VIEWS: 8 PAGES: 2 POSTED ON: 4/4/2012 Public Domain
Connecting clients worldwide through secure Web services Founded in 1948, Ogilvy & Mather is a leading advertising, marketing and public relations firm. Ogilvy has 498 offices in 162 countries. Having creative professionals dispersed over an international organization of this size poses significant IT challenges – particularly as it is often necessary to move extremely large media files rapidly and securely between locations.
Ogilvy & Mather Connecting Clients Worldwide with SOA Ogilvy & Mather has built some of the most famous brand names in history the planet Ogilvy by the Numbers since its Madison Avenue origins in 1948. Today, Ogilvy encompasses 497 offices in Founded in 1948 162 countries. But therein lay the origins of an IT problem: while relationships are Approximately 16,000 employees best handled locally, creativity knows no bounds. In order to facilitate collaboration More than 497 offices serving between a worldwide team of creative professionals, partners and clients, Ogilvy clients in 162 countries needed a way to move extremely large media files rapidly and securely. Clients include a majority of the companies in the Fortune 500 The Business Challenge Composed of 7 divisions: Up until 2001, Ogilvy had been building custom web applications to give authorized OgilvyOne, OgilvyInteractive, personnel, partners and customers access to collaborative functionality via a Web Neo@Ogilvy, Ogilvy PR, Ogilvy browser. According to Andres Andreu, Technical Director of Web Engineering and Healthworld, OgilvyAction, and OgilvyEntertainment Applications at Ogilvy, “We started writing [Web applications] to meet some client needs to tap into sources of data and provide them some functionality in return. We [stored] their user data [in LDAP sources] on our side so that they could use [our] applications.” However, the solution was not scalable. Andreu: “We found ourselves writing Web based apps to facilitate these needs and I sat down one day and said ‘this is not efficient.’ It’s fine if you’re doing it for one client. But when the second, and the third, and the fourth start asking for the same thing, yet they all want it customized to their needs. That’s certainly not the right approach.” Web Services to the Rescue Web services offered a way out of the custom-built merry go round by providing a common, reusable framework that was far easier to customize for each client’s needs than modifying a Web application. Once familiar with building Web services, Ogilvy decided to tackle their next biggest issue: LDAP exports and imports. “We used the Web services framework to abstract access to our entire directory space,” explained Andreu. “Prior to that, the other side of the world had to be in tune with our schema… We bought ourselves a lot of flexibility, or loose coupling if you will, of the systems.” So now Ogilvy had a flexible Web services-based system that could authorize users before granting them access to the shared functionality. The only problem was that once those users were on the network, they had access to everything – they just didn’t know it because the end points and formats weren’t published. ‘Security through obscurity’ is little better than no security at all, so Ogilvy began the search for a way to implement end point authentication. Ensuring Security But solutions that identity-enabled Web services were hard to come by, especially one that could meet all of Ogilvy’s requirements. As a result, they even toyed with building a solution themselves, but quickly abandoned the idea when they realized how complex an undertaking it was. Then Andreu stumbled across an offering from Layer 7 called the SecureSpan Gateway which, coupled with the SecureSpan XML VPN Client (XVC) sounded like it might be a good fit. The XVC would be the key – automatically negotiating the “handshake” between the customer and Ogilvy without requiring any IT resources on the customer’s side. Any changes Ogilvy made to their security parameters going forward (such as requiring encryption, credentials, digital signatures, and so on) would be seamlessly accounted for by the XVC. There would be no need for the customer to recode their application to take into account the new security requirements. Ogilvy & Mather Case Study “I can’t stand PowerPoint presentations. Give me the box, and let’s get down,” stated Andreu. “So they came, put went the box in, left us with all the information we needed, and they went back home. We wrote PERL scripts to become the consumer, and we verified everything…I threw our security team at it, and we just hammered away. And it held up. It was amazing to me, because we haven’t seen a clean Proof of Concept like that in awhile.” “Once we verified everything internally we got an external application and an external client involved for a prototype,” explained Andreu. “We had scheduled three days worth of integration time between them and us, and ually we were done in less than a day. Usually three days means two weeks, right? It was great because we all sat there, half a day in, [going] ‘this looks like it’s going to finish today…this is too good to be true.’ But it was true, and it’s been a success ever since.” After three months, because the proof of concept went so well and the vendor check so smoothly, Ogilvy decided use to moved Layer 7 into production at seven client locations. Because the SecureSpan Gateway and XML VPN Client are able to seamlessly talk to one another and resolve all identity and security issues automatically, the customers were up and running literally in a matter of minutes after installing the Client. Customers that preferred to use based their existing WSSecurity- or SAML-based solutions could also be accommodated by the SecureSpan Gateway. The Results Today, Layer 7 forms the security backbone not only of Ogilvy’s client interaction strategy, but also many of their internal systems, as well. “It’s one of the things we’re doing radically different now,” stated Andreu. ““Let’s say an application in India has a database, and we want to keep their database synchronized with our LDAP. There’s no more batch processing scheduled. If there’s an application that triggers a change in LDAP, that will trigger a SOAP client call out to the service in India and update their database. This is one of the ways we’re using this whole framework. And that buys us the flexibility out at the edge.” Sarbanes-Oxley wi “[The Layer 7 solution has] even given us an advantage on Sarbanes Oxley compliance, because with the web services it’s transactional,” explained Andreu. “You’re auditing each transaction one by one, so it’s simplified that entire reporting process.” Copyright © 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners. 2
Pages to are hidden for
"Case Study: Ogilvy & Mather - Web Services Security"Please download to view full document