Cisco technology improves network reliability and performance at USGA golf championships
USGA is the top governing entity for golf in the United States. USGA's primary mission is to advance golf for a better future, offering a level playing field and showcasing the best players worldwide.
Industry: Sports, media, and entertainment
Location: New Jersey, United States
Size: 325 employees
Website: usga.org
As the top governing body for golf in the United States, the United States Golf Association’s (USGA) primary mission is to advance the game while celebrating and preserving its rich history. Anthony Santora, managing director of IT at the USGA, comments, "We are focused on conducting exceptional championships, making golf more environmentally and economically friendly, while delivering best-in-class fan experience."
Annually, the USGA organizes 19 championships at locations across the U.S. and abroad. These championships depend on a reliable IT infrastructure. "It goes much further than just the connectivity of the end devices. The televisions, cash registers, supplemental cellular services, security cameras, the gates—everything runs on our IT infrastructure. At the 2023 U.S. Open, it supported 900 digital displays showing leaderboards as well as promotional content throughout the course."
Availability, reliability, speed, and timeliness of the infrastructure are critical at these world-class golf events. "We rely on technology to create better experiences at events," Santora explains. "And when everyone is anticipating the first ball to be teed off competitively, the last thing I need is network-related issues to become a topic of conversation. Our networks should always be available and work transparently."
Santora continues, "At these championships, we are susceptible to cyberattacks and availability issues resulting in data loss, productivity loss, financial loss, and reputational damage, which could drastically impact our core mission. To mitigate these risks, we trust Cisco technology."
Cisco is among the USGA's small pool of select partners. In addition to networking hardware and wireless access points, the USGA uses Cisco Secure Firewall, Cisco AnyConnect, and Cisco Duo to secure both its corporate and championship sites, indoor and outdoor.
On championship days, when the network runs at full capacity, the USGA's IT team has to deal with thousands of untrusted devices. "Segmenting each fan from everyone else is super critical for us. We must prevent malicious actors from entering other areas of the network or impacting other fans at the venue," Santora explains. "Again, besides fans, we could have more than 50 vendors onsite connecting to the network at the championships. We have no visibility into the security posture of their devices."
Speed and performance are also critical. "At the U.S. Open championship alone, there are more than 30,000 people walking through the entry gates. These fans pay a premium ticket price and expect a seamless experience," Santora remarks. "There are nearly 150,000 scans daily as the fans walk through multiple gates. Those scans must happen in rapid fire. Sometimes, fans show up in groups, and multiple people have to be scanned instantly to ensure a premium experience. The network must be available and scan fast enough even when those gates are in remote locations."
At the golf courses, the physical network is open. "There's no conduit, and the cables are susceptible to golf carts running over them," says Santora. "Often times the cable is right on the ropes where people are standing. A switch may have to be placed outdoors underneath the grandstand in an enclosure. Open wiring and switches are vulnerable to someone mistakenly causing damage. Hence, redundancy is key, and visibility into that network is key."
“Cisco helps us achieve the timeliness, availability, and reliability we need at our world-class golf events and brings it all together in a single pane of glass. Being a small organization, it helps us be more efficient with our spending and to focus on our primary mission of advancing golf.”
Anthony Santora, Managing Director of IT
Previously, the USGA tried a mix of different security technologies. "We leverage VPN for IP whitelisting," says Santora. "Before Cisco, the VPN and firewall from our legacy vendor worked with minimal interruption throughout the year. But roughly one week before the championships, when there's an onrush as everyone tries to access the network, our legacy firewalls would invariably crash."
Santora points out that patching at the last minute isn't viable. "Instead," he says, "We decided to replace the legacy products with Cisco Secure Firewall. It's been six to seven years now with Cisco Secure Firewall and we have not seen an issue."
"At the championships, we deploy the same quality of solutions we have at our fixed locations," says Santora. "We enable intrusion protection system (IPS) and intrusion detection system (IDS) features of Cisco Secure firewalls and threat intelligence from Talos."
