2022.07.13
Case study: Adoption of ZENMU for PC by Mitsui-Soko Holdings
Mitsui-Soko Holdings replaces its thin clients with ordinary laptop PCs
Protecting data with secret-sharing technology
It has long been generally understood that thin clients are one of the best ways of preventing information leaks. However, such issues as cost, processing response times, and operational burden remain unresolved. In 2019, Mitsui-Soko Holdings decided to jettison the thin clients it had been using for over eight years and replace them with an environment that pairs ordinary laptop PCs with secret-sharing technology. We asked Yuji Itoi, an executive officer with the company, about the process by which all of this transpired.
Pre-adoption issues
|
Post-adoption effects
|
Reasons for selecting ZENMU
- Exceptional data security made possible by secret-sharing technology
- Small overhead allows performance associated with rich clients to be harnessed
Background behind adoption
Thin clients were adopted because of the prioritization of security but were problematic in terms of cost and performance
Mitsui-Soko Holdings (hereinafter referred to as “Mitsui-Soko HD”) is a holding company at the core of the Mitsui-Soko Group, which comprises business enterprises that provide a variety of logistics services. In 2011, prior to the transitioning of the company to a holding company, Mitsui-Soko adopted thin clients as a security measure applicable to internal PCs when the company moved its head office functions to its current site in Minato-ku, Tokyo. In 2014, the company became a holding company and continued to use thin clients even after upgrading their operating system to Windows 7. Itoi confides that “thin clients were beset with all sorts of problems.”
Background behind adoption
Overcoming the shortcomings of rich clients through a system of secret sharing that distributes data and renders it meaningless
Yuji Itoi
Executive Officer in charge of Information Systems
Mitsui-Soko Holdings Co., Ltd.
The first problem that was identified was ease of use. The company had set up a dedicated server inside the company and had been using box-type terminals hooked up to a monitor and keyboard. As these terminals were not meant to be carried from place to place, they were not very convenient to use. For example, materials had to be printed out onto paper each time a meeting was held. In addition, these terminals were also a factor preventing the adoption of free addressing in the office, which was being separately promoted.
There were also performance-related issues. Even with compression being carried out with screen transfer terminals, the network bandwidth was being throttled, which gave rise to a poor response. “If we’re being brutally honest here, we can’t really say that user feedback was all that great back then.”
And then there is the matter of price. To migrate to Windows 10, it was necessary to upgrade the VDI software and the server itself, a course of action that would have incurred a substantial amount of additional costs. Furthermore, the box-type terminals also became due for an upgrade. Each terminal equipped with Windows Embedded cost 60,000 to 70,000 yen. “We originally adopted thin clients in order to ensure security. If we could address the security issues in question, we would no longer have no choice but to go with thin clients.”
In this connection, we decided to take advantage of our migration to Windows 10 by moving away from thin clients and exploring other options based on the use of ordinary laptop PCs. That said, if we simply chose to use laptop PCs, we would not have been able to avoid compromising our security since data would remain locally situated. We thus wondered how we could ensure security while using ordinary laptop PCs.
First, there is the method by which data is covered operationally. In other words, the data is supposed to be saved not locally but in a shared folder. However, this is not enforceable. Next, the company considered cloud storage integration as a method that might be enforceable. While this would limit the act of saving data to nondefault cloud storage options, testing revealed that there were performance-related issues. Since the cloud would have to be accessed every time a file was read or written to, the performance benefits you might hope to obtain from using rich clients would be unavailable.
The company finally settled on ZENMU for PCs, a secret-sharing method provided by ZenmuTech. Secret sharing is an encoding method whereby data is split into multiple distributed fragments and saved in a distributed manner; the data cannot be restored unless all of the distributed fragments are brought together. In the case of ZENMU for PCs, the data is split into two fragments; one of which is stored locally on the PC while the other is stored on a USB flash drive, smartphone, server, or other such options. The data is restored once both fragments are brought together.
Effects of adoption
Performance issues have been eliminated even as security on par with thin clients has been achieved
At Mitsui-Soko HD, an internal server is used as the location in which distributed fragments are stored. Connect a PC to the server to restore the data as if nothing had happened. Additionally, data is backed up to a public cloud service (AWS), ensuring data availability even in the event of an internal server failure (Fig. 1).
Figure 1: Overhead associated with screen transfers eliminated with the use of ZENMU for PC
In the case of ZENMU for PCs, the ability to make distributed fragments that are to be saved in a nonlocal location extremely small constitutes a performance advantage. Since most of the data is saved locally, you can minimize the overhead that is incurred from reading and writing to the other distributed fragments. “You can work without specifically focusing on the data distribution. Performance degradation is not something you notice.” (Itoi)
ZENMU for PCs was acquired from Mitsui E&S Systems Research, Inc., a partner for selling ZENMU products in the Mitsui Group, and began to be adopted in May 2019. While a few thin clients were retained to make use of applications requiring Windows 7 to work, most had been eliminated by November 2019. These days, ZENMU for PCs has been applied to the PCs of 160 members of the head office staff at Mitsui-Soko HD and used accordingly.
What can be said about the system of teleworking at Mitsui-Soko HD? Presently (middle of May 2020), VPN access has been expanded to cover 110 users. At the same time, some head office staff members are now able to work from home by connecting thirty-five laptop PCs using a thin client server that had been slated for removal. Internal decision-making operations have already been fully digitized. “We didn’t anticipate the current situation (in terms of the spread of COVID-19). We were lucky to have made preparations for the Tokyo Olympics.” (Itoi)
Nevertheless, it would appear that we still have a way to go before teleworking is adopted on a full-scale basis. This is in part due to the fact that the main business of the company is logistics. There is much that needs to be done on site and the company still deals with some clients via fax. For this reason, it is not realistic to expect that much of the company’s workforce with the exception of some head office staff members who handle information can work from home. Itoi explains: “Teleworking has not yet been clearly institutionalized. We are thinking of first prioritizing the development of relevant systems and upgrading our IT infrastructure.”
Company profile
Company | Mitsui-Soko Holdings Co., Ltd. |
---|---|
HP | https://msh.mitsui-soko.com/ |
Address | 3-20-1 Nishishinbashi, Minato-ku, Tokyo |
Representative | Hirobumi Koga, Representative Director & President |
Number of employees | 855 (of whom 682 are on loan to operating companies and others) (as of March 31, 2022) |
Number of consolidated employees | 8,172 (as of March 31, 2022) |
Contents of operations | Formulation of the Group’s management strategies, business management, and a real estate business |