HENNGE One covers all the necessary functions and is very attractive in terms of cost. We also appreciate the generous support we received before and after the service was installed.
— Please give us an overview of your business.
Lack is a total IT solution vendor established in September 1986. We are particularly strong in the field of information security, offering a wide range of services from consulting to system design and construction, as well as monitoring, diagnosis, and incident response. For example, in the area of security monitoring, in 2002 we established the Japan Security Operation Center (JSOC), a 24-hour, 365-day network monitoring system. We continue to protect our customers’ IT environments from threats that occur on a daily basis. Through these businesses, we are widely recognized as a leader in the information security industry in Japan, and we have been invited by government agencies to make recommendations on security measures at the national level.
— Why did you choose Microsoft 365?
In 2014, Mr. Nishimoto (current President and Representative Director), who was appointed CTO at the time, decided as part of an organizational reform that the Information Systems Department should not only play a conservative role as an administrative staff department, but also be an organization with an aggressive stance that contributes to business growth based on the use of IT. In addition to the planning, implementation, operation, and maintenance of internal systems that it had been responsible for, the Information Systems Department was transformed into an organization that proactively verifies the introduction of advanced solutions and brings competitiveness to the company’s business. We have transformed ourselves into an organization that brings competitiveness to our business. Furthermore, we are playing an important role in providing our customers with the know-how and knowledge we have gained through this process, using our own company as a model case. In parallel with the virtualization of internal systems and the introduction of software-defined networking (SDN), we also promoted the shift to cloud computing. Based on the principles of “cloud first” and “mobile first,” the business systems that had been running on-premise at the data center were sequentially moved to a private cloud environment. On the other hand, the company decided to use a cloud service to move its e-mail system to the cloud, and finally selected Microsoft 365.
— Please tell us about the usage of HENNGE One.
We are currently using the Exchange Online email functionality for Microsoft 365, but in order to ensure security operations in compliance with our company’s policies, we have introduced HENNGE One as an add-on. Specifically, we use the following features
⚫︎ Access Security
Previously, the mail system was operated in an on-premise environment, and the rule was that mail was only allowed to be used from the internal network (including VPN connections). In order to maintain the existing level of security during the email migration, we utilized HENNGE One’s access security. The “Access Restriction” function, which allows connections only from the IP addresses of our gateway devices, prevents unauthorized access from outside the company and reduces the risk of information leaks. We also synchronize accounts with the company’s Active Directory.
⚫︎ Messaging Security
We are using the “Send Temporary Suspension” function as a countermeasure against accidental transmission of e-mails. We also use the archive function for tracking and analyzing incidents and for complying with IT general controls.
— What were the deciding factors in your decision to use HENNGE One?
First, HENNGE One was the only solution that met all of our functional requirements in a single product. Another major advantage was that it was less expensive than implementing a combination of multiple solutions. Of all the features, we valued access security the most. As mentioned earlier, it is required that access to the internal system is always via the internal network or a VPN connection. To block access from other sources, HENNGE One access security was deployed to ensure secure authentication and connection to Microsoft 365.
— Are there any other features of HENNGE One that you particularly appreciate?
We had high expectations for the archiving functionality from the very beginning of the selection process. Although archiving itself is a standard feature of Microsoft 365, there were some operational difficulties. For example, when an employee leaves the company, if the employee’s account is deleted from Active Directory, the user’s mailbox is deleted after 30 days and is no longer included in the archive, so it cannot be accessed. There is a feature called “lawsuit hold” to keep the contents of the mailbox even after the account is deleted, but it is a heavy operational burden. In contrast, HENNGE One can retain an employee’s email send/receive history even after deleting the user’s account in Active Directory. The administrator can refer to it whenever necessary, providing great peace of mind from a forensic perspective.
— Please tell us about the effects of implementing HENNGE One.
We currently have approximately 1,650 accounts on Microsoft 365 and send and receive a huge amount of email daily using Exchange Online, but HENNGE One has proven to be as effective as expected, providing solid support for the security related to our email usage. We appreciate that HENNGE One has been working as expected and has supported the security of our email usage. We had been considering implementing a temporary hold function for outgoing mail since we were operating an on-premise mail server, but we decided against it due to cost concerns at the time. The fact that we were able to implement it with HENNGE One is also a great achievement.
— Finally, please tell us about your evaluation of and expectations for HENNGE.
The technical support at the time of implementation was very reassuring. After the implementation phase, in addition to the aforementioned benefits of HENNGE One, we also benefited from the extensive support provided by HENNGE, the provider of HENNGE One. Specifically, HENNGE’s representatives are familiar not only with their own services, but also with Microsoft 365, and when we faced problems with the use of ExchangeOnline, they investigated areas beyond the scope of HENNGE One’s services and provided us with effective advice. We have also had problems with ExchangeOnline. In some cases, this advice led to the resolution of the problem. We hope that HENNGE will continue to play a role in our security measures with its advanced product and support capabilities.