Top of Page
Bolstering security governance by centrally managing IDs for various SaaS access accounts using IDaaS
Yamato Holdings, which oversees the Yamato Group companies, had been facing the challenge of how to establish governance to strengthen IT security across its group companies, especially with regard to the use of a wide variety of SaaS. As part of its project to build an identity authentication management system for SaaS, the company introduced the IIJ ID Service, an IDaaS (Identity as a Service) that centrally manages user authentication information in the cloud. Yamato Holdings is now accelerating its deployment to group companies to boost user convenience and enhance security.
On November 1, 2005, the Yamato Group, also known as Yamato Transport, shifted to a holding company. Since then, Yamato Holdings has been consistently focusing on strengthening its corporate governance.
One of its policies has been to focus on cross-group security governance. Mr. Yusuke Shibata, who is in charge of IT strategy at Yamato Holdings, says, “We have a lot of work to do. Security incidents could lead to the loss of corporate brand equity. If we leave cybersecurity initiatives to our group companies, there could be huge disparities in the level of measures taken.”
Under these circumstances, SaaS has become increasingly visible as a serious issue. Similar to the many global companies that are moving toward employing cloud services, all Yamato Group companies actively use a wide variety of SaaS. However, some of these services are vulnerable from a security perspective, or engender concerns regarding continuity.
Even if SaaS itself does not have any issues, it is unlikely to ensure security if there is a defect in its operation. For example, if some accounts are left unused due to the resignation or transfer of personnel, these accounts may be misused by third parties to gain unauthorized access.
In the summer of 2018, the company started a project to build an identity authentication management system for SaaS that centrally manages access to systems and applications that are used by the entire group. As part of this process, the company adopted IIJ ID Service as the platform to manage SaaS accounts. This is a cloud-based IDaaS (Identity as a Service) that links IDs between the company portal and multiple SaaS to support single sign-on (SSO) and multi-factor authentication.
Although the use of SaaS is increasing across the entire Yamato Group, the types of SaaS employed and the number of accounts of each SaaS varies by company and division. “Under these circumstances, we focused on the advantage that IIJ ID Service can start small, with a monthly charge per account and no initial costs, including for server installation,” says Ms. Satomi Takei of Yamato Holdings.
Though IIJ ID Service was not the impetus for taking on this project, Yamato Holdings chose the service after comparing similar services provided by several vendors. The key factor in choosing the service was IIJ’s substantial support. “For example, when doing SSO integration using SAML 2.0 or multi-factor authentication, failures may occur due to subtle differences in the specifications of each SaaS. In such cases, IIJ took care to thoroughly answer our inquiries.”
In addition, Yamato System Development, a group company that is in charge of building the identity authentication management system for SaaS, conducted a proof-of-concept trial prior to the introduction of IIJ ID Service. Ms. Misaki Nakamura, a manager at Yamato System Development, tested exactly what can be done with the basic and optional functions of IIJ ID Service. “The admin settings are simple and easy to understand, and IIJ ID Service seems to be very user-friendly. In addition, IIJ respond quickly to our technical inquiries, which makes us feel that IIJ is a very reliable partner in building and operating the system,” commented Ms. Nakamura.
Yamato Holdings initially limited use to within the holding company only, and started operation with around 200 users.
“The SSO mechanism allows users to seamlessly access several SaaS as long as they remember just one password,” Ms. Takei said. “Users appreciate the fact that there are fewer login actions and much easier operation.”
The company linked the identity authentication management system for SaaS with IIJ ID Service. “If the HR department updates a human resources master file as employees join and leave the company, then the change will automatically be reflected in IIJ ID Service, eliminating any concerns that unused accounts may remain.”
After confirming the value of the service, the company began rolling out IIJ ID Service to Group companies in October 2019. By March 2020, about 40 SaaS are expected to be linked, and around 3,000 accounts will be registered. “We will continue to roll out IIJ ID Service to approximately 200 types of SaaS that have already been certified,” Ms. Nakamura says. “Considering the fact that the number of users of SaaS groupware will increase to more than 30,000 in the future, there is a good chance that our use of IIJ ID Service will grow even further. IIJ ID Service realizes flexible scale-out and scale-down, which is a huge advantage in a situation in which it’s difficult to predict the volume of future use.” she said in a statement.
In the multi-cloud era, it is essential to build IT systems that realize convenience and security, and to continually review and update them. “We will continue to further strengthen the security of the IT environment,” says Mr. Shibata. IIJ ID Service is expected to play an increasingly important role in these efforts.
YAMATO HOLDINGS CO., LTD.
Head Office: 2-16-10 Ginza, Chuo-ku, Tokyo
Founded: November 29, 1919
Capitalization: JPY 127,234 million
Number of Employees: 206
Yamato Holdings Co., Ltd. is a holding company that oversees the Yamato Group companies involved in deliveries, BIZ-logistics, home convenience, e-business, financial, auto-work, and other businesses, as well as overseas operations.
IIJ Information Center (9:30 - 12:00, 13:00 - 17:30 excluding weekends and public holidays)
End of the page.