We were able to start using the cloud service smoothly because we received support and advice on security from the design stage.
— Please introduce Toyota Financial Service.
Toyota Financial Service (TFS) was established in July 2000 as a wholly-owned subsidiary of Toyota Motor Corporation to oversee financial companies that provide automobile sales financial services. The TFS Group is formed and operates together with domestic and overseas sales finance companies under the group mission of “contributing to the enrichment of people’s lives by providing sound financial services with a focus on Toyota customers.
The TFS Group’s specific businesses include the provision of products and services such as credit cards, equipment leasing, and housing loans in Japan, as well as automobile sales finance centered on automobile loans and leasing to more than 26 million customers in 37 countries and regions around the world, including Japan.
— What is the TFS Group’s approach to information security?
IT governance at a full-fledged global level, including security policies, is being further strengthened at an accelerated pace by implementing country-specific measures in conjunction with compliance with global standards.
As for the head office, we must ensure not only the security policy of the Toyota Group, but also the security as a financial company, so we are working on effective measures that can serve as a model for other countries.
— Please tell us about the use of HENNGE One.
We currently communicate with our subsidiaries in 15 major countries using Skype for Business (“Skype”) online meetings. We started using the system in June 2017, and currently have about 120 users, and plan to gradually expand the scope of use to our overseas affiliates.
With the exception of a few, a laptop PC and iPhone are distributed to each employee, and a device certificate issued by HENNGE One is installed on each PC and iPhone provided by the company, so that only authorized devices and users can securely use Microsoft 365 from inside and outside the company. HENNGE One is feature-rich.
HENNGE One has a wide range of functions, so we may not be able to say all of them, but we use most of them, including not only access control such as IP address restrictions, but also ZIP encryption of attachments when sending emails and archiving of emails (permanent data storage).
— How did you come to introduce HENNGE One?
Since we are in a position to manage the TFS group, we have many opportunities to travel to offices around the world, including our own. We have also been using video conferencing systems to communicate with each other in real time without having to go to the office in person. Although videoconferencing systems are convenient, they are limited in terms of the number and locations where they can be used and the cost of installation and operation. However, the problem was security.
— Why did you choose Skype?
Skype is provided as a cloud service as one of the functions of Microsoft 365, so there is no need to build or operate a system. In addition, Skype is used by many companies in Japan and around the world, and we decided to use it because it is supported by many companies and the Toyota Group recommends the use of Microsoft 365.
— What are the security issues?
With Skype as it is, it is convenient to be able to access the Internet from any terminal, but the risk of unauthorized access due to spoofing, etc. cannot be completely eliminated. On the other hand, restricting access by IP address or other means reduces convenience. Therefore, we decided to implement HENNGE One because we wanted to use Skype while maintaining both convenience and security by using device authentication.
— Why did you decide to install HENNGE One?
Although it was not directly related to device authentication, I was interested in HENNGE One because of its supervisor approval function while researching e-mail-related security measures. After looking into it in more detail, I found that it also had a cloud authentication function, and since it could be used in the cloud while covering a wide range of security functions, I began to seriously consider using it.
One of the key factors in our decision to use HENNGE One was its long history as a service, its many installation records, and the wide variety of cloud services it supports.
We consulted with HENNGE’s introduction guide on various questions and concerns related to Microsoft 365 during the design and connection verification stages, and they provided us with easy-to-understand and detailed explanations and suggestions, so we decided that we could use the service with confidence.
— Please tell us about the results of introducing HENNGE One.
From the standpoint of introducing the system, it was very helpful that we were able to incorporate the cloud authentication mechanism with HENNGE One at its core from the time we started considering the introduction of Skype, so there were no problems related to security or authentication after we started using the service or even at the time of introduction.
Once device certificates are installed, there is no need for users to do anything special, and the ability to reliably control the restrictions on the devices they can use is also a major operational benefit of the system.
In the future, we are planning to open a common portal related to consolidated financial statements and to operate an internal portal using SharePoint, and we believe that we can expect further benefits such as a secure access environment using HENNGE One.
In addition, users have commented that it is very convenient to be able to immediately access Microsoft 365 without any special operations or procedures, whereas before they could not use e-mail and other services without a VPN connection.
In addition, we are starting a telecommuting system this year as part of our work style reforms, and since we were able to use the certification system as it is, the start of the system went very smoothly.
— Please tell us about any evaluations or expectations you have for HENNGE.
With limited internal resources for information security, there are many issues that need to be addressed, and we cannot spend a lot of time and effort on individual cases, both in terms of implementation design and operation. Therefore, HENNGE One is a good choice because it allows us to use a variety of functions as a single service, but also because we can receive one-stop services for each function, rather than having separate vendors and support offices for each function, so management on our side is not a hassle.
In addition, cloud services are subject to updates of functions and changes in specifications regardless of our will, but with HENNGE, the management aspect is handled as quickly as possible, so there is almost no burden on us. In the future, we expect to see more proposals for new features and usage methods that only a specialized security service can offer.