We expected a generation gap, but we’ve been very pleasantly surprised at the ease with which CyberArk Workforce Identity Single Single-On has crossed that gap to deliver an SSO solution across every app and site we needed it to.”

With CyberArk Workforce Identity, password sharing that was once rampant has been eliminated. And because each user has their own unique identity, NZ Avocado can track exactly who’s logging in and when. “We’ve been able to implement widely accepted security practices, ensuring that users log in with a unique identity and password so that each event can be recorded and auditable,” says Nimick.

“When I recommend a service provider to my clients, I want to be certain that once we’re up and running, the client will be fully supported by the vendor. Our experience with CyberArk has assured me of that.”

– Andrew Nimick, IT Consultant

“CyberArk Workforce Identity was the right choice; it’s allowed us to implement a cultural change toward best practices and stronger security as we build new apps and strengthen our partnerships,” says Munro.

Key benefits

  • Reduce system load and incorporate legacy apps
  • Elimination of password sharing
  • Delivered an SSO solution across every app and site necessary
  • Easy use for non-expert users
  • Cultural change toward best practices and stronger security

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey