National Oilwell Varco
Office 365 Migration at Scale
National Oilwell Varco
Oil and Gas Manufacturing
25,000 computer users
Company IT Footprint: National Oilwell Varco is a globally distributed company with plants or operations in over 600 locations. Of its large computing workforce of 25,000 employees, 70% are mobile with laptops.
“Forced by necessity, we had to figure out how to embark on our own journey to modernize and adopt new technology to our business.”
Alex Philips, Chief Information Officer, National Oilwell Varco
National Oilwell Varco (NOV) is a manufacturer of oil well equipment, such as drill heads. This is a story of how NOV took a pragmatic approach to the cloud when it needed to get rid of legacy technical debt. NOV's goals: more capabilities and lower costs. Cloud transformation helped NOV power quantum changes in its IT infrastructure, even during challenging economic times while still delivering. Alex Philips is the Chief Information Officer at NOV. In this next journey, he shares how his team found a way for its globally distributed organization to be secure while upgrading the tools and processes it used in the cloud.
In the words of Alex Philips:
I was CISO of National Oilwell Varco (NOV) when the bottom dropped out of the oil and gas market. Spot prices for crude plummeted below $30 per barrel. I had a long career at NOV, working my way up from system administrator. Over that time I had established trust with the executive leadership and my teams. I had 20 people in my security team with plans and budgets to grow that to 40. Shortly after the crisis hit, our CIO departed and I stepped into the dual role of CIO and CISO. My primary task? Cut costs. Do more with less.
The downturn impacted the entire oil and gas exploration industry, including our customers. Once profitable at $70 per barrel, everyone needed to cut costs to face a new reality. Part of the response was the digitization of oil and gas exploration. The mantra was “more data.” We began to instrument our products. We could save on wear and tear and replacement costs for our customers. Of course, they were making decisions—using data—that allowed them to make better choices about where and when to drill. Over time, the industry has achieved profitability at $40 per barrel.
As a company, we had beefed up our IT security in the 2010 to 2014 timeframe. It was time to think about a refresh cycle, but many of our larger locations were upgrading from 1-gigabit to 10-gigabit networks. There is a huge cost difference in security appliances to make that transition and to handle 10-gigabits of traffic. We were looking at a $2 million investment just to maintain the same capability. And what about the OPEX to maintain all that gear? How could we reduce that?
It started with Office 365
I remember everyone was talking about the cloud. Microsoft was pushing really hard on Office 365. We had almost a hundred Microsoft Exchange servers globally to maintain that contained over a petabyte of email storage. It was going to cost $12 million to continue down that path of managing our own email, and it was only growing larger. I remember deciding, “Let’s just give our email to Microsoft to manage.”
So we began that journey, a change to the way we did business in IT. Before the downturn, we had purchased all of our own servers and did everything in-house. The downturn got us thinking and led to a strategic pivot towards the cloud.
“An interesting fallout from this transformation to the cloud is that we actually expanded our technology footprint.”
I remember thinking, “All these security appliances, this is ridiculous.” All of those mobile employees did not work behind those security appliances. They were going directly to the internet. With the Zscaler cloud service, we could protect them no matter where they were.
We did not have a sanctioned cloud storage solution at that time. However, the move to Office 365 gave every user a terabyte of storage on Microsoft OneDrive. Now, each user can share data and folders with third parties and be more effective.
An interesting fallout from this transformation to the cloud is that we actually expanded our technology footprint. Ironically, shifting to Microsoft cloud services with secure access from anywhere meant we could also support iPads, Macs, and even iOS phones.
The reaction from our employees was amusing. Here we were slashing tens of millions of dollars from our budget, while at the same time enabling modern tools. Our users were thinking IT was spending so much on all this new stuff, when in reality we were spending dramatically less and delivering more.
Embracing SaaS applications
It’s funny how cloud adoption happens. Often it is organic. Users use new technology before IT gets dragged in. Smartsheet for project tracking and collaboration is an example. Users had flocked to Smartsheet, and the IT group got pulled in to manage identities and access. We have adopted it as a sanctioned application.
We transitioned our limited unsanctioned Dropbox users to OneDrive. We have also seen a massive uptick in Slack usage for collaboration. IT has not embraced it, but thanks to our cloud security service, we are comfortable with people using it even though it is not yet officially sanctioned. We definitely see the shift to cloud applications. We have even begun the journey of moving HR and corporate finance to the cloud.
“It’s funny how cloud adoption happens. Often it is organic. Users use new technology before IT gets dragged in.”
Shifting our HR and corporate finance to the cloud is a major leap for us. These applications are publicly available over the internet instead of in our data centers. I don’t have direct access to the underlying database, and I don’t need to maintain it. Everything is done through APIs that I don’t even have to schedule outages and deployments for upgrades.
A multi-cloud strategy
We are taking a pragmatic approach to the cloud. We don’t have a cloud-first strategy; we have a “cloud when it makes sense” strategy. We need to get rid of legacy technical debt. It needs to be cheaper, and it needs to give us more capability.
And then there are our internal applications. We count over 2,000 official internal applications, and I am sure there are more we don’t know about. We have rarely forced people to quit using an application. At one point we had 70 different ERP systems. It costs millions to change ERPs and is very disruptive. We have learned to live this way and perform lots of consolidation of financials to do the mapping of general ledgers and reporting. We also have a data warehouse that allows everyone to use their existing ERP, while we can see the whole picture.
For public cloud we have adopted a multi-cloud strategy. We do have IaaS on Amazon and Azure and are actively looking at adding Google and Oracle. We are only moving workloads to the cloud where it makes sense. We have started a project to do a full analysis to figure out what it truly costs to host a server in our data centers.
