Securing application access for employees and contractors with a great user experience for seamless work from anywhere
GROWMARK is a large agricultural cooperative serving cooperatives, retailers, businesses, and customers in the US and Canada. The company provides customers with fuels, lubricants, crop nutrients, crop protection products, seed, construction services, equipment, and grain marketing assistance.
Provide zero trust access to hundreds of on-premises and AWS-hosted apps while upgrading VPN public interfaces and technology
Sustains transition of 98% of employees to remote zero trust network access
Provides secure remote access to internal applications on AWS with ZPA
Shrinks attack surface by reducing number of public-facing applications and interfaces
Significantly improves the end user experience of running apps on AWS
Strengthens security while reducing the administrative burden for IT
With ZPA and AWS, we get better security and more comprehensive visibility. We’re able to be more compliant, and it’s easier on our admins.
Thriving as 98% of staff work from home through ZscalerRead the Blog
Making zero trust network access (ZTNA) possible with ZPA
Like most organizations with distributed locations and employees working from anywhere, GROWMARK had encountered connectivity challenges well before the COVID-19 pandemic. The company’s remote and hybrid workforce operates in over 500 rural locations that often have spotty or unreliable internet service.
Faced with a sudden need to securely support remote work across all locations, GROWMARK knew that it needed to quickly establish a zero trust, cloud-first environment that could improve reliability, user experiences, and scalability by providing secure and reliable remote access into hundreds of applications. GROWMARK needed to solve these challenges quickly to keep employees working so that their customers could continue to plant essential crops.
When GROWMARK decided to accelerate its digital transformation and move as many of its operations as possible to the cloud, it selected Zscaler as its partner, employing Zscaler Private Access (ZPA) to reduce the company’s attack surface without impacting users’ ability to access everything required to do their jobs.
“We needed to provide zero trust access to hundreds of apps hosted in AWS,” explained Eric Fisher, GROWMARK’s Director of Enterprise IT systems. “I didn’t want to have public interfaces to our private environment.”
GROWMARK also wanted to tie access to identity and multi-factor authentication (MFA) to help gain better visibility into what users were doing online. ZPA gave the company the centralized visibility they needed. “We could see what users were connecting to, and what path they were taking to get there,” noted Fisher. “That improved visibility just came with ZPA.”
As part of its effort to become a “cloud- and mobile-first” company, GROWMARK realized that it would also need to replace its legacy VPN technology with a solution that could better support its remote, rural, connectivity-challenged workforce.
“Given our rural footprint and that we have over 500 locations spread over what I consider some of the toughest markets to find good connectivity, it was important that we had tolerant and resilient technology that could live on those poor connections,” said Fisher. “We found that ZPA is very tolerant of poor connectivity, and that it made secure remote access easy and friction-free for our employees.”
I haven’t had many IT platforms roll out where I’ve had users just randomly stop me and thank me. But the ZPA rollout was one of those.
GROWMARK had begun its journey with Zscaler several years earlier, initially implementing Zscaler Internet Access (ZIA) for its mobile users to perform inline inspection of all data, including encrypted traffic at scale.
“We had a real challenge with our legacy hardware. We talked to other vendors about their hardware, but none of them could guarantee that we could decrypt at scale,” recalled Fisher. “We needed a way to make sure we could see these unknown files, wherever they came from, and have them processed without any latency—and without physical infrastructure we’d then have to manage and maintain.”
At the time, GROWMARK chose ZIA because of its unique ability to handle the business requirement of securing all internet traffic while providing policy consistency in a cloud-first, flexible model that could be deployed by identity, not location. As a bonus, they discovered ZIA was simple to administer and transparent to users.
We could see what users were connecting to, and what path they were taking to get there. That improved visibility just came with ZPA.
At the height of the COVID-19 pandemic, according to Fisher, 98% of GROWMARK’s staff was working from home and connecting through Zscaler. All internet and SaaS traffic was protected through ZIA, while secure remote access to internal applications in AWS and GROWMARK’s data centers was provided through ZPA.
Having the joint Zscaler and AWS solution in place made the shift to remote work essentially a non-event for GROWMARK. “When everyone went home, traffic through ZPA grew, with virtually no issues,” said Fisher. “Our biggest IT issue with COVID-19 was: how many monitors do our staff get to take home? It was pretty magical. It took a couple of years to get prepared for an event like this, but we were ready.”
With Zscaler and AWS, we’re removing vectors for inbound attacks, as well as tying users, via identity, to a much more granular level of access.
By implementing ZIA and ZPA with AWS, GROWMARK was able to accomplish several key goals. It safely accelerated a cloud and mobile-first strategy and delivered dependable, frictionless remote access to key systems on-premises, as well as on the AWS cloud. In addition, the company delivered superior security capabilities including SSL decryption, multi-factor authentication, and modern identity management, while simultaneously increasing visibility and administration across its IT environment.
“We’re way down the path of a zero trust model,” Fisher noted. “With Zscaler and AWS, we’re removing vectors for inbound attacks, as well as tying users, via identity, to a much more granular level of access.”
According to Fisher, traffic through the Zscaler Zero Trust Exchange platform has more than doubled over the past year, with 1.8 billion transactions processed through the systems.
Perhaps most importantly, the enterprise has been transparent to GROWMARK’s users throughout the process—and they’ve been very appreciative of the day-to-today improvements the solution has delivered.
“I haven’t had many IT platforms roll out where I’ve had users just randomly stop me and thank me,” Fisher commented. “But the ZPA rollout was one of those. Multiple people on staff have told me they can’t believe how easy and effective the tool is.”