Nicholas and Company secures its business and prepares for a digital future. The Okta Identity Cloud provides a solid foundation.
employees logging into Okta to access their work
customers connecting to the company via Okta
identity platform
- An old-world company looks to a digital future
- Getting identity under control
- Moving security to the cloud
- Smoothing the way for customers
- The platform vision takes shape
Family-owned Nicholas and Company is known for quality produce and reliable deliveries. But leaders at the food distribution company realize that to keep up with customer demands, market trends, and looming competition, they must construct a secure, frictionless digital platform.
IT leaders choose Okta to anchor identity because of its tight integration with Office 365, deploying Okta’s full workforce identity suite, including Single Sign-On, Multi-Factor Authentication, Universal Directory, and Lifecycle Management. To manage employee life cycles, they integrate Okta with their HR Information System, Paylocity.
Nicholas and Company IT moves security to the cloud, across the company’s entire on- and off-prem network, by switching from a Cisco appliance to a Palo Alto Networks solution. Both products integrate tightly with Okta, so the transition is easy.
IT then moves to secure and streamline the customer experience, deploying Okta for customer-facing applications. Now, customers move between two portals with a single login, and sensitive information remains secure.
Moving forward, Nicholas and Company plans to execute on its platform vision by deploying Okta API Access Management for deeper customer and security insights. Leaders hope to integrate directly with third parties, delivering even more secure authentication and access.
We wanted to transform IT at Nicholas and Company. To do that, we’re making Okta the centerpiece of our security and customer experience strategies.
Murali Penubothu, CIO and VP of Information Technology, Nicholas and Company
Benefits
- 750 employees logging into Okta to access their work.
- 80 years to build an old-school, hands-on business. Two years to develop an identity platform that connects it all together digitally.
- 5,000 customers connecting to the company via Okta, moving between two portals with a single login, with the right access for their role.
- Centralized identity management for employees, customers, suppliers, and partners.
- Strong authentication, to protect customer data and sensitive information.
- Reduced attack surface as a result of efficient lifecycle management.
- Increased visibility into user behaviors, enabling quicker identification and responses to threats.
Preparing an old-world company for a digital future
Nicholas and Company is the largest independent food distribution company in the Intermountain Western United States. Family-owned and headquartered in Salt Lake City, Utah, the company has been going strong for 80 years, providing everything its foodservice customers need every day—from latex gloves to specialty sausage.
The company’s strengths lie in its old-world, Greek heritage, its knowledgeable, hands-on sales team, its long-term commitments with growers in California’s Salinas Valley, and its fleet of refrigerated trucks providing reliable, on-time delivery. To maintain those advantages, however, the company needed to adopt a comprehensive digital strategy.
As CIO and vice president of information technology, Murali Penubothu is tasked with meeting busy restaurant-owners’ demands for a more streamlined and secure experience, and with making sure the company stays competitive as big retail players in the digital sphere turn their focus to food distribution.
“Our industry is getting completely revamped because of the consumer mindset,” he says. “We built our business on an old-school, high-touch model, but if we look out five to ten years, I see it evolving into a platform play. We are a middle player, connecting customers and suppliers. We have to make it easy for our partners to do business with us.”
When Penubothu came on board in 2016, he set out to transform legacy processes at Nicholas and Company and build an IT infrastructure founded on best-in-class applications. That meant moving away from traditional, on-premises solution stacks and putting many IT services in the cloud.
It was no small task. “We do multiple shipments a day, except for Saturday,” he says. “It’s a round-the-clock business. If our systems go down, that’s a major problem.” He needed a partner who could help his team make a smooth transition to the cloud, securing customer data and proprietary information each step of the way.
A call for secure, mobile employee access and a frictionless customer channel
The Nicholas and Company sales team provides a critical resource for customers, often walking through their kitchens and working closely to make sure they’re successful every day.
“Our sales people offer insight into food trends, what’s moving fast, what kinds of restaurants are opening up, and beneficial ingredients,” says Penubothu. “As a distributor, we have a lot of insight because we see our volumes go up or down. Having that information online and on a mobile device is extremely important,” he says. “We have to make sure our front-facing applications are slick and highly available.”
Easy access is also important for customer-facing applications. At the end of each day, busy restaurant managers need to be able to log in, put in a quick order, and be done. Nicholas and Company must offer chefs and managers a frictionless channel with clear information about the enormous variety of nuanced food products they can order.
At the same time, says Penubothu, “security is extremely important.” His team needed to upgrade their systems to give suppliers and customers the confidence that their trade secrets and sensitive data would remain private and secure.
Identity management would play a major role in Nicholas and Company’s IT upgrade. As a traditional Microsoft shop, the team had used Active Directory (AD) for years to manage identities, but the system had become confusing and unmanageable, says Penubothu. “It was so convoluted, we really didn’t know who was in what group, or who was giving them access. We struggled to associate the correlations.”
Transitioning to best-in-class identity management
Nicholas & Company IT was thinking big—going for the platform play. The team knew they needed an identity management partner that would integrate tightly with a broad variety of productivity applications. Penubothu chose Okta in large part because of its integration with Office 365 and integration with open security frameworks built on industry standards.