Given that, we are not looking at re-doing most of our applications. When the next cycle of higher oil prices comes, the questions will be, “How do we refactor the business? How do we look at machine learning? How do we look at containerization?” We are at that beginning phase where we are deciding to not make a monolithic big app but rather 20 to 30 micro services that can be tied together, something that is cloud ready.
The cloud delivers more functionality and at a lower cost
Take Zscaler as an example of “just software.” We were able to get rid of our expensive and hard-to-maintain security appliances, while taking advantage of the scale and redundancy of Zscaler. We now point our traffic to two different Zscaler data centers. I did not have the money to do this in the old appliance world as it would have cost twice as much. We get more features, cheaper, along with more capability.
“We were able to get rid of our expensive and hard-to-maintain security appliances.”
Office 365 is the same way. More features, lower cost, more capability like OneDrive and Teams. We are confident that moving HR and corporate finance to the cloud will have the same advantages.
Leveling the playing field with cloud
IT has always been a competitive advantage. It drives the dual objectives of serving more customers and reducing costs.
But now the cloud is leveling the playing field. I worry about how cloud transformation is going to change the competitive landscape in our industry. In the old days, if you were a small “mom and pop,” you did not have data analytics, massive data warehouses, or a digitally collaborative platform. That was reserved for large organizations such as ours with over 20 years of investments in systems, processes, and people. All of a sudden, the small shops can get better IT in the cloud. They don’t have to hire IT people, buy and deploy servers, or build data centers. They can essentially leapfrog us without making a huge investment. To their customers, they have better technology than the large players.
Network transformation with SD-WAN and cloud security
We had eleven internet egress points around the world optimally arranged in the traditional MPLS hub-and-spoke architecture.
Currently, we are on a journey to more of a mesh with SD-WAN. Our network team is excited by the promise of SD-WAN: use software to control the network and deploy low-cost boxes across the network. This gives us internet circuits that are ten times faster than traditional MPLS dedicated circuits, without any impact on quality. With the SD-WAN approach, the data in transit is always encrypted, addressing potential issues we may encounter in many of the countries where we operate.
“Our mantra: You should be able to access your data anytime from anywhere on any device (within reason).”
Our MPLS mandate was that the network had to be reliable, always up. We think with SD-WAN we can failover to cellular or our employees can head to a Starbucks to get access. Considering the fact that our MPLS budget has exceeded $400K per month just to service the 100 United States facilities, there are a lot of financial benefits to be clawed back by moving to SD-WAN, where we point all internet traffic to Zscaler’s cloud security platform. We are also excited about the cost saving potential of applying this to our other 500 global facilities. Of our internet traffic, 20% is Office 365. Another big chunk is YouTube, which we used to block but now allow because users were watching so many work-related instructional videos.
Local internet connections through an aggregator
We had hoped that we could find ISPs for each location, even assumed that a facility manager—who already was responsible for power, water, light, heating, and physical security—would be able to find good internet providers. This was a bit too optimistic and not moving as fast as we hoped, so we found a broker to manage all those connections. It cost a little more, but our management requirements are much lower.
On the endpoint, we transitioned to whitelisting several years ago. We tried multiple traditional antivirus companies, but they just couldn’t keep up with the threats. We used to have 100 machines a month that had to be quarantined and re-imaged. Now with cloud security and whitelisting, it is one a month. We don’t have a malware or ransomware problem at all.
The number one attack vector is email, so we invested in advanced sandbox solutions for attachments and URL rewrites for links.
Getting executive buy-in for transformation takes work
On the matter of getting buy-in, I am a little bit spoiled. I have been with the company for twenty years, from executive support for PCs to servers, ERP, networks, and architecture. At some point along the way, I led our teams that designed or built most of our infrastructure. As we acquired hundreds of companies, I led the teams to integrate them into our collective whole. I have gained a lot of trust as a problem solver. This is why after we experienced a security incident, they turned to me to build a security team. When it came time to replace the CIO, they turned to me again. You have to establish that level of trust. Deliver on what you say you are going to do and the executive team will trust your direction.
The biggest challenge for me has not been executive buy-in, but it’s getting buy-in from my IT staff. When I put these big audacious goals out there, when I said get rid of appliances and move to Zscaler, I got push back. We had a 90-day deployment proposal from Zscaler. I told my staff they had 60 days and they got it done.
Advice to CxOs—What to do
You have to have pervasive visibility. If you don’t, there is no way to know what is going on your endpoints. Most endpoints are not in your walled garden anymore. Can you even tell if you have a problem?
You need to look at this as a win-win situation. I think we will all end up with a hybrid strategy. Use cloud where it makes sense. That will be different for every company. I can’t see a reason to be locked into any single cloud provider of IaaS.
IT leaders need to understand that the days of simply having IT as a competitive advantage are over. IT is just turning into a cost to do business. Even the guy that digs a ditch has a website and email. You have to figure out how to tie everything together to create greater insights on your business to get back the competitive advantage.
Advice to CxOs—What not to do
I would avoid sticking to the same vendors that you have always used, as their main goal is to preserve or grow revenue, not save you money. Look at all the upstarts. A smaller company can offer amazing technology and support and is not stuck in the old mindset.
Avoid complacency. If something is not working, you have to change. If you committed to something and realize it was a mistake, suck it up and move on. It feels like we had our heads in the sand during the boom times. The oil crash forced us to look at everything and transform how we do business. We experienced a forced wake-up call and we recognize that we still have a long journey ahead of us.