Upload
layer7tech
View
220
Download
0
Embed Size (px)
Citation preview
8/2/2019 Ogilvy & Mather - Web Services Security
1/2
Ogilvy & Mather has built some of the most famous brand names in history the planet
since its Madison Avenue origins in 1948. Today, Ogilvy encompasses 497 offices in
162 countries. But therein lay the origins of an IT problem: while relationships are
best handled locally, creativity knows no bounds. In order to facilitate collaboration
between a worldwide team of creative professionals, partners and clients, Ogilvy
needed a way to move extremely large media files rapidly and securely.
The Business Challenge
Up until 2001, Ogilvy had been building custom web applications to give authorized
personnel, partners and customers access to collaborative functionality via a Web
browser. According to Andres Andreu, Technical Director of Web Engineering and
Applications at Ogilvy, We started writing [Web applications] to meet some client
needs to tap into sources of data and provide them some functionality in return. We
[stored] their user data [in LDAP sources] on our side so that they could use [our] applications.
However, the solution was not scalable. Andreu: We found ourselves writing Web based apps to facilitate these
needs and I sat down one day and said this is not efficient. Its fine if youre doing it for one client. But when the
second, and the third, and the fourth start asking for the same thing, yet they all want it customized to their needs.
Thats certainly not the right approach.
Web Services to the Rescue
Web services offered a way out of the custom-built merry go round by providing a common, reusable framework
that was far easier to customize for each clients needs than modifying a Web application. Once familiar with
building Web services, Ogilvy decided to tackle their next biggest issue: LDAP exports and imports. We used the
Web services framework to abstract access to our entire directory space, explained Andreu. Prior to that, the
other side of the world had to be in tune with our schema We bought ourselves a lot of flexibility, or loose
coupling if you will, of the systems.
So now Ogilvy had a flexible Web services-based system that could authorize users before granting them access to
the shared functionality. The only problem was that once those users were on the network, they had access to
everything they just didnt know it because the end points and formats werent published. Security through
obscurity is little better than no security at all, so Ogilvy began the search for a way to implement end point
authentication.
Ensuring Security
But solutions that identity-enabled Web services were hard to come by, especially one that could meet all of
Ogilvys requirements. As a result, they even toyed with building a solution themselves, but quickly abandoned theidea when they realized how complex an undertaking it was. Then Andreu stumbled across an offering from Layer
7 called the SecureSpan Gateway which, coupled with the SecureSpan XML VPN Client (XVC) sounded like it might
be a good fit. The XVC would be the key automatically negotiating the handshake between the customer and
Ogilvy without requiring any IT resources on the customers side. Any changes Ogilvy made to their security
parameters going forward (such as requiring encryption, credentials, digital signatures, and so on) would be
seamlessly accounted for by the XVC. There would be no need for the customer to recode their application to take
into account the new security requirements.
Ogilvy by the Numbers
Founded in 1948
Approximately 16,000 employees
More than 497 offices serving
clients in 162 countries
Clients include a majority of the
companies in the Fortune 500
Composed of 7 divisions:
OgilvyOne, OgilvyInteractive,
Neo@Ogilvy, Ogilvy PR, Ogilvy
Healthworld, OgilvyAction, and
OgilvyEntertainment
Ogilvy & MatherConnecting Clients Worldwide with SOA
8/2/2019 Ogilvy & Mather - Web Services Security
2/2
Ogilvy & Mather Case Study
Copyright 2011 Layer 7 Technolog
trademarks of Layer 7 Technologies I
I cant stand PowerPoint presentation
the box in, left us with all the informati
the consumer, and we verified everyth
held up. It was amazing to me, becaus
Once we verified everything internall
prototype, explained Andreu. We ha
we were done in less than a day. Usual
half a day in, [going] this looks like its
been a success ever since.
After three months, because the proof
to moved Layer 7 into production at se
are able to seamlessly talk to one anot
were up and running literally in a matt
their existing WSSecurity- or SAML-bas
The Results
Today, Layer 7 forms the security back
internal systems, as well. Its one of tapplication in India has a database, an
more batch processing scheduled. If th
client call out to the service in India an
framework. And that buys us the flexib
[The Layer 7 solution has] even given
services its transactional, explained
entire reporting process.
ies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies d
nc. All other trademarks and copyrights are the property of their respe
s. Give me the box, and lets get down, stated Andreu.
on we needed, and they went back home. We wrote PE
ingI threw our security team at it, and we just hammer
we havent seen a clean Proof of Concept like that in a
we got an external application and an external client in
d scheduled three days worth of integration time betwe
ly three days means two weeks, right? It was great beca
going to finish todaythis is too good to be true. But it
of concept went so well and the vendor check so smoot
ven client locations. Because the SecureSpan Gateway a
her and resolve all identity and security issues automatic
r of minutes after installing the Client. Customers that
ed solutions could also be accommodated by the Secure
bone not only of Ogilvys client interaction strategy, but
e things were doing radically different now, stated Anwe want to keep their database synchronized with our
eres an application that triggers a change in LDAP, that
d update their database. This is one of the ways were us
ility out at the edge.
us an advantage on Sarbanes-Oxley compliance, becaus
ndreu. Youre auditing each transaction one by one, so
sign mark are
ctive owners. 2
So they came, put
L scripts to become
ed away. And it
hile.
olved for a
n them and us, and
se we all sat there,
as true, and its
hly, Ogilvy decided
nd XML VPN Client
ally, the customers
referred to use
Span Gateway.
lso many of their
reu. Lets say anLDAP. Theres no
ill trigger a SOAP
ing this whole
with the web
its simplified that