Operates Caps Clinic, which operates under the basic policy of "open 365 days a year, providing medical care until late at night."

The CAPS Group is a self-medication provider formed by Medical Corporation Nize and CAPS Co., Ltd., and is engaged in a wide range of businesses, including clinic chain management, data fitness, health management support, and health education.

CAPS Clinic, which plays a central role in the company, operates under the basic policy of being "open 365 days a year, until late at night" to accommodate the diversifying lifestyles of the child-rearing generation, and also provides vaccinations and health checkups on weekends and holidays. It enables smooth consultations through online reservations and online interviews, and uses cloud-integrated electronic medical records to provide medical care based on medical history at each clinic. Toshinori Takano, IT Service Group Manager at CAPS Corporation, explains the company's unique feature as "We have developed our own electronic medical records since the company was founded." Since its founding in 2012, the company has used IT (Clinic Information System) to provide efficient medical operations linked to electronic medical records and high-quality primary care.

The driving force behind the company's use of IT since its founding has been the Systems Department, to which Takano belongs. This department is responsible for a wide range of tasks, from the development, operation and maintenance of electronic medical records and peripheral systems, to the planning, implementation and operation of corporate IT.

The IT Services Group of the Systems Department is responsible for supporting the IT infrastructure of the entire group. Junichi Nakajima of the IT Services Group of the Systems Department at the company says, "My job is mainly network-related, and I support the IT infrastructure of the entire group."

The CAPS Group urgently needed to ensure safe web access. Conventional network security measures included the "URL filtering" feature of antivirus software, but it was difficult to implement a mechanism for controlling external to internal communications via VPN on an application-by-application basis, or for detailed control on an individual basis (such as administrator or user) or on an organization or department basis.

Issues of "visualization of communication" and "stabilization" that become apparent in clinic networks

According to Nakajima, there were two major issues with the clinic's network. The first was "visualization of communications." Because there was no system in place to distinguish whether communications were work-related or malware-related, the content of communications could not be visualized. This made it difficult to identify the cause of problems and take prompt action when they occurred.

In particular, remote work has been encouraged, and staff have been increasingly accessing systems within bases via VPN. In the current situation where cyber attacks targeting VPN vulnerabilities are on the rise, not being able to visualize staff communications has been a major issue, increasing the risk of malware infection and making it difficult to respond quickly.

The second was "stabilizing communications." The group's business system is built on the cloud, and if a communication failure occurred from each site to the cloud when expanding operations, it could develop into a major problem, such as the loss of important information. For this reason, it was urgent to stabilize communications from each clinic to the cloud-based system.

Furthermore, in the conventional network environment, when equipment failure or communication interruption occurred, it was difficult to flexibly change the communication path according to the line quality. Against this background, the group was working on improving the network environment as a pressing issue.

Considering the introduction of SASE to achieve "zero trust" to solve these issues

In addition to the two major challenges of visualization and stabilization of communications, additional security measures were also required. In recent years, cyber attacks targeting medical institutions have become more serious. Threats such as ransomware attacks have become part of the daily news. Nakajima says, "The management team is also aware of the dangers of cyber attacks and felt a strong need for countermeasures." The company operates more than 30 clinics and is expected to continue to expand, so cybersecurity measures are also an urgent issue. In particular, with the spread of remote work, strengthening security in remote environments has become an urgent issue. "We have ensured network security, but we needed to further strengthen it," says Nakajima.

To address these issues, the group considered introducing Secure Access Service Edge (SASE) as a solution that could comprehensively improve network visualization, communication stability, and enhanced network security.

After much consideration, the company chose "HPE Aruba Networking Unified SASE." This solution consists of two elements: "EdgeConnect SD-WAN" and "HPE Aruba Networking SSE."

EdgeConnect SD-WAN is equipped with advanced security features such as a next-generation firewall, improves network performance through WAN optimization, and provides visibility across the entire network for quick response when problems occur.

On the other hand, HPE Aruba Networking SSE provides functions such as ZTNA (Zero Trust Network Access) that realizes strict access control based on zero trust, SWG (Secure Web Gateway) that ensures safe access to the Internet, and CA SB (Cloud Access Security Broker) that manages safe access to SaaS. This allows employees to work in a safe environment and allows companies to significantly reduce the risk of data leakage.

