Securing mission-critical
systems on AWS with
Trend Micro Deep Security

 

Overview

Lawson Inc. operates more than 12,000 convenience stores throughout Japan. To meet its customers’ needs, the company’s brands and services include “Lawson,” “Natural Lawson,” “Lawson Store 100,” and its home-delivery service “Lawson Fresh.”

“Our goal is to meet customers’ expectations 24 hours a day, 365 days a year, with maximum convenience. So it’s important for us to support new technologies such as point cards and electronic money. For that, we always adopt advanced technology for our IT systems. We have also adopted advanced technologies such as virtualization and OSS (open source software) as soon as possible in order to provide services that anticipate market demand,” says the head of Lawson’s System Platform Division, Michihiko Takahara.

Challenges

As the company adopted new technologies, it found that the processes required to procure, develop, change, and operate these systems are now time-consuming and sometimes it could slow company’s business enhancement down.

“We felt that an on-premises system no longer provided enough agility for us to roll out new stores and new services to develop new business for better customer experiences,” says Takahara. Lawson adopted a cloud-first approach, and decided to migrate to Amazon Web Services (AWS) to increase agility and reduce operational overhead.

When I think about systems five or ten years ahead, migration to the cloud is essential. Being able to standardize our security model has been an amazing benefit.”

Michihiko Takahara,
general manager
BPR & Information systems division
Information systems platform department
Lawson, Inc.

 

As part of its migration to AWS, Lawson had to explore new security solutions. “No matter where the systems are deployed, we need to keep security for our mission-critical system as high as possible,” explains Kousuke Shindou, a manager in the company’s System Platform Division. “So we investigated solutions optimized for the cloud, with the goal of maintaining security on AWS as effective as our previous on-premises security.” Lawson decided to implement “defense in depth,” which includes a variety of security functions such as antivirus, web application protection, IDS/IPS, and log monitoring, in addition to the firewall function provided by AWS.

 

Why Trend Micro

After considering multiple options, Lawson decided to adopt Trend Micro Deep Security.

“Deep Security is an all-in-one, integrated solution which delivers true defense in depth. Unlike other network-based solutions, Deep Security is a host-based product that installs agents on servers, making it possible to centrally configure security functions required for all our individual systems. It has less impact on server performance, and support AWS Auto Scaling. For these reasons, we considered it the most suitable solution to protect our AWS environment,” says Takahara.

During the selection process, Lawson also confirmed that even if they turned on all of Deep Security’s functions, the impact on server performance was negligible, with no impact on operations. “One of Deep Security’s strengths is its high compatibility with AWS. Moreover, we are very impressed with the support we’ve gotten from Trend Micro throughout the process. They’ve earned our trust,” says Shindou.

Solution

Lawson’s migration to AWS in ongoing. At present, the company has migrated part of its “Store System,” which provides customer services and orders from each store, and other systems will follow. It also plans to consider which Deep Security functions it should use based on each server’s function, and will optimize the balance between security and server load.

“We use almost all of Deep Security’s functions for our Store System. Although we haven’t had any major incidents so far, we can visualize the status and we believe that we’ve established an environment to migrate other mission-critical systems without concern,” adds Shindou.

Results

One significant benefit that has come from the initial deployment of Deep Security is that Lawson has been able to standardize a model for migrating its other systems to AWS.

Lawson has consolidated functions such as backups, log management, and security functions used by multiple systems into one package. This means that they will be able to apply comprehensive security configurations with Deep Security all at once when they roll out new instance. This will help them to reduce operating workload as well as the time required for new rollouts.

“The major purpose of AWS migration was to increase speed and agility. The standards and practices that we have established with the help of Deep Security will clearly help us to develop new business,” says Shindou.

 

What's Next

Lawson has established a flexible system infrastructure which enables them to keep up with an ever-changing business environment. “Ideally, system infrastructure should be more usable on demand, much like electricity and water. In that sense, it will be very natural in the near future to operate even mission-critical systems in the cloud. We will continue to proactively adopt new technologies, and we expect to continue and expand our relationship with Trend Micro,” concludes Takahara.

See all success stories