“Enterprise Threat Protector enabled us to protect thousands of devices from cyberattacks with almost zero time and effort spent on implementation.”Kousei Murano, Senior Manager, Digitalization Promotion Department
Supporting Business Strategy Through Digitalization
“Play fashion!” describes the mission of Adastria, a chain of casual fashion specialty stores with approximately 1,400 locations and more than 30 brands. The company’s Digitalization Promotion Department is responsible for a wide range of initiatives, including developing IT infrastructure to support the company’s value chain, improving customer experience and customer service in its online stores, and product manufacturing. The team is also responsible for developing IT systems and information security to help the company transform its working practices while ensuring information security.
“Our charter is to support our business strategy and our employees through digital technology,” says Yuya Sakurai, Head of the Digitalization Promotion Department. “As we form and execute our 2025 growth strategy, it is important to expand our product categories in order to reach a wider range of customers. To support these initiatives, we will use digitalization to improve and transform customer service, and to make our employees’ working environments and working styles more comfortable, better enabling them to reach their full potential.”
Protecting All Employees from Cyberattacks
While digital transformation can improve customer and employee experiences, it can also increase the risk of security breaches. “Our most difficult challenge was how to protect customer data from increasingly sophisticated cyberattacks. Many employees throughout our 1,400 stores have full access to the internet from the devices they use as part of their jobs. In such an environment, it’s essential to implement the appropriate mechanisms to protect the organization against cyberthreats.”
While improving computer literacy would help reduce this risk, it requires time-consuming security training. This is especially challenging because many stores have high turnover rates for part-time employees. So, instead of security training, Adastria needed systems that would proactively protect employees.
Adastria stores are each equipped with one PC, and handheld devices and tablets are used on the shop floors. Internet traffic from these in-store devices is backhauled to headquarters where security controls are applied, but each store also has a local internet breakout that allows for direct access to the internet. In-store PCs and handheld devices had restricted internet access using an allowed list of websites. Conversely, tablets in stores and PCs at headquarters had no restrictions because they need access to a wide variety of websites to check on fashion trends.
“This unrestricted access had the potential to cause a security breach — an employee clicking on a link in a phishing email or accidentally visiting a compromised website and infecting the device with malware,” says Kousei Murano, Senior Manager of the Digitalization Promotion Department.
While all of Adastria’s corporate devices, in stores and headquarters, had endpoint antivirus software installed, the company wanted more protection. “Some threats cannot be detected by antivirus software alone. We were concerned that if a device had already been compromised, there was a risk that our systems could have been infiltrated through lateral movement without us being aware,” explains Murano.
To dispel these concerns, Adastria chose Akamai’s cloud-based secure web gateway, Enterprise Threat Protector (ETP), as a solution to simply and proactively protect all employees from threats.
Devices in All Locations Protected in 20 Minutes
“When Akamai first demonstrated Enterprise Threat Protector to me, I immediately realized how great a solution it would be to help us improve our security posture,” states Murano. This led Adastria to launch a proof of concept (PoC) to evaluate the secure web gateway. The PoC ran for about a month and revealed a variety of potential threats that the retailer’s antivirus software had not been able to detect. As a result, the company implemented Enterprise Threat Protector (ETP) in December 2019 and has been using it effectively ever since.
“At the start of the PoC, we simply configured our DNS servers to send all DNS requests to Enterprise Threat Protector. Then, to switch from the PoC to full deployment, we simply switched the threat detection behavior setting from ‘Alert’ to ‘Block.’ This meant that we were able to protect all our devices with about 20 minutes of work,” says Murano.
“With this single action, Enterprise Threat Protector immediately secured all of our company devices — including those outside of HQ in our stores. It blocked access to malicious websites, targeted phishing attacks, and data exfiltration. On top of that, we could also protect local breakout communications. Enterprise Threat Protector is a perfect-fit security solution for us.”
Enterprise Threat Protector Will Be Used in Future Digital Transformation Initiatives
Once the company started using Akamai’s secure web gateway, malicious communications between company devices and the internet that could have led to serious security incidents, such as a ransomware infection, were proactively and automatically blocked.
“Enterprise Threat Protector enabled us to secure thousands of devices from cyberattacks with almost zero time and effort spent on implementation. And since it allows us to see potential internal threats, the fear of undetected breaches or compromise has been alleviated. As a result, we no longer need to dedicate so many resources toward improving employees’ computer literacy, as even if an employee were to fall for a targeted phishing email, it would not lead to a significant security incident,” says Murano.
Kazuyoshi Umeda, Director of the Digitalization Promotion Department, also speaks highly of these results, saying: “There are so many benefits delivered by implementing Enterprise Threat Protector that I feel it provides significant return on investment.”
He concludes by stating: “Due to the impact of COVID-19, going forward, we need to better support our employees to work from anywhere. To do this, we need to take a cloud-first approach in developing our business systems. In addition, we also plan to streamline our value chain using IoT. In order to drive these initiatives, we will need to enhance the security of the connection points between our internal network and our cloud services and IoT devices. I am confident that Akamai Enterprise Threat Protector can also be put to good use here.”
Adastria is a chain of casual fashion specialty stores mainly based around casual clothing and general goods, with more than 30 brands and approximately 1,400 stores in Japan and overseas. Since 2010, Adastria has been shifting to an SPA business model with an integrated value chain from product planning to manufacturing and retail. The company aims to become a global fashion SPA company through leveraging the strengths of its integrated manufacturing and sales setup, as well as its multiple brands. With its mission of “Play fashion!” the company offers and provides options to make each and every customer’s life “more fun” through fashion.