By introducing SASE, CAPS Group is expected to achieve three major goals: strengthening security, visualizing the network, and stabilizing communications. In particular, the realization of strict access control based on the concept of zero trust is an essential element in protecting companies from the threat of modern cyber attacks.

Nakajima said, "We had the introduction of SASE in mind from the early stages," and is convinced that SASE is the optimal solution for improving the company's network environment.

Five key factors that led to the adoption of HPE Aruba Networking Unified SASE

When selecting a solution, the company compared and considered multiple solutions, including competing solutions, and after conducting PoC verification of the two final products, it decided to introduce HPE Aruba Networking Unified SASE. The reasons for this selection were the following five points:

1. Detailed visibility into communications with HPE Aruba Networking Unified SASE

HPE Aruba Networking Unified SASE visualizes detailed communications at the packet level, enabling early detection of abnormal traffic that was difficult to detect with conventional security measures. For example, it helps to quickly detect abnormal communication patterns caused by malware infections and signs of internal information leaks, helping to prevent security incidents from occurring. "The key point for us was that it could visualize in much greater detail than the products we considered," said Nakajima.

② Stability of communication

HPE Aruba Networking Unified SASE uses advanced technologies such as circuit bonding and BIO (Business Intent Overlay) to build a highly reliable network that achieves extremely high availability.

"Even if a failure of equipment or cables occurs that causes a communication interruption, with other products it takes several seconds, even tens of seconds, to restore. However, HPE Aruba Networking Unified SASE switches communications in real time, monitors the communication status, and adjusts the amount of traffic in real time, making it possible to use higher quality lines. The high level of control flexibility was the deciding factor," said Nakajima.

3) Abolish VPN devices and strengthen communication control

The ZTNA function of HPE Aruba Networking Unified SASE enables detailed communication control for each user, device, destination, and application. In addition, since the connection is by outbound communication, it is possible to build a network that does not require a VPN connection. In a conventional network, when remote work employees access the company system, it was necessary to issue a VPN account and operate two VPN devices to separate the communication range between general employees and system administrators.

By introducing the ZTNA function of this solution, flexible and detailed communication control becomes possible without being bound by the traditional two-fold policy of "general employees" and "administrators." Furthermore, by eliminating VPN devices, the costs of purchasing, installing, and managing the equipment are reduced, reducing the burden on the IT department. "It was a big advantage to be able to eliminate the two VPN devices that we had been operating, one for administrators and one for general users," said Nakajima.

Realizing the benefits of "visualizing communications" and "reducing operational burden"

Caps Clinic will begin using HPE Aruba Networking Unified SASE at one site in November 2024, and is planning to expand to other sites by September 2025. One of the concrete benefits of the introduction is "visualization of communications." Nakajima said, "At the sites where the system has been introduced, we can easily check the communication content through the console screen and grasp the situation in real time. We have really felt the effect of this visualization." In addition, "reduced operational load" is also a major benefit. "The settings are templated, and the more sites there are, the more convenient it becomes. As a result, we expect to reduce the effort of setting up and operational costs," Nakajima said. Furthermore, he predicted that as the number of sites increases, "we will be able to improve the communication quality and safety of the entire network."

Efforts are also underway to adapt the system to remote work environments. "We are currently in the process of decommissioning our VPN equipment and switching over to a new environment," Nakajima adds.

Nakajima points out that the "understanding of management" played a major role in the rapid implementation of SASE. "Management felt a strong sense of crisis about the current situation, where cyber attacks targeting the medical industry are on the rise. This awareness was a driving force behind the implementation process. As a result, we were able to complete the project in just six months, from proposing it to management to implementation."

As the number of clinic locations expands, communication visualization, stability, and reduced operational load will become even more important in the future. The goal is to increase from the current 30+ locations to 50 locations by 2030, and the introduction of HPE-Aruba Networking, which includes not only HPE SASE but also switches and wireless APs as an all-in-one package, is expected to greatly contribute to operational efficiency as the clinic expands.