Shifting communication infrastructure to the cloud with the introduction of smart devices

Macnica imports semiconductors from overseas vendors and provides them along with technical support to major electrical and electronic equipment manufacturers in Japan and overseas. Security awareness within the company is high, as product development information is often shared for technical support even before it appears on the market. On the other hand, there is also a strong desire to utilize information, and systems are being used to access groupware used for internal communication from mobile phones, as well as VPN services provided by telecommunications carriers to enable secure connection to internal systems from outside the company. Ta. A new trend that has emerged is the rapid spread of smart devices. ``Emails could be accessed using conventional mobile phones, but push delivery was not possible.Also, because we do a lot of business with overseas, we did not create a system that was tailored to Japan's unique mobile phone situation, but rather a system that is based on global standards. I started to turn my attention to the use of smart devices."

Mr. Okuno, General Manager of the Information Planning Department Macnica, explained the impetus for starting the project. In order to utilize smartphones, we migrated our communication infrastructure from on-premises groupware to a cloud service that integrates email and messenger functions. In line with this, the remote access environment from outside the home has also been reconsidered. Mr. Nomura of Macnica 's Information Planning Department explains the reason as follows.
"The advantage of the cloud is that it is widely open to the Internet and can be accessed from anywhere. However, it would be problematic if anyone could access it. Therefore, we had to come up with a method that could balance the convenience of the cloud with security. ”

The telecommunications carrier's VPN service they were using at the time had limited flexibility in settings, which was another reason to review their remote access environment. By building and operating an in-house remote access environment, the aim was to create an environment in which security settings could be tailored to the actual usage conditions and quickly respond to requests from the field, such as changing settings or adding users.

Adopting certificates for low-load authentication without sacrificing cloud convenience

As a result of consideration, the method adopted was to first log in to the company's internal network using remote access, and then access cloud services via the company's network. Mr. Okuno says that when selecting a security product to use for authentication, it was essential that the mechanism for improving security not impede convenience. "It would be a problem if we needed complicated operations or special devices to ensure security. If we don't ensure security with as little effort as possible, people won't be able to use our system."

In response to these requests, Macnica, a group company, proposed Juniper Networks' SSL-VPN product "Pulse Secure MAG" and JCCH, security solution systems' certificate authority product "Private CA Gléas". It was a combination of Electronic certificates can be used to identify devices that can be accessed, ensuring higher security than authentication using only IDs and passwords. Moreover, unlike two-factor authentication that uses a USB key, etc., it does not require additional user operations. Furthermore, by combining single sign-on, there is no need to perform authentication operations again when accessing cloud services via the company network. This is a result of the mechanisms established to ensure security being taken into consideration so as not to burden users.

The endpoint security function of Pulse Secure MAG also attracted attention as a function that increases security without increasing the user's operational burden. This feature automatically checks that security applications such as antivirus software are installed and updated during remote access, allowing only PCs that meet security policies to connect to the company network.

Among the certificate authority products that issue digital certificates, we chose Gléas because it has been confirmed to work with Pulse Secure MAG, has a long track record of implementation, and can be used with cloud services. became.

Experienced the high degree of freedom that comes with in-house operation and is eager to expand its use in the future

This system also has the aspect of a BCP measure, and accounts have been issued to more than 1,200 people, or about 80% of all employees of the Group. Pulse Secure MAG has a special form of licensing called ICE license, which allows user accounts to be expanded as needed in the event of an emergency, such as a disaster or pandemic. By preparing an account in advance that may be required as a BCP measure and expanding the user account in the event of an emergency, even business people who do not usually use remote access can use the remote access environment for the necessary period of time, and work can continue. For Macnica, which has a policy of incorporating BCP measures into the requirements of all projects within the company, Mr. Okuno says that the ICE license is of great significance. "By using an ICE license, you can use remote access for daily work to work from home in the event of an emergency.

Operational rules have been established, such as restricting certificates to be installed on only one device using Gléas functions, and requiring smart devices to pass internal security tests. and convenience. Mr. Nomura also says that the new system has had great effects in terms of management and promotion of utilization. "With the remote access service we used before, it took 5 to 10 days to make a small configuration change or add a user. We were sometimes unable to respond to urgent requests from within the company. Now, we use Pulse Secure MAG. Because we operate Gléas in-house, we are able to quickly respond to internal requests.This is my first time operating a certificate authority, but the Gléas management screen is simple and easy to understand, so I was able to quickly learn. The benefits of increased flexibility far outweigh the increased burden."

Currently, it is only compatible with Windows PCs and iOS devices with smartphones, but there are many requests for support on Mac and Android. In order to promote wide and deep utilization, the company is considering creating an environment that can respond to such voices in the future. "By introducing Gléas, we were able to move our communication infrastructure to a cloud service without worrying about security. We plan to expand the scope of its use in the future. We are still at the stage of exploring possibilities, but We plan to take various measures to reduce the burden and realize smoother communication."

As Mr. Okuno concluded the interview with these words, his eyes were already set on the next step in his growth.

User Profile