UCC Executive Officer CISO talks about cost-effectiveness of building zero trust security
The UCC Group, which had been aiming to realize a work style that is time- and place-agnostic even before the Korona-ka, is working on structural reforms centered on the digital workplace. As part of this, the network and security environment have been renewed to a zero trust model. It is said that it produces various effects.
In this article, UCC Holdings Co., Ltd. Executive Officer CISO Toshio Kurosawa spoke at the webinar "Zero Trust Security Realized by UCC ~ What is the Security Decided to Promote DX ~" held on July 19, 2021. Introducing the effects of building Zero Trust Security.
Breaking away from networks that do not support the realization of work style reforms
The UCC Group's previous network was premised on on-premises, and except for some core systems and video conference systems, it was operated on-premises including groupware, and the security measures were also the conventional boundary defense model. Also, since the exit to the Internet was limited to the internal gateway, for example, in order to participate in a video conference from outside the company, it is necessary to access the internal network via VPN and connect to the video conference system from the internal gateway. It was a very time-consuming situation.
Judging that work style reforms utilizing digital workplaces cannot be realized in such a network environment, the UCC Group began considering the realization of work styles that are not tied to time or place in October 2019, before the Korona-ka. Then, in February 2020, we started a project to renew the entire IT infrastructure.
From perimeter defense security to zero trust security
The UCC Group completed the renewal of the entire ICT infrastructure in just half a year from April 2020 to September 2020. With the introduction of "Microsoft 365" as groupware, all but some core systems have been moved to the cloud, and the security environment has been renewed from perimeter defense type security to zero trust security. For connection to cloud services, we have introduced "Zscaler ™ ️ Internet Access" from inside the company and "Zscaler ™ ️ Private Access" from outside the company to create an environment where you can break out of the Internet while ensuring security. In addition, we have introduced "Cybe reason" for PCs and "Zimperium" for mobile terminals as EDRs to implement security measures against unknown threats.
Effect of zero trust security construction
The entire project cost an initial cost of 100 million units. Of that, 30% is the penalty for canceling the previous IT infrastructure in the middle. Since the contract period expired five years later, I couldn't wait until then, so I proceeded with the project even if I paid a penalty. However, the effect of completing the project up to that point was great.
Operating costs
Moved to the cloud, leaving only one day center, which used to be four for each purpose. As a result, we were able to significantly reduce the monthly costs of server costs, maintenance, and daily operations.
Operational load
The introduction of EDR has also reduced the number of security incidents. Previously, there were one or two cases a month, but from October 2020 to the beginning of July 2021 after the renewal, there will be one case. October 2020 of the renewal was a time when Emotet was rampant, but it can be said that EDR was effective because there were few incidents at that time as well.
Improvement of telework environment
Introduced an LTE compatible PC with "Cybe reason" installed for telework. We have realized teleworking in a security environment that can respond to unknown threats without using the Internet environment at home or free Wi-Fi that has security risks.
Improving employee convenience
Groupware, workflows, time and attendance systems, and portals have been converted to the cloud so that they can be accessed quickly from outside the company. In addition, by breaking out of that traffic to the Internet, the bottleneck that occurred when accessing the corporate network via VPN before the renewal was eliminated. It is very important to improve such convenience, because if employees themselves find it convenient, it will lead to the establishment of usage.
You can check the details of the network diagram and the structural reform of the UCC group in the webinar archive video.
The webins introduced in this article are archived.
Please see the archive video for the network diagram, details of the UCC Group's structural reforms, and Mr. Kurosawa's efforts to establish the use of digital workplaces among employees.
Comments