Today, the company centralizes employee access for tools, such as Microsoft Office 365, using Okta Universal Directory (UD) rather than AD. Okta Single Sign On (SSO) and Okta Adaptive Multi-Factor Authentication (MFA) provide strong authentication and secure control over application access.
Moving away from AD was a big step, but it was also central to the company’s IT transformation. “I picked Okta because we wanted to transform,” says Penubothu. “We’re a Windows shop, but as I push out into the cloud, I want to build a platform agnostic solution—not just Microsoft. We’re embracing open social technologies, Amazon technologies, and other clouds. The platform needs to be open to connect, transact, and authenticate. Security is extremely important for us.”
At a tactical level, he says, “We wanted to make sure that SSO and MFA were tightly integrated with our productivity applications. The number of our point applications were increasing. We didn’t want people writing passwords down on sticky notes.”
Nicholas and Company is a round-the-clock operation, so reliability is also crucial. Okta’s ability to grow with the company, while providing 99.9% uptime and zero planned downtime also played a big role in Penubothu’s decision.
The Okta Identity Cloud allows Nicholas and Company to add best-in-class applications to its infrastructure easily, increasing access for remote and mobile staff while managing applications and data securely. “We’ve received very positive feedback,” says Penubothu. “People love that they don’t have to deal with so many passwords.” And while it took some time and effort, he says, “We’re making the transition away from AD, and we feel like we have a good foundation with Okta.”
Securing network resources and employee life cycles
Next, Nicholas and Company IT moved security for their entire network, including on-prem and cloud resources, to the cloud. Penubothu made a decision to transition the company from Cisco’s Adaptive Security Appliance to Palo Alto Networks’ GlobalProtect VPN. Both products integrate tightly with Okta, so it was an easy transition.
Today, Okta and Palo Alto Networks provide comprehensive, end-to-end security and access for Nicholas and Company. “Anybody coming through the VPN, they now go through Okta authentication, so we can verify who is coming in and what they are connecting to,” says Penubothu.
“Until we put Okta in, we had no idea we got so much traffic from outside the country,” he says. Hackers target Finance users who may be vulnerable to their sophisticated tricks. Now that IT can see that traffic, they can implement policies that prompt users for MFA or that block international access altogether.
Next, the Nicholas and Company team worked with Okta to integrate Paylocity’s human resources software into their solution. “We wanted to use Paylocity as our master for employee profiles, so that Okta would take its cues from HR,” says Penubothu.
Employees can now be onboarded and offboarded from within Paylocity without any input from IT. “We’re using Okta Lifecycle Management to the fullest,” he says. “When somebody in Accounts Payable joins us, they get exactly the access they need to be productive, right away.”
When employees leave, the process is equally safe, secure, and frictionless. Getting lifecycle management under control reduces the attack surface for Nicholas and Company by clarifying and managing who has access to what.
Smoothing the way for customers
Once the Nicholas and Company team secured employee access and network resources, they moved to provide additional security and simplicity for their customers.
At the end of each day, busy restaurant managers want to be able to log in, put in the next day’s order, and be done—but security is also critical. Customers need confidence that only authorized users within their organization can trigger financial transactions or access sensitive information.
Penubothu’s team is currently upgrading the customer portal, looking to have all 5,000 of their customers authenticating with Okta by the end of 2019. “We have two big platforms for customers, and we’re bringing Okta in so each user has one login, with the right access for their role, the right reporting structures, the right setup,” says Penubothu. “That way, it’s just a click of a button. They’re in, and they’re connected.”
The platform vision takes shape
As he builds Nicholas and Company’s next-generation food distribution platform, Penubothu is creating an API-based integration layer that provides connectivity to current and future customers, partners, and suppliers.
“We’re thinking of using Okta’s API Access Management product to filter all the APIs and provide a 360-degree view of customer behavior,” he says. “We want to collect metrics around that, so we can better understand how customers are being engaged—how well we are supporting them from the perspective of both experience and security.”
Managing APIs centrally will give IT full visibility and control over authentication across Nicholas and Company’s network. Staff will be able to easily identify unusual or suspicious behaviors—and when customers, partners, or suppliers leave the platform for any reason, Penubothu looks forward to having a more streamlined way to disconnect the associated API.
Once the team has API access management in place, Penubothu plans to begin integrating directly with customers, suppliers, and partners so they can manage authentication and access as employees come and go. “That way, we’re not managing it,” he says. “If they’re authenticated on their end, they’ll be authenticated here.”
As Nicholas and Company moves toward a more digital future, its leaders have the opportunity to turn its old-world ethos and hands-on expertise into a modern force to be reckoned with. By building a secure, reliable platform, they set themselves up to compete successfully with large retail giants that, despite their considerable resources, lack the history and deep knowledge that Nicholas and Company was built on.
About Nicholas and Company
Nicholas and Company is the largest independent food distribution company in the Intermountain Western United States. Family-owned and based in Salt Lake City, Utah, the 80-year-old company serves 5,000 large and small foodservice customers in seven states. Its fleet of 150 refrigerated trucks transports food and restaurant supplies around the clock from distribution centers in Salt Lake City, Las Vegas, and Reno, Nevada.