Investors Cloud is opening new possibilities in real estate as a driving force for IT. The group’s apartment management platform – TATERU – offers a variety of services related to designer apartment proposals, construction, and rental management via a smartphone application, and is known for their slogan, “IoT apartment management starting with an app.” The group also provides services such as “TATERU kit,” which creates smart apartments using IoT devices, the small-sum real estate investment crowd funding platform “TATERU FUNDING,” “SMA-RENO” for one-stop renovation support, as well as the “TATERU bnb” lodging service, and the “TRIP PHONE” IoT device for tourists.
Investors Cloud has utilized Amazon Web Services (AWS) as the platform for providing the company’s services for several years, migrating to the platform in sequence over that time. “We are really impressed by AWS as it provides an auto-scaling mechanism which allows server instances to dynamically and automatically increase and decrease in accordance with transaction number fluctuations, and in addition, plenty of functions which are useful for enhancing operations and applications can be used with API,” says Investors Cloud’s Teruhito Ōki.
The company has focused heavily on security because they handle a lot of customer information. “For example, the TATERU business handles a lot of information such as the makeup of our customers’ families, their place of work, and annual income. Securing this information from risks such as leakage is one of our management issues,” says Investors Cloud’s Katsuhiko Keii.
"Deep Security strengthens security without negating benefits of the cloud, such as dynamically increasing resources; it is essential for our services."
Technology Development Department
IT Technology Development Division
Investors Cloud Co., Ltd.
To protect the variety of services that the company develops on AWS from external attacks, Investors Cloud adopted Trend Micro™ Deep Security™.
“We compared multiple products, but ran into problems. For example, with a gateway-type solution, it was difficult to support auto-scaling, which was the deciding factor in us adopting AWS in the first place. However, because Deep Security is deployed on a server, it automatically provides security for instances that have been dynamically added. Its level of compatibility with AWS is extremely high,” explains Ōki.
The fact that Deep Security is an all-in-one solution providing security functions, including antivirus and intrusion detection/prevention (IDS/IPS) capabilities, was a key point in the selection. “As far as we could tell, there were no other products that were similar to Deep Security at the time. We also loved the fact that a comprehensive report could be produced in PDF format,” says Ōki.
"We have comprehensive server security coverage with one product. Deep Security was the only product of its type that we found."
IT Infrastructure Department
IT Technology Development Division
Investors Cloud Co., Ltd.
Deep Security is a comprehensive solution with many capabilities, including antivirus, intrusion detection/prevention (IDS/IPS), web reputation, firewall, web application protection, and file and registry change monitoring. With two deployment configurations – agent-type and virtual appliance-type – it provides secure protection for various server environments, regardless of whether they are physical or virtual. It has a proven track record for applications on AWS and handles security for a range of services.
At present, Investors Cloud has around 100 virtual servers running on AWS, and by leveraging the capabilities of Deep Security, they have flawless security.
As a distinctive point, the company integrates Deep Security with AWS web application firewall (WAF). “When you add a server, the settings of the WAF have to be configured to protect the new server; in a cloud environment, where servers are added frequently, operations tend to become cumbersome. However, if you use AWS WAF and the WAF function of Deep Security together, the protection settings that are automatically executed by Deep Security can be imported into AWS WAF. Not needing to configure settings manually leads to efficient security and operational management,” explains Ōki.
Investors Cloud is also extremely impressed with the virtual patching capability, which provides security measures for vulnerabilities using the IDS/IPS of Deep Security. When patches for system vulnerabilities were released in the past, Investors Cloud would spend around 3 to 4 days testing the impact on its services. In addition, because of the large number of servers, applying the patches to servers would approximately take an additional 10 days. “In other words, we were open to risks for about two weeks after the vulnerability became evident,” says Ōki.
The company is now instantly provided with a safe environment thanks to the virtual security patches applied by Deep Security. This keeps risk to a minimum during inspection and application periods. The recommended search settings in Deep Security, which recommends the application or removal of the IDS/IPS rules required to protect target servers, also helps prevent patches from not being applied.
The enhanced security and reduced operational management workload that Deep Security has provided has become a significant business driving force for Investors Cloud. “Competitiveness in the modern business environment is heavily influenced by how you can accelerate service development, release, and the improvement cycle. Consequently, we also engage in practices such as DevOps, and relying on an infrastructure group provides us with a constant confidence that the instances that we need are always secure, which allows us to concentrate on development,” explains Keii. “And not only is it possible to grasp what’s going on quickly and accurately with reports, operating workload has also decreased thanks to automatic auto-scaling compatibility and WAF configuration efficiencies. The extra time that we gain can be spent in areas such as developing infrastructure for new services,” continues Ōki.
With Deep Security, Investors Cloud was able to provide essential protection for servers, applied in a one-stop solution. The new environment features enhanced security, reduced operating workload, and has allowed engineers to concentrate on service development.
Investors Cloud will continue to promote security enhancement in its pursuit of a higher level of safety. For example, a current goal is PCI DSS compliance for lodging and other services which handle credit cards. “The products of Trend Micro are easy to use and can be relied upon, and they are extremely reassuring allies to have. We definitely look forward to their continued support in the future so that we can focus on initiatives for growing our business with peace of mind,” concludes Keii.