We look to adopt the latest technologies from companies that have a global service platform, like Akamai. We believe Akamai provides great [technical] support and response [times], and is a partner we can rely on.Kenta Nakamura, CISSP, System Risk Management Department, au Kabucom
From Perimeter-Based Security to a Zero Trust Model
au Kabucom provides online brokerage services to more than 1.1 million customers across Japan. In recent years, the company’s System Risk Management Department has been particularly focused on Zero Trust security, an approach in which all communications are validated, and access is strictly controlled for every user and device, regardless of whether they are inside or outside the network. This move to Zero Trust is driven by the need for secure and easy access to internal applications for remote workers, an increase in cloud services, and new sophisticated attacks testing the limits of perimeter-based security.
In regard to remote application access, Yoichi Ishikawa, Head of the System Risk Management Department, explains, “Today, the definition of ‘workspace’ extends beyond just ‘the office’ to include spaces like our homes and coworking sites. In these times, we believe that a Zero Trust security environment is necessary for people to be able to work safely anywhere, anytime, and in the same sort of environment as if they were in the office. Security is a key focus, but we also need to take into account the ease of remote access while still ensuring integrated identity management.”
“Cyberattacks are becoming more diverse and sophisticated, and we are facing the limits of perimeter defense,” says Koju Ito, a specialist in the System Risk Management Department. “We are also using a variety of cloud services to improve our efficiency, so we feel we need to manage and protect each and every one of our devices very closely.”
Enterprise Application Access Solves VPN-Related Issues
One question that arose during the move to a Zero Trust architecture was how to securely allow remote access to endpoints from outside of the office. The existing method was to use a VPN, but Ito states, “VPN appliances need constant maintenance. Any failure in this area could lead to threats entering the system if a vulnerability was exposed. And there are a number of other challenges as well: redundant management for both the VPN and Active Directory, complicated access procedures when accessing SaaS, overloading the bandwidth, firewall hardware loads, delays, and so on.”
While searching for a better solution to these VPN challenges as part of its move to a cloud-first approach, au Kabucom discovered Akamai’s Enterprise Application Access (EAA). “Since it was deployed, we’ve used EAA in conjunction with identity as a service (IDaaS) to efficiently connect to, and control access to, internal resources and public clouds,” explains Ito. “With this setup, we don’t need to run the VPN equipment that was causing issues.”
“And because the service infrastructure is also provided by Akamai, we can eliminate any delays associated with security measures. In the case of cloud access, EAA can eliminate inefficient procedures and traffic flows associated with one-time client VPN access. This also saves bandwidth and reduces the required investment in hardware. We consider EAA to be a complementary solution that ensures safety for the types of connections which have not yet been inspected or tested for Zero Trust.”
Enterprise Threat Protector Immediately Detects Malware and Reduces Operational Burden
Migration toward a Zero Trust architecture not only involves secure access, but also threat protection. In addition to improving its remote access, au Kabucom evaluated its existing approach to detecting and blocking malware and decided to deploy Akamai’s Enterprise Threat Protector (ETP) service to improve its security posture. ETP is a cloud-based secure web gateway that uses DNS as a proactive security control point.
“Blocking the ever-growing number of threat domains with our own firewall is impossible in terms of capacity. We knew that some attackers steal information using DNS, so the thought that we might be opening ourselves up to unseen threats that could lead to data leaks was a real concern. Since adopting ETP, we haven’t had to worry about this, as Akamai’s threat intelligence data is constantly being updated in the cloud. ETP helps us immediately identify and block new threats that could affect our company, while significantly reducing our operational burden,” says Kenta Nakamura of the System Risk Management Department.
Nakamura reports that Enterprise Threat Protector defends against a higher number of threats as compared to the web-threat solutions of other companies. Looking to the future, au Kabucom expects that Enterprise Threat Protector will provide security for mobile devices that connect directly to the internet to use cloud services. The product offers threat intelligence–based protection for mobile devices through client software.
au Kabucom is confident that it will be able to create a secure environment that provides users access to an internet that’s safe from the latest threats. In addition to Akamai tools, the firm plans to proactively adopt additional more advanced solutions in order to simultaneously improve its defense capabilities and competitive edge.
About au Kabucom
The company develops services that “pursue risk management” and maximize the use of systems built in-house. They offer a proprietary trading tool, kabuSTATION®, which features a wide range of free and discounted plans aimed at frequent traders, and offers automated trading features such as stop-loss orders. They also distribute unique information like real-time stock price predictions, in addition to a wealth of order functions, such as two-way orders. Customer support center operators offer support over the phone for clients who are not accustomed to using computers or the internet. Interactive voice response (IVR) services that allow customers to make transactions and inquire about stock prices are also offered. au Kabucom is a core online financial services company of Mitsubishi UFJ Financial Group (MUFG) and has developed various services in cooperation with other Group companies.