Usability Issues in Administrative Networks with 3-Layer Separation

In Kagoshima Prefecture, major system updates are carried out every six years. In the update carried out in 2015, a three-layer separation of the administrative network (My Number system, LGWAN connection system, Internet system) was introduced, and the connection to the Internet was made in an SBC (Server Based Computing) environment. became. However, every time an employee connected to the Internet outside to do research, they had to launch a virtual machine and access it via that machine. In addition, it is necessary to set limits on the number of licenses for simultaneous connections and on the connection time. Mr. Taniyama says, ``If the connection is cut off while the system is running, not only will the work history disappear, but the thinking will stop and the productivity of the work will drop significantly. I think most of the staff were stressed."

Furthermore, when downloading a file from the Internet, it was not possible to download it directly, and it was necessary to download it once on a network connected to the Internet and then move it. For these reasons, the 2021 system update was strongly required to improve the Internet environment.

Ensuring usability by lowering barriers through the use of technology

Mr. Matsushita said, ``We began full-scale studies on the new system in 2019, but we wondered if we could somehow improve the convenience of Internet connection, even though we would not change the basic structure of the three-layer separation. The introduction of a browser was on the agenda,” he recalls. That's probably why the employees were so dissatisfied. After comparing several vendors, he said, "With Menlo Security's isolation, there were no problems with the way the website looked or the layout was broken, and I was relieved in terms of performance. I was able to maintain native operability, We were able to expect a significant increase in efficiency." (Mr. Matsushita) Mr. Taniyama said that in the next system update, he thought, "Let's use technology to lower barriers and ensure usability."

"Use the cloud for things that do not interfere with the cloud"

The next question is whether to deploy the solution on-premises or as a cloud service. Although the Japanese government launched the cloud-by-default principle in 2018, many local governments are currently cautious about adopting cloud services due to concerns over security and other issues. However, Mr. Taniyama says, "We don't have a particular idea of sticking to on-premises, but we can't just move everything to the cloud. Realistically, we'll be moving forward with a hybrid. The idea is to use the cloud for things that do not pose a problem in the cloud.” Mr. Matsushita also said, ``In the case of Internet access, internal information does not go out directly, so we thought that there would be no problem if the proxy and separation infrastructure were outsourced.Menlo Security has a server in Japan. Therefore, it is in line with government policy.”

Web isolation is very popular with prefectural officials

It took five months to build the new system, and after one month of test operation (running in parallel with the old system), the migration was completed in March 2022. When migrating from the old environment, it took an unexpectedly long time to adjust the filtering rules, but Mr. Matsushita said, "This system was quite difficult, but it can't be helped." He said it was tremendous, and it seems that the hard work was worth it.

"We were able to realize a seamless operating environment by adopting isolation, and all the staff are delighted." (Mr. Taniyama) I am thinking.” (Mr. Matsushita)

How it will be done in the future

Kagoshima Prefecture's security environment will continue to change, with the transition to the next municipal information security cloud scheduled for 2023 and the need to anticipate a transition to Office 365 in the future. "The basis of security is to respond to change. If a new attack appears, we must respond to it. We will continue to innovate while keeping our antennas up and incorporating the latest technology." (Mr. Taniyama)

Menlo Security believes that it is possible to make proposals that bring many benefits even in these new environments, and will continue to actively provide information in the future.