Aiming for creative freedom and safety, as well as reducing operational burden

Toei Animation was founded in 1948 and has released a variety of animated works in line with the popularity of movies and the spread of television. It is a driving force behind the Japanese culture of anime and has many fans overseas.
As anime production becomes increasingly digitalized and IT is actively used at production sites, cyber risks such as information leaks have become a concern. There are many stakeholders in the production and release of anime, and information leaks, especially before the broadcast, could cause significant damage.
Toei Animation has taken measures to improve security in response to changing times and risks. Especially during the COVID-19 pandemic, creators have had to work remotely, and as remote production environments have been established, the risk of attacks targeting endpoints has become an issue. Toei Animation is therefore working to strengthen its multi-layered defenses by utilizing a variety of endpoint security tools.
However, Makoto Kamijo, Senior Manager and Head of the Systems Office of the Information Systems Department of the Business Management Headquarters, said he felt there were issues with privilege management among these measures.
"Creators use a wide variety of IT tools, both commercial and freeware, to produce anime. There are many excellent tools and add-ons available around the world, and we think it's important to be able to freely use the software you like to create the anime you want to create. However, some of the software available on the Internet is fake, containing malware or attack code. We were concerned about how to control the installation of these tools," says Kamijo.
The simplest countermeasure is to revoke employees' permission to install software and have everything managed by the information systems department. Safety can be maintained by only allowing system administrators to install software that has been confirmed to be safe. Toei Animation also adopted this method at first. However, the operational burden became too heavy, and it ended up causing inconvenience to creators.
"Depending on the anime production project, we have been entrusted with taking care of as many as 100 PCs and installing new tools one by one. When necessary, we sometimes go to the creator's desk to carry out the installation, but some software takes more than an hour to install. We had to wait that long just to enter the administrator password several times," says Yamashita Kosuke, Chief Manager of the Technology Development Promotion Office, Production Department, Production Headquarters, and Manager of the System Technology Section, and Chief Manager of the Systems Office, Information Systems Department, Business Management Headquarters.
Oizumi Studio has 500 creators working there, with over 1,000 PCs and 250 rendering servers in use, and the Nakano office headquarters has around 300 staff working in the planning, sales and management departments. With all this software installation having to be done manually, it had become unrealistic for support staff to go around entering passwords.

CyberArk EPM for flexible and secure control of endpoint privileges

Toei Animation, which had these concerns, turned its attention to CyberArk EPM (Endpoint Privilege Manager). It allows detailed control of endpoint privileges and allows employees to be delegated the installation of software whose safety has been confirmed by the Information Systems Department. "It was a tool that perfectly matched our needs in expanding our multi-layered defense," says Yamashita, looking back on the time of the selection.
Yamashita also cited multi-platform support as one of the reasons for selecting CyberArk EPM. Windows PCs are mainly used at Toei Animation's production sites, but some sites require macOS depending on production requirements. There were several tools that offered functions similar to EPM, but CyberArk EPM was the only one that was compatible with a wide range of platforms, including Windows, macOS, and Linux.
Toei Animation is already using EDR, but Takamura Nobuto, head of the Security Office in the Information Systems Department of the Business Management Headquarters, had this to say about competition and coexistence with EPM:
"In the first place, EDR was introduced because we felt there was a lack of information on the Endpoint Protection Platform (EPP) for malware prevention, and we wanted to know the whole picture of the endpoint environment. For that reason, we don't think that its functions compete with EPM, which focuses on privilege control. It is sometimes compared to PAM (Privileged Access Management) in terms of privileges, but EPP, EDR, EPM, and PAM all focus on different points, and we believe that they are security measures that need to be strengthened in a multi-layered manner," says Takamura.
Prior to the full-scale implementation of CyberArk EPM, Toei Animation carried out a PoC with support from Macnica. Thanks to technical advice backed by Macnica 's extensive experience, the company was able to resolve operational concerns and move forward with policy formulation. "Macnica 's speedy and accurate responses were helpful. Macnica also held regular meetings with manufacturers and integrators, providing us with thorough support to ensure that we were able to make appropriate use of CyberArk EPM," said Kamijo.

Safely delegate installation tasks to employees and greatly reduce operational burden

Toei Animation has installed the CyberArk EPM agent on 250 rendering servers and is managing them. The company is gradually installing the agent on individual PCs, with the goal of completing the installation by 2024.
Software requested by employees is inspected for safety by the security office and then registered in CyberArk EPM. Employees can then install the software themselves. The system office checks the software installation status on the CyberArk EPM dashboard, and can also check the uninstallation status.
"For now, I'm managing only the servers myself, and I feel that the operational management burden has been greatly reduced. CyberArk EPM has seen improvements to the UI even during the PoC, and an AI suggestion function has been added, so the advantages that are unique to cloud services are noticeable. The management screen is easy to use, and the search function that can find devices where software is installed by name is particularly useful. I think it will be useful for making vulnerability countermeasures and incident response more efficient." (Yamashita)
Regarding future prospects, Security Office Manager Takamura said, "If we perform correlation analysis between CyberArk EPM logs and logs from other security tools such as EDR, we may be able to speed up incident tracking and confirmation. We are also considering introducing CyberArk PAM, so we would like to strengthen privilege management on both servers and endpoints and strive to improve safety." Because CyberArk EPM/PAM logs are also useful as evidence information, they would like to consider ways to utilize them as part of strengthening security.
Privilege management is one area of security management that requires constant vigilance. Toei Animation has used CyberArk EPM to resolve the issue of endpoint privilege management, building an environment that does not compromise creators' freedom, increases safety, and reduces the burden on the IT department. With a safe and comfortable production environment in place, they will be able to bring even more fascinating anime to the world.

Customer story 1st page sample