2024.01.31
Case study: Asset Management One Co., Ltd.
Using secret-sharing technology to support the security and safety of hybrid work at an asset-management company
Asset Management One provides asset-management solutions for both institutional investors and individuals as one of Japan’s biggest asset-management companies. In 2019, the company adopted ZENMU for PCs as a countermeasure against information leaks from PCs taken out of the office. It has been installed on and is being used with all work PCs—numbering approximately 1,200 units—in use.
Pre-adoption issues
|
Post-adoption effects
|
Reasons for selecting ZENMU
- Innovative approach that enables an environment on par with a diskless PC to be realized with far fewer man-hours than is required for a VDI
- The security of secret-sharing technology ensures that original data is not stored on the PC.
- Efficiency of security operations in that the unauthorized use of data can be immediately prevented in the event of theft or loss
Background behind adoption
Looking for a security solution that allows work PCs to be removed from the office
Asset Management One is an asset-management company that was established in 2016 through the merger of Diam Co., Ltd., Mizuho Trust & Banking Co., Ltd. (the asset-management division thereof), Mizuho Asset Management Co, Ltd., and Shinko Asset Management Co., Ltd. It operates both a business for institutional investors and a business for individual investors and has assets under management of approximately 64 trillion yen as of the end of September 2023, which makes it one of the largest asset-management firms in the country.
The information handled by employees of the company is highly confidential. Thus, strict security management is required of internal IT. PCs used for work could not be removed from the office for several years after the company was established. This approach to using PCs changed in 2019. This change was triggered by the need to replace all work PCs in anticipation of the end of support for Windows 7 in January 2020.
“The inability to use work PCs outside of the office was unpopular among our employees since it deprived them of a way to access a highly convenient IT environment. It was in this connection that we sought to make it possible to remove work PCs from the office when it came time to upgrade our PCs and decided that we wanted to improve operational efficiency and reform the way our people worked.” (Shuji Yokota, Manager, DX Promotion Group, Asset Management One).
Shuji Yokota
Manager, DX Promotion Group
Asset Management One Co., Ltd.
A significant challenge in promoting this change lay in the need to be aware of the risk of information leaks that came with the granting of permission to remove PCs from the office. Chosen as the solution to this challenge was ZENMU for PCs, which uses secret-sharing technology to render user data on PCs meaningless and which was the predecessor to today’s ZENMU Virtual Drive.
Decisive factors behind adoption
ZENMU for PC was selected for the ease with which it could be adopted and the robustness of security it offered
In adopting ZENMU for PCs, the company aimed to build an environment comparable to diskless PCs to allow PCs to be safely and securely removed from the office. In other words, the aim was to realize an environment that would not allow user data to be kept on the PC. In aiming to build such an environment, the company also initially looked into the adoption of VDI. Kazutaka Yamazaki, a manager with the DX Promotion Group, explains why the company nevertheless went with ZENMU for PCs.
Kazutaka Yamazaki
Manager, DX Promotion Group
Asset Management One Co., Ltd.
“If we were to adopt VDI, we expected that it would incur a significant number of man-hours since we would have to migrate existing data assets to the VDI environment. In our case, we would have also needed to invest quite a lot into IT resources given that the VDI environment would have had to deliver the level of performance required by our employees due to the rather generally high workload placed on PCs. In contrast, ZENMU for PCs enables an environment that does not keep original data on PCs to be built without having to do much at all to modify the existing IT environment. Its operations will not affect the performance of PCs. The ease with which we could adopt ZENMU for PCs and its cost-effectiveness were decisive factors behind the system’s adoption.”
With ZENMU for PCs, its installation on a PC causes a virtual drive to be formed. The data saved on this drive is rendered meaningless and is stored on both the PC’s local disk and in external storage. This is what allows an environment in which no original data is retained within the PC to be created.
“With the ZENMU for PC environment, original data cannot be restored unless you bring together both split fragments of distributed data. Therefore, even if a PC is misplaced or stolen, you can easily prevent information leaks from the PC by either moving the distributed fragments in storage to another storage location or deleting them. The robustness of security and ease of operations in this area certainly appealed to us.” (Yamazaki)
Effects of adoption
Enabled the rapid transition to teleworking arrangements upon the emergence of COVID-19
Since 2019, the company has been gradually transitioning from older PCs to newer ones. In the course of this switchover, the application of ZENMU for PCs was added as part of the standard kitting process for PCs. At this time, ZENMU for PCs has been installed on and distributed to all work PCs of the company (approximately 1,200 in total).
In addition, storage for storing distributed data fragments has been deployed in the company’s internal IT environment and is meant to be accessed via a VPN. Moreover, all work PCs undergo disk encryption based on the use of BitLocker. For this mechanism, data cannot be decrypted without an unlock key from the authentication infrastructure. Even if a PC were to be misplaced or stolen, the company can prevent information leaks by disabling the authentication ID or controlling distributed fragments.
It is through such operations of ZENMU for PCs that the company has enjoyed considerable benefits. One of the biggest of these benefits has been the ability to rapidly transition to teleworking arