Executive Summary

Task

As Japan's labor market undergoes rapid changes, the Persol Group is working to realize diverse ways of working under the corporate message of "Work and Smile." The group's mission is to create organizations and societies around the world where all "work" leads to smiles, regardless of gender, age, nationality, or any other restrictions.

The Persol Group continues to expand its business. There are 136 group companies in Japan and overseas, 492 domestic and 188 overseas bases, and approximately 50,000 employees. Within this entire group, the Group IT Headquarters of PERSOL HOLDINGS CO., LTD. is responsible for domestic IT infrastructure management. Among them, the User Infrastructure Office is in charge of managing the PC terminals used by end users and the network of bases.

Among them, one of the issues was the operation and management of the closed network. First of all, the laying and modification of the network itself was a heavy burden. In addition, the network bandwidth and control of the activity base varies greatly, and in recent years, the capacity of distributed software for PCs has increased, so the five people in charge were frequently busy with troubleshooting. Mr. Yasutaka Iida, General Manager, User Infrastructure Section, Infrastructure Department 2, Group IT Headquarters, said as follows. “Operational management of closed networks is labor-intensive, and network configuration in which all communications are centralized in a data center is an issue. As the working population continues to decline due to the declining birthrate, there are people who have stopped relying on manual operation management. I thought it would be good.

That's where the Zero Trust Architecture (ZTA) came from. We decided to aim to build a secure network that can respond flexibly to the growth of the group while eliminating the concept of internal and external.”

introduction

The first thing the User Infrastructure Office started was the realization of quarantine as a secure system connection. In addition to this, a remote work environment expansion project was also underway, assuming company-wide telework at the time of the Tokyo Olympics. Until then, the VPN environment provided had 600 simultaneous connections and was shared by 7,000 target end users, so it was not well received due to its lack of performance and ease of use.

Initially, we were considering introducing products for quarantine and VPN respectively. However, it turned out that "Pulse Connect Secure" provided by Pulse PulseSecureJapan can realize quarantine and VPN at the same time. “If you can consolidate management, that's the best,” says Mr. Iida. "If quarantine and VPN can be realized in one product, it will directly lead to simplification of management. There is no other product with the same design concept. All we had was Pulse Connect Secure.”

Supplementing Mr. Iida, Mr. Kazutoshi Murata, User Infrastructure Section, Infrastructure Department 2, Group IT Headquarters, said the following. “We conducted PoC (proof of concept) for all candidate products, but Pulse Connect Secure was stable. I appreciated the ability to connect to the internal network after taking countermeasures.”

In the same group, the roles and responsibilities of each employee were clarified, and it was very important to manage which terminals were accessed from where and by whom. With the policy setting of , it became possible to thoroughly manage the use of PC terminals. In addition, since communication between the center system and branch offices is encrypted with SSL, it is safe, and since the IP address of each terminal is fixed for a certain period of time, the access range (server, data, etc.) for each PC terminal is limited. was also able to be restricted.

While we were planning to implement both the quarantine function and VPN, a state of emergency was declared due to the new coronavirus. In order to quickly respond to company-wide telework, we decided to expand the VPN function to 10,000 simultaneous connections (initial assumption of 5,000 people) and release it ahead of schedule. At the end of April, we switched from the existing VPN and started providing VPN to thousands of PCs in the Kanto region.

effect

The expansion of VPN with Pulse Connect Secure was welcomed by end-users in a way that was unheard of for network infrastructure. Asa Shiokoshi, User Infrastructure Section, Infrastructure Department 2, Group IT Headquarters, speaks of gratitude from end users for VPN usage. "Normally, we don't get any comments about infrastructure provision, but in this project, we received direct feedback saying, 'The new VPN is easy to connect, and it's stress-free.'"

A quarantine feature will also be available in September 2020. This is STEP 1 to realize ZTA. In STEP 2, we will adopt cloud proxy and IDaaS, use SaaS such as Microsoft 365 without going through the internal network, move phones, printers, faxes, etc. to the cloud in STEP 3, and abolish closed networks in STEP 4. The current blueprint is to complete these by 2023. Mr. Iida talks about the effect of introducing Pulse Connect Secure as follows. “We are envisioning ZTA to identify user attributes and logged-in devices to authenticate and authorize system usage, and with this introduction, we have taken the first step. In the future, I believe that we will be ready for the realization of ZTA only after eliminating closed networks and making each base an Internet breakout. Pulse Secure also has the idea, and in that sense, I have great expectations for their future development.”

The group has a program called "Persol Award", and this ZTA concept won the selection within the Group IT Headquarters and PERSOL HOLDINGS CO., LTD., and was also evaluated in the selection within the business unit. Despite being in his third year as a new graduate, Mr. Shiokoshi's message, "Don't take infrastructure for granted," has garnered strong sympathy.