With thousands of untrusted devices, segmentation is critical for the USGA, and so is visibility into the network. At the championships, the guest networks are completely isolated. "During the U.S. Open on a given day, there are around 12,000 unique connections to public Wi-Fi and 22,000 connections overall to the network. We move roughly 13 terabytes of data for the fans alone," Santora remarks. "For us, it's absolutely critical to leverage the segmentation and isolation capabilities of Cisco Secure Firewall. From a fan perspective, we use Layer 2 wireless isolation in our Wi-Fi networks."
Santora's team uses Cisco Umbrella DNS and Cisco AnyConnect with Duo to secure the staff network at the championships. “We use Umbrella DNS to ensure we remain secure with the websites our staff visit and to have visibility into any adversary-in-the-middle type of attacks,” Santora explains. “We use Cisco AnyConnect and Duo to ensure that when our championship employees and staff are away on the road, they connect to our wireless access point through an encrypted tunnel, leveraging both Cisco Secure Firewall and multifactor authentication (MFA) with Duo.”
“The IT team is considering adding the full Umbrella suite and solutions around Cisco XDR (Extended Detection and Response)," Santora says, "We are excited about Cisco XDR in seeing what Cisco is doing in that area."
With Cisco, the USGA can achieve outcomes from both business and security perspectives. "Cisco technology is an enabler for us," Santora remarks, "The last thing we want is to police nearly 30,000 devices at our championships. The key benefit of Cisco Secure Firewalls is isolation and segmentation. We can allow fans to do what they want without impacting anyone else. This contributes to a superior fan experience. If you can't see anyone else, you can't harm anyone. In that sense, isolation gives us more or less zero trust."
In addition, Santora remarks, "The IPS and IDS capabilities of Cisco Secure Firewall stand out. They have so much more horsepower and deliver exactly what we need for high volumes of connections."
Availability, speed, and timeliness are integral to the security outcomes the USGA achieved with Cisco products. "Time is critical for our photographers and videographers. You can't post to social media an hour after the event if a major thing happened there on the course," Santora explains. "The photographers individually transfer terabytes of data daily, going right onto the Wi-Fi dedicated to them, uploading their files to the cloud with no issues. Their content gets uploaded in real-time. That's a very high level of SLA with Cisco networks."
Cisco provides the USGA with a reliable and secure foundation for innovation. Santora says, "Besides showing scoring data, fans can use our mobile USGA app as a navigation tool with wayfinding features. Wayfinding helps fans navigate the course to get to that hole or reach their favorite player. If we didn't have that underlying network, we couldn't develop and implement these ideas."
A reliable infrastructure at their corporate and championship locations is a big assurance for the USGA. "During our regular penetration testing, the tester couldn't find a single port to break into the facility, data center, or internal networks. That's attributed to the RADIUS authentication we use with Cisco products. Your device will not work unless it's a USGA-issued device. This gives us such assurance," says Santora.
With Cisco, the USGA can now focus on advancing golf without spending hours fixing network issues. "Earlier, we had many VPN-related support requests just before the championships. That has now stopped. It reduced stress for my staff, but more importantly, they can now focus on our core deliverables," Santora remarks. "After adopting Cisco security solutions, our daily vulnerability scans rarely detect common vulnerabilities and exposures (CVEs). Now we spend less time patching stuff, which is a significant ROI with using Cisco."
At the championships, Cisco enables fully redundant networks offering more visibility. Santora says, "If something goes down, we receive notifications immediately to repair things quite quickly while maintaining service continuity through a different path. That's another significant business outcome."
Santora concludes, "Cisco helps us achieve the timeliness, availability, and reliability we need at our world-class golf events and brings it all together in a single pane of glass. Being a small organization, it helps us be more efficient with our spending and focus on our primary mission of advancing golf."