Ogilvy & Mather

Connecting Clients Worldwide with SOA

Ogilvy by the Numbers
Founded in 1948 Approximately 16,000 employees More than 497 offices serving clients in 162 countries Clients include a majority of the companies in the Fortune 500 Composed of 7 divisions: OgilvyOne, OgilvyInteractive, Neo@Ogilvy, Ogilvy PR, Ogilvy Healthworld, OgilvyAction, and OgilvyEntertainment

Ogilvy & Mather has built some of the most famous brand names in history the planet since its Madison Avenue origins in 1948. Today, Ogilvy encompasses 497 offices in 162 countries. But therein lay the origins of an IT problem: while relationships are best handled locally, creativity knows no bounds. In order to facilitate collaboration between a worldwide team of creative professionals, partners and clients, Ogilvy needed a way to move extremely large media files rapidly and securely.

The Business Challenge

Up until 2001, Ogilvy had been building custom web applications to give authorized personnel, partners and customers access to collaborative functionality via a Web browser. According to Andres Andreu, Technical Director of Web Engineering and Applications at Ogilvy, We started writing [Web applications] to meet some client needs to tap into sources of data and provide them some functionality in return. We [stored] their user data [in LDAP sources] on our side so that they could use [our] applications. However, the solution was not scalable. Andreu: We found ourselves writing Web based apps to facilitate these needs and I sat down one day and said this is not efficient. Its fine if youre doing it for one client. But when the second, and the third, and the fourth start asking for the same thing, yet they all want it customized to their needs. Thats certainly not the right approach.

Web Services to the Rescue

Web services offered a way out of the custom-built merry go round by providing a common, reusable framework that was far easier to customize for each clients needs than modifying a Web application. Once familiar with building Web services, Ogilvy decided to tackle their next biggest issue: LDAP exports and imports. We used the Web services framework to abstract access to our entire directory space, explained Andreu. Prior to that, the other side of the world had to be in tune with our schema We bought ourselves a lot of flexibility, or loose coupling if you will, of the systems. So now Ogilvy had a flexible Web services-based system that could authorize users before granting them access to the shared functionality. The only problem was that once those users were on the network, they had access to everything they just didnt know it because the end points and formats werent published. Security through obscurity is little better than no security at all, so Ogilvy began the search for a way to implement end point authentication.

Ensuring Security
But solutions that identity-enabled Web services were hard to come by, especially one that could meet all of Ogilvys requirements. As a result, they even toyed with building a solution themselves, but quickly abandoned the idea when they realized how complex an undertaking it was. Then Andreu stumbled across an offering from Layer 7 called the SecureSpan Gateway which, coupled with the SecureSpan XML VPN Client (XVC) sounded like it might be a good fit. The XVC would be the key automatically negotiating the handshake between the customer and Ogilvy without requiring any IT resources on the customers side. Any changes Ogilvy made to their security parameters going forward (such as requiring encryption, credentials, digital signatures, and so on) would be seamlessly accounted for by the XVC. There would be no need for the customer to recode their application to take into account the new security requirements.

Ogilvy & Mather Case Study

I cant stand PowerPoint presentations. Give me the box, and lets get down, stated Andreu. So they came, put the box in, left us with all the information we needed, and they went back home. We wrote PERL scripts to become went the consumer, and we verified everythingI threw our security team at it, and we just hammered away. And it held up. It was amazing to me, because we havent seen a clean Proof of Concept like that in awhile. Once we verified everything internally we got an external application and an external client involved for a prototype, explained Andreu. We had scheduled three days worth of integration time between them and us, and we were done in less than a day. Usually three days means two weeks, right? It was great because we all sat there, ually half a day in, [going] this looks like its going to finish todaythis is too good to be true. But it was true, and its been a success ever since. After three months, because the proof of concept went so well and the vendor check so smoothly, Ogilvy decided use to moved Layer 7 into production at seven client locations. Because the SecureSpan Gateway and XML VPN Client are able to seamlessly talk to one another and resolve all identity and security issues automatically, the customers were up and running literally in a matter of minutes after installing the Client. Customers that preferred to use their existing WSSecurity- or SAML-based solutions could also be accommodated by the SecureSpan Gateway. based

The Results
Today, Layer 7 forms the security backbone not only of Ogilvys client interaction strategy, but also many of their internal systems, as well. Its one of the things were doing radically different now, stated Andreu. Lets say an application in India has a database, and we want to keep their database synchronized with our LDAP. Theres no more batch processing scheduled. If theres an application that triggers a change in LDAP, that will trigger a SOAP client call out to the service in India and update their database. This is one of the ways were using this whole framework. And that buys us the flexibility out at the edge. [The Layer 7 solution has] even given us an advantage on Sarbanes Oxley compliance, because with the web Sarbanes-Oxley wi services its transactional, explained Andreu. Youre auditing each transaction one by one, so its simplified that entire reporting process.
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.