Gap Inc. Direct, Utilizes Red Hat Enterprise Linux and Likewise Enterprise for Security and Compliance of E-Commerce Sites and Back-End Production

Logo - No Image

July 29, 2009

Customer: Gap Inc.

Industry: Retail
Geography: North America
Country: United States


Business Challenge:

Ensuring security and payment card industry compliance while managing system level access across the enterprise

Migration Path:

UNIX and Microsoft Windows to Red Hat Enterprise Linux

Software:

Red Hat Enterprise Linux, Likewise Enterprise

Hardware:

1,500 Intel-based IBM blade servers

Benefits:

Savings of hundreds of thousands of dollars annually on reduced administrative and hardware costs associated with compliance and security requirements. Compliance with PCI and SOX requirements through automatic authentication of users across a mixed systems environment.“The ROI [return on investment] of the Red Hat-Likewise solution is up to several hundred thousand dollars annually once you add all of the hardware and software savings to the reduced costs associated with manually auditing the systems. Likewise Enterprise’s compliance enhancements allowed us to control user access and permissions, thus enabling us to grow our Red Hat Enterprise Linux environment.” – Jeff Arcuri, senior manager, IT for GAP Inc. Direct

More
Background:

The Gap, Inc. is a specialty retailing firm that operates more than 3,100 retail and outlet stores within the United States and internationally. Founded in 1969, the Gap sells casual apparel, accessories and personal care products for men, women, and children under the Gap, Old Navy, Banana Republic, Piperlime, and Athleta brands. Through its Gap Inc. Direct line of business, it also offers its products through gap.com, bananarepublic.com, oldnavy.com, piperlime.com, and recently launched athleta.com Web properties. Headquartered in San Francisco, the Gap currently employs more than 150,000 workers around the world, and generated $14.5 billion in revenues in 2008; online sales through Gap Inc. Direct Web sites accounted for approximately seven percent, or $1 billion.

Business Challenge:

In late 2003 the Gap Inc. Direct needed to revamp its entire end-to-end business technology platform – from the customer-facing front-end system, to the back-end order management application, to the business tools that supported the company’s long-term growth strategy. Previously, the Gap Direct’s e-commerce platform was largely built on Microsoft Windows. The need for new features – as well as concerns about the platform’s ability to scale given the retailer’s ambitious growth plans drove Gap Inc. Direct to evaluate alternative solutions to the Microsoft platform.

“Our growth was very strong and projected to continue for the foreseeable future, and we needed to scale to meet that growth,” said Jeff Arcuri, senior manager, IT for Gap Inc. Direct. “We knew we wouldn’t be able to do that cost-effectively with our existing systems and tools.”

GID’s team performed in-depth testing of three different platforms for the revamped infrastructure: UNIX, Linux, and Windows. The decision turned out to be an easy one. Linux outperformed the other platforms.“We were seeing a lot of momentum in the retail industry toward leveraging open source in general, and Linux in particular,” said Arcuri.

Once Linux was chosen as the operating system, his team put all the different flavors of Linux through testing using five key criteria. “It had to meet our performance objectives; it had to be secure; and it had to be scalable and manageable within a large enterprise-class implementation, and fit within our budget,” he said. “Red Hat Enterprise Linux was the clear winner.”

Although Red Hat Enterprise Linux was the new standard operating system across the enterprise, Gap Inc. Direct still had systems running UNIX platforms IBM AIX and Sun Solaris, as well as Microsoft Windows. As with all retailers, Gap Inc. Direct needed to perform audits to meet Payment Card Industry (PCI) and Sarbanes-Oxley (SOX) compliance requirements.

Gap Inc. Direct uses Microsoft’s Active Directory (AD) for administrative tools to grant and control end-user permission, but AD by itself doesn’t support Linux or Unix, this resulted in the need for several systems administrators and analysts to analyze all of the logs of hundreds of servers every time an audit needed to be performed – a task that took IT employees away from their day-to-day responsibilities. With the implementation of Likewise Enterprise, GAP Inc. Direct has reduced the time commitment to approx. 40 hours per quarter.

Solution:

The Gap Inc. Direct needed an identity management solution that would communicate between Active Directory and Red Hat Enterprise Linux to automate the control of user access and permissions throughout the company.

To automate more of the process and free up systems administrators for more valuable work, as well as make user access permissions in this mixed operating environment simpler, Arcuri deployed an identity management tool from Likewise Software.

Likewise Enterprise, built with Red Hat technologies, enables enterprises to securely authenticate users in mixed operating systems environments that include Linux, UNIX, Macintosh, and Windows systems, with Microsoft Active Directory, and includes world-class migration, group policy, audit, and reporting modules.

The Gap Inc. Direct has set up group profiles for several different kinds of employees, so administrators don’t have to configure profiles individually. Likewise Enterprise also produces reports by user, by date, and by server.

Benefits:

Today, Gap Inc. Direct is a Red Hat shop and “proud of it,” said Arcuri. “We run the majority of our systems on Red Hat Enterprise Linux and utilizing Likewise Enterprise has enabled us to control and manage system access for identity management, and has enabled us to increase the number of Red Hat systems,” he said. The support Gap Inc. Direct has received from Red Hat and Likewise to make this run smoothly has been superb, said Arcuri. “Whenever we have a high-impact issue, both Red Hat and Likewise are there for us – through upgrades and patches – even with us pushing the operating system to its absolute limits,” he said.

As far as benefits go, first and foremost, Gap Inc. Direct has realized tremendous cost savings. “The ROI [return on investment] of the Red Hat-Likewise solution is hundreds of thousands of dollars annually once you add the hardware and software savings to the reduced costs of manually auditing our systems. Likewise Enterprise’s compliance enhancements allowed us to expand our use of Red Hat Enterprise Linux,” said Arcuri.

The scalability of Red Hat Enterprise Linux has also been more than what Arcuri had hoped for. Gap Inc. Direct recently added a new brand of women’s sporting apparel – Athleta – which involved creating another Web site in addition to the existing gap.com, bananarepublic.com, oldnavy.com, and piperlime.com sites. “Building out another brand was easy, because we were able to leverage the existing Red Hat Enterprise Linux infrastructure, plus with Likewise we had all of the access policies and permissions in place,” said Arcuri.

Finally, the reliability of the Red Hat Enterprise Linux servers has been exemplary from the start according to Arcuri. “By choosing Red Hat Enterprise Linux and Likewise Enterprise, everything just fell into place,” he said. “Once we achieved compliance and realized just how stable, reliable, and high performing the operating system was, we were free to concentrate on getting the applications themselves developed and out the door. Our need to support five world-class brand names requires a world-class infrastructure, and that’s what Red Hat and Likewise have provided.”

Contact Sales

Less