The Tohoku Electrical Safety Inspection Association is a business entity that provides maintenance services for enterprise and home electric power equipment entrusted from Tohoku Electric Power Co., Inc. and other companies.
To achieve efficiency for its working environment with 1,300 mobile staff, the Association is migrating its employees’ computing devices from personal digital assistants (PDA) to smartphones. In June 2015, it began using the Microsoft Office 365 cloud service.
“For those mobile workers, standardizing the applications on their mobile devices and office PCs with Office 365 will allow for more efficient information sharing amongst employees, and will also help us to reduce the cost of business system development and maintenance,” says Hironori Araya, head of the PR and Information Group in the Association’s Planning HQ.
Accordingly, the Association is migrating all of its email environments to Office 365.
The Association also considered Business Continuity Planning (BCP) and tried to keep its office system up and running upon given incidents. The targeted cyberattacks that threatened its system and BCP had become a pressing issue.
“There were damages reported which were caused by targeted cyberattacks, and we realized we could no longer ignore this as somebody else’s problem,” recalls Mr. Araya.
“The social infrastructure related to organizations like ours are prone to be a target of cyberattacks. We also have a large amount of customer data to protect. For these reasons, we felt the urgent need to reduce both risks of data losses caused by targeted cyberattacks and risks that could be exploited as stepping stones to attacks, so we moved to strengthen our countermeasures against targeted email.”
Head of PR and Information Group,
Tohoku Electrical Safety Inspection Association
To strengthen Office 365’s security against targeted email, the Association considered a number of candidates with sandboxing technologies that could detect unknown threats. However, none of the products met the association’s expectations.
The Association came across Cloud App Security through UNIADEX, Ltd., a company that supported the Association’s Office 365 implementation and knows its networks well.
Hirokazu Sato, Section Chief of the 1st Sales Section in UNIADEX’s Tohoku Sales Office, says, “When we recommended Cloud App Security, we had the confidence that the service could solve the problem.“
Section Chief, 1st Sales Section,
Tohoku Sales Office, UNIADEX Ltd.
Mr. Araya notes, “We’ve already migrated our mail environment to the cloud, so a traditional gateway-type security which required security appliances or dedicated servers in our network was not a solution suited to our environment. Through integration with cloud-based Office 365, Cloud App Security offers a huge advantage to us. We could implement the countermeasure with no changes to our existing network.”
The Association deployed Cloud App Security. Mr. Araya configured it, and says that it only took him a few minutes.
In addition to email, malware, and improper URL detection, the Association also uses the data loss prevention features of Cloud App Security to prevent personal information leakage via email. With Cloud App Security, the Association can detect malware not only from newly received email but also from email already received and stored in mailboxes. This enables it to check past email with the latest threat information.
“Since the beginning of 2016, we’ve received a large number of emails that clearly seem to be targeted attacks, and we are able to detect more malware with Cloud App Security. Some of this malware is detected by the security features of Office 365, but Cloud App Security blocks the unknown threats that bypass it. This reminded us of the importance of multilayered defense. We also like Cloud App Security for its management console which is easy to read and also easy to operate”, says Mr. Araya.
With Cloud App Security, the Association has strengthened its Point-of-Entry countermeasures against targeted email. Also, Cloud App Security allows the Association to detect malware hidden in files on Office 365’s OneDrive® for Business.
The Association also plans to strengthen its countermeasures against malware lateral movements. For that, it is considering adoption of Deep Discovery™ Inspector and is doing the Proof-of-Concept.
Mr. Araya says, “No matter how we strengthen Point-of-Entry countermeasures, we will not be able to say that there will be no malware intrusion, and countermeasures for lateral movements are necessary. We will continuously expect a lot from both UNIADEX and Trend Micro.”