Issues with virtual desktop operations, such as licenses, operational costs, and employee burden

For local governments that handle personal information, the issue is how to ensure security and prevent information leaks. Of course, Shimane Prefecture has also implemented measures based on its "Information Security Policy" and the resilience model presented by the Ministry of Internal Affairs and Communications to local governments.

Specifically, they have adopted virtual desktop technology to achieve a "three-layered approach" by separating the Internet system from the LGWAN (general administrative network) and the business terminal network that handles My Number. They have built and are operating the Shimane Security Cloud (SSC) as an information security cloud for the local government.

However, several issues have emerged over the course of several years of operation, says Katsumune Fujii, section chief of the Systems Operations Section of the Information Systems Promotion Division, General Affairs Department, Shimane Prefecture.

"We separated the network and used the Internet from LGWAN terminals via virtual desktops, but even just opening and saving a single file attachment to an email required a dedicated account to be entered, a virtual desktop to be launched, the file to be downloaded, the file to be uploaded to a file transfer service with a sanitization function, then logging out and logging back in from the LGWAN terminal. This cumbersome process was a burden on staff," says Fujii.

Another challenge is the cost of software licenses and terminal operation.

"With this configuration, in addition to the normal Windows terminals, you would need to purchase licenses for the virtual desktops and Microsoft Office that run on them, and you would also need to pay for Windows Updates and antivirus software," says Fujii.

Furthermore, due to budget constraints, the number of virtual desktop connections was limited, which led to situations where the limit on simultaneous connections was reached and internet connection was lost. "If such a situation were to occur during a natural disaster, it would be a major problem, and there were issues in terms of crisis management and BCP," said Fujii.

In addition, there were frequent notifications of malware infections on virtual desktops, mainly involving Emotet, and the prefecture's system administrator was busy removing and cleaning up the malware every time, so the prefecture also wanted to reduce the burden on its employees.

Shimane Prefecture
General Affairs Department, Information Systems Promotion Division
System Operations Section Chief
Mr. Katsuyuki Fujii

Shimane Prefecture
General Affairs Department, Information Systems Promotion Division
Network Management Section Chief
Mr. Yuta Ito

Choosing Menlo Security for its track record and reliability, and providing the local government cloud to municipalities

In the face of these challenges, the Ministry of Internal Affairs and Communications announced the "Standard Requirements for the Next-Generation Municipal Information Security Cloud" in 2020, which set out a policy that the standard requirements for municipal information security clouds "should, in principle, be service-based."

Given this guideline, network isolation was essential, so Shimane Prefecture decided to choose the virtual browser platform "Menlo Security Isolation Platform" (hereinafter referred to as "Menlo Security").

"The deciding factors for adopting Menlo Security were their extensive implementation track record in highly public sectors such as postal service and finance, and the generous support system that includes Macnica. Due to the nature of local governments, we cannot afford to withdraw from the system immediately after implementation, so not only the solution but also the reliability of the company was a very important requirement," said Yuta Ito, Chief of the Network Management Section, Information Systems Promotion Division, General Affairs Department, Shimane Prefecture.

Shimane Prefecture immediately decided to offer Menlo Security as an optional SSC service to municipalities within the prefecture, in addition to use within the prefectural office.

"Shimane Prefecture has many small municipalities with populations of less than 100,000, and some of these municipalities have only one IT administrator. If we were to introduce it individually, the cost would be high and it would take a lot of effort to procure and operate. We proposed that using the SSC, which is jointly operated, would be beneficial for the entire prefecture and would make it possible to harmonize security levels across the entire prefecture. We also thought that it would be advantageous for municipalities to consolidate their inquiries about optional SSC services into the SSC as a single point of contact," said Ito.

Improve security and work efficiency without hassle, and focus the saved time on providing services to citizens

Shimane Prefecture decided to introduce Menlo Security in April 2022. The prefecture also provides virtual browsers as an optional SSC service to more than half of the municipalities and organizations participating in the SSC, and currently has more than 14,000 licenses in use.

"It is a multi-tenant system in which a tenant is prepared for each city, town, and village, and maintenance and operation are carried out in accordance with each city, town, and village's policies while ensuring a security baseline. By introducing Menlo Security's virtual browser, we no longer need to operate virtual desktops or manage accounts. In addition, because users can access the Internet safely just by launching Edge as they normally would, we have been able to improve convenience without compromising security levels," said Ito.

Furthermore, the level of security has been significantly improved as malicious programs are now processed on the Menlo Security cloud side, preventing them from reaching the prefecture's internal network.

"The more components there are, the more measures are needed, and there is a risk of security holes developing there. However, with the shift to cloud services, the number of things to manage has decreased, and so naturally the number of security holes has decreased," says Fujii.

The introduction of Menlo Security has also improved work efficiency.

"In the first place, every time you access the Internet, you have to enter your ID and password, open a virtual desktop, and use the browser on that. If this series of tasks takes 30 seconds, it would take more than 10,000 hours per year for all employees, which is equivalent to tens of millions of yen in hourly wages. The fact that MenloSecurity has eliminated this series of tasks is a major benefit. Above all, we can now allocate the time we have saved to improving the most important thing: services for prefectural residents." (Mr. Ito)

Of course, not everything went smoothly. After implementing Menlo Security, some of the systems and websites that each department handled independently became inaccessible, and the department was busy dealing with the issue for a while. There were also problems with printing and some file names being garbled, but by escalating the requests to the developer via Macnica, the problem was successfully fixed.

"I thought that if only one organization was having trouble, they might say that it was just the way things were, and that would be the end of it. However, even though this was a problem that only occurred in Shimane Prefecture, they responded to our request, improved the service, and dealt with the problem. I'm very grateful, and I think Macnica 's efforts were a big help." (Fujii)

Supporting municipalities in the prefecture through SSC to encourage them to focus on their core business of providing administrative services

Even now, about two years after it began operation, Menlo Security continues to operate stably. It has also received positive feedback from municipalities that use the SSC, and the range of adoption is gradually expanding.

Shimane Prefecture plans to continue to promote the use of ICT, including the cloud, to improve administrative efficiency and provide better services to its residents. "While paying close attention to the guidelines of the Ministry of Internal Affairs and Communications, we are also considering a fundamental review of our network configuration when we next update our infrastructure," says Ito.

In that sense, he says he expects Menlo to continue to evolve further, such as by adding Japanese localization and support for web conferencing.

"I think Menlo Security is a service that can grow by incorporating user feedback, and I hope it will become a service that people will want to use for many years to come. To that end, I would like the prefecture to support local governments that are struggling with IT personnel and budgets by providing SSC. Rather than spending time, manpower, and money on system operation, updates, and security measures, I would like the prefecture to handle all of this in one place, and create a trend that will allow each employee to spend more time providing services to citizens," said Fujii.

User Profile