Hitachi Adopts SASE to Implement a Zero Trust Model
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Hitachi is working to restructure its security infrastructure, because users, devices, systems, and data are scattered widely inside and outside the company’s network due to diversified work styles and advancement of digital technologies. Hitachi then partners with Cisco to enhance its infrastructure to ensure strict authentication of users and devices using Zero Trust architecture.
| Executive Summary |
|
| Customer Name: Hitachi, Ltd. Industry: Manufacturing Location: Japan Number of Employees: 29,485 |
|
| Challenges |
●
Cyberattacks targeting corporations have become more sophisticated and malicious
●
Diversified work styles and cloud shifting expanded the scope of protection
●
Adjustments are needed to apply group-wide security policy for various subsidiaries
|
| Solutions |
|
| Results |
●
SASE deployment enabled Hitachi to take a huge leap forward in security restructuring
●
Unauthorized data can be detected by authenticating users and data monitoring sensors
|
The limitations of closed network and perimeter-based defense
Develop a new service by combining products and technologies to improve the convenience of people's lives. Gain experience in achieving carbon neutrality and sharing the know-how to the public. Propose best use cases of adopting new technologies, including drones and biometric authentication in the social infrastructure. Hitachi is engaged in numerous varied activities as part of its commitment to promoting social innovation business. Concurrently with these efforts, Hitachi is working to rebuild its security system because security risks surrounding corporations are becoming increasingly complex today. A good example is the diversification of work styles. The coronavirus pandemic has spurred reforms in the way people work. Remote work, including work-at-home arrangements, became widespread, giving people more options besides commuting to their office daily. Another example is the expanded scope of Internet use. As corporations started using cloud services and transitioned to smart factories leveraging the power of IoT, digitization of logistics, and other operations, more employees, devices, and objects are connected to the Internet. All these must be protected appropriately. It is also important to note that cyberattacks are becoming increasingly highly developed. Attackers use various highly developed techniques for targeted exploitation, from spoofed business emails attempting to steal money to ransomware demanding payment of a ransom by taking control of a corporation’s information systems and confidential information.“We need to protect more users, objects, systems, and devices from sophisticated exploitation, including targeted attacks that cannot be prevented by conventional security measures. Plus, what we need to protect is scattered all over the place. Formerly, the closed network and perimeter-based defense worked well to prevent threats to a certain degree in an environment where everything was located inside the premises. But such defense is not good enough to combat threats these days,” says Hitoshi Tanaka, General Manager of Global Solutions.
“Cisco is a dependable partner who can share the same vision and help us tackle difficult challenges. We can do this together!”
Hitoshi Tanaka
General Manager of Global Solutions 2nd Office IT Strategy & Digital Integration Division Hitachi, Ltd.
Unifying security and network functions into a cloud-delivered service
Hitachi defined the overall specifications of restructuring its security infrastructure. One of them is to enable behavior detection on computers, smartphones, and factory devices, as well as networks—paths for attackers to gain access. “Signature-type measures are not effective enough to combat the current form of intrusions, where attackers investigate the target before attempting to gain access in a method uniquely designed for the attack. As a common practice, any unusual behavior or abnormal activity is screened for unauthorized access even though the signature-type defense did not detect it. Think of a case where a user accessed from Tokyo. Still, an hour later, there was access from the U.S. We had to include such behavior detection to ensure the security of devices and networks,” says Tanaka. Another specification is the authentication of every access per user and device, based on the Zero Trust security model. Zero Trust is a new decentralized approach to security where the policy follows the user, and verification is required for everything because anything that accesses the systems or data cannot be trusted. As the limitations of perimeter-based defense are becoming apparent, this approach is gaining popularity as a future form of security architecture. “Safety must be verified against both the users and objects because now factory sensors and production equipment are autonomously transmitting data and accessing systems and services,” says Toshihiko Ono (Hitachi).
