We chose it as a de-PPAP measure. We valued its ease of use and full-fledged SSO functionality.
OK Corporation, which operates discount supermarkets in Tokyo and three other prefectures under the management policy of “High Quality, Everyday Low Price. While proceeding with the “full-scale introduction of single sign-on (hereinafter referred to as SSO),” the company decided to introduce HENNGE One at the request of a business partner for “de-PPAP measures. The company is also strengthening overall security measures surrounding HENNGE One, and is promoting DX that matches the reality of its business.
— What were some of the challenges your company faced when working on DX and security measures?
When it comes to DX, many people may imagine that digital transformation (DX) like Airbnb’s is the main path. However, there are many companies that are working based on the concept of first promoting digitalization to compensate for their own shortcomings. This is exactly what O.K.’s DX efforts have done. In order to maintain and strengthen the management policy of “High Quality, Everyday Low Price,” data must be strategically utilized and operations must be made more sophisticated. To do so, we urgently needed to maintain the core system we had been using for many years, maintain the Excel forms we had been using in our business, and respond to user requests.
Then, a cyber attack on one of our suppliers occurred. We saw that the system was shut down and orders were being accepted by fax, and we realized that this was no ordinary incident, and our company suddenly became more aware of the need for security measures.
— Why did you choose HENNGE One?
One of the typical cyber-attacks is an attempted intrusion under the guise of an e-mail with an attached file. In response to this, the need for secure file transmission has recently increased, and an increasing number of companies are banning file transmission with Zip encryption (de-PPAP) as part of their security measures, which is exactly the reason why we introduced HENNGE One. Originally, the government started advocating de-PPAP, and it spread to government offices and financial institutions. We thought it would not come so soon to the food industry like ours, but a business partner said to us, “We can no longer accept Zip files with passwords. Could you please think of a different means?” We hurriedly searched for an alternative and considered several candidates.
We chose HENNGE One because “it is a Japanese product and service, so we felt comfortable introducing it,” and because “it has SSO functions,” which we found attractive. In selecting the product, we also compared and examined foreign tools, but decided against them because they were unfriendly to users and provided inadequate support, and we judged that their implementation costs would be too high.
We also wanted to expand the SSO functionality that we had been using in some areas for some time. Until then, we had been using SSO to cover the login to Google, but since we planned to add services that would be linked to SSO in the future, HENNGE One was the best choice to meet our needs to “deploy SSO tools in earnest” if we responded to “promote measures against PPPAP”. HENNGE One was the best choice.
The commercial character Ultraman also struck a chord with us. I thought it was funny that the character of the tool that helps promote de PPPAP and SSO was Ultraman.
— What is the current status of security measures surrounding HENNGE One in general?
The importance and urgency of security measures increased rapidly, but at first we didn’t know where to start. We decided to first diagnose the current situation and received a security assessment service. The results were more frightening than we had imagined, so we decided to take full-scale measures to improve security in general.
In terms of IT investment, we cleaned out old PCs and installed EDR tools. In the past, we used VPN access from outside the company, but Zscaler was able to do what we wanted to do at a lower cost, so we unintentionally took a zero-trust approach.
In implementing the security tools, we also needed to review our security policy, and strengthened ID management, centrally managing each ID in Active Directory and linking it to our attendance management system to prevent unauthorized use of retiree accounts.
However, even if we arm ourselves with tools and strengthen rules, recent targeted e-mails are extremely sophisticated, and the risk of intrusion cannot be reduced to zero. For this reason, we held a security study session for all employees. Since it is difficult to get employees interested in listening to security experts, we entrusted the management to new employees, and they created training materials from a feminine point of view. We also found an overseas video on YouTube that featured a short comedy-style attack and defense between a hacker and a defender, and played it with the video dubbed into Japanese, which attracted the participants’ interest and made the training effective.
While holding such study sessions, we have also introduced targeted e-mail training tools and repeat testing them regularly. Now, whenever a suspicious e-mail comes in, we receive inquiries from employees asking if it is a training e-mail.
— What is the status of DX initiatives throughout the company?
We have been working on DX initiatives in three areas: hardware, data, and human resources.
First, with regard to hardware, we are upgrading PCs to the latest specifications and distributing sub-monitors to improve the work environment. We are also introducing iPhones and iPads to enhance information access and communication in the stores.
In terms of data utilization, we replaced the on-premise DHW with BigQuery and introduced Dr.Sum + Datalizer for Excel in place of the data analysis tools we had been using.
In fact, there were about 200 old analysis tools that were hindering the OS upgrade, and with the introduction of Dr.Sum, the PC specs were increased and the data utilization was also upgraded.
In terms of human resources, we emphasize training in other departments and understanding the feelings of users as well as business operations. We have also introduced an e-learning tool for smartphones called GrowthX to conduct study sessions on AI and marketing. The study sessions are attended not only by members of the IT Division, but also by members of related departments at the head office, and joint study sessions are held on a monthly basis. Through these efforts, IT literacy has been improved and mutual business understanding has been deepened, enabling communication in a common language that transcends departmental boundaries.
We would like to promote structural and organizational reforms that will serve as the basis for DX while advancing these initiatives.