Kroger Customer Story
Kroger needed to migrate hundreds of apps from SiteMinder to AzureAD ahead of a critical deadline. There was no time for app rewrites and no room for compromises.
The Kroger Company, established in 1883 and headquartered in Cincinnati, OH, is one of the world’s largest food retailers, with 500,000 employees and sales of $132.5B in 2020.
The Kroger Company had an identity problem. The retail grocery store giant needed to modernize the authentication and authorization of their applications. With SiteMinder, their existing single sign-on (SSO) identity solution at its end-of-life, Kroger had to fully migrate to Microsoft’s Azure Active Directory to avoid legacy vendor lock-in.
Kroger has many lines of business and different markets across the country. With more than 300 applications spanning all the way across the board from in-house built applications, using many different types of technologies and languages, to commercial off-the-shelf applications, Kroger estimated it would take many years to migrate.
The apps are used by everyone at Kroger on a daily basis from the bagger or clerks in the stores, all the way up to the directors and engineers. It is critical for the apps to work as intended for the users to be able to perform their job functions.
Rob Lenhoff, manager of the Cloud Information Security team at Kroger, was getting discouraged and feared they would not be able to meet their goals. This meant that they would have to manually rewrite the apps, setting Kroger way back on their timeline to modernize. It would also cost millions of dollars in coding and migration costs.
There was no time for app rewrites and no room for compromises. Kroger needed to:
Kroger looked for a solution that would help them transition from on-premises to the cloud but found nothing that would work. They wanted a process that could handle the scale they were managing while also being flexible enough to customize the solution for Kroger’s unique needs.
Then, a Kroger contact at Microsoft recommended that Lenhof talk to Strata. The team at Strata had developed a new approach to today’s distributed identity challenge, called Identity Orchestration. After the first meeting with Strata, Lenhof was finally hopeful. Strata’s Maverics Identity Orchestration Platform addressed the exact challenges Kroger faced.
“We were looking for a solution or a process that would help us to migrate and be flexible enough to handle the scale that we have here at Kroger,” said Lenhoff. “The other thing that we were interested in was a real partner who could help us understand what it is we needed to do to reach our goal. We got both of those things with Strata.”
After an initial proof-of-concept (POC), a rapid ‘migration factory’ was deployed. Using Strata’s “Lift-and-Shift” approach, rather than doing everything in one “Big Bang,” the migration process worked exactly as planned. Migrating apps off Siteminder was now simple and what would have taken months to move one app was done in hours.
“It was great right from the get-go. From the initial meeting where we came with our problems and explained where we were trying to get to and what our goals were. The conversation and the responses we were getting back were exactly what we were looking for.” — Rob Lenhof, Cloud Information Security Manager, Kroger
In Lenhof’s words, “Maverics just works — every time.” The Kroger team found Maverics easy to implement and they started seeing the benefits right away. Kroger is thrilled with the results so far from using Maverics for their app and identity migration. Using Maverics, Kroger will be able to completely move to AzureAD and shut down their Siteminder instance.
Kroger and Strata worked together to build out non-production instances of the solution and productionalized ones as well. They scaled out Maverics horizontally making it highly available and resilient and seamlessly integrated into the CI/CD toolchain.
“I don’t like to think about what could have been without Strata,” said Lenhof. “Because it could have been spending hundreds of thousands of hours redeveloping applications and reconfiguring those things.”
Kroger saved millions in custom coding, manual testing and validation work, and endless years of migration projects. And, they slashed legacy infrastructure expenses by retiring legacy identity software and related infrastructure.
Another key result, and added bonus, was that there has been zero disruption to the end user experience. The team loves that their stakeholders are none-the-wiser that they are now using a new modern form of authentication.
“I would highly recommend other enterprises that are interested in modernizing their applications and increasing their security posture to talk with Strata,” said Lenhof.
Kroger accelerated the completion date of migration by several years allowing them to focus on the future in the cloud. “The industry standards and protocols like you guys [Strata] do moves us more towards the future and keeps things simpler. It was great that we had the option of not having to figure this thing out on our own.”
Beyond the technical side, Kroger wanted a knowledgeable partner who could provide advisory insights. Lenhof and his team are looking forward to a modernized future working with Strata.
“One of my goals of moving to the cloud and all that is to simplify things,” revealed Lenhof. “I think in the future [Maverics] simplifies a lot of what we have to worry about with authentication and authorization.” With Strata, Kroger feels confident about moving to the future and leveraging the power of the cloud.