As a framework for realizing the Zero Trust security model, Hitachi looked into implementing Cisco’s Secure Access Service Edge (SASE), which unifies security and network functions into a cloud-delivered service. Upon comparing several solutions, Hitachi ultimately chose Cisco’s solution. Cisco SASE mainly consists of four solutions: Network, Cloud Security, ID/Access Management, and Monitoring. Hitachi decided to implement Cisco Umbrella for cloud security and install Cisco Secure Access by Duo (“Duo”) for ID/access management. Cisco Umbrella was initially provided as Domain Name System (DNS) security solution, enabling users outside the company to access a cloud service directly. After more functions were added, such as URL filtering, antivirus, firewall, and cloud security features, it turned into a comprehensive security suite. Duo is an authentication platform supporting multifactor authentication, including biometrics. While ensuring credibility, a basis of the Zero-Trust model, it offers convenience through single sign-on.“Since SASE is becoming more prevalent as an approach to realizing the Zero-Trust model, many vendors are working on its development. Among the many vendors available, we chose Cisco because we wanted a good and trusted partner with inherent flexibility to our specific needs. We had to consider how the system first installed at Hitachi offices in Japan would be deployed to the rest of the Hitachi Group companies, where approximately 350,000 people work worldwide. Hitachi Group is composed of companies engaged in diverse business operations. Considering that each company has circumstances unique to their nature of business, for instance, some have highly specialized machines running, and the group-wide deployment is an intricate process. Cisco is a global corporation and well-versed in IT and information security. We believe Cisco will share the same vision and work with us to tackle even the toughest challenges. That’s why we chose Cisco,” emphasizes Tanaka.
Hitachi chose Cisco as a partner for the group-wide deployment project
Hitachi initially issued approximately 50,000 licenses to its employees in Japan. This is a huge step forward in restructuring its security infrastructure. “Multifactor authentication is required for accessing the systems and services after starting a PC at home, inside the office, or from a remote location outside the office. Duo allows us to choose any combination of multifactor authentication. It enables us to design an authentication environment tailored to the work style and job type,” says Ono.
For Cisco Umbrella, Hitachi issued 155,000 user licenses for its employees in Japan as the first step. Since Umbrella provides many security functions as a unified system, Hitachi is looking into assigning the licenses to devices as well.“One of the key features of Cisco Umbrella is the secure internet gateway that prevents access to potentially dangerous or prohibited sites. This function can be enabled per user, and for devices, per production equipment or sensor. As part of IoT and data utilization amid the transition toward smart factories, we also have production equipment and sensors transmitting operating status data to other systems and services via the Internet. Using Cisco Umbrella, we can monitor the devices to see if they are transmitting data to correct destinations and check for unauthorized activities to minimize the risk of information leakage from the devices,” according to Ono. Given this view, Hitachi has entered into the EA (Enterprise Agreement) with Cisco to allow flexible and prompt application of Cisco solutions to as many users and devices as possible. This is one of the procurement options available with Cisco software products. During a valid contract term, customers can purchase and use eligible software licenses without going through the standard procurement process, enabling efficient management of the licenses. “We appreciate this service because it provides necessary scalability to rebuild the entire security infrastructure of the Hitachi Group,” says Tanaka. In line with their objectives, Hitachi believes Cisco is an essential partner of its security restructuring project, but the word “partner” has another meaning for Hitachi. It refers to a business alliance that delivers superior IT solutions to customers.
“Duo allows us to choose any combination of multifactor authentication. It enables us to design an authentication environment tailored to the work style and job type”
Toshihiko Ono
Manager Next Generation Security & Solutions Department Global Solution 2nd Office IT Strategy & Digital integration Division Hitachi, Ltd.
Security is a Top Priority
“Security is a top priority for all corporations. It is not something to compete with others or differentiate ourselves from them, so all of us should work together to improve the security. Anything we learned from using Cisco solutions, we’d like to share the know-how with our customers. Through a robust business alliance with Cisco, we, as IT vendors, hope to make this happen together,” says Tanaka. As digitization continues to advance in society, security is becoming increasingly important. Cisco and Hitachi are global corporations aiming to bring benefits to society, and we will work together to tackle challenges in information security.
“Since SASE is becoming more prevalent as an approach to realizing the Zero-Trust model, many vendors are working on its development. Among the many vendors available, we chose Cisco because we wanted a good and trusted partner with inherent flexibility to our specific needs. We had to consider how the system first installed at Hitachi offices in Japan would be deployed to the rest of the Hitachi Group companies, where approximately 350,000 people work worldwide.”
Hitoshi Tanaka
General Manager of Global Solutions 2nd Office IT Strategy & Digital Integration Division Hitachi, Ltd.
Secure Access Service Edge (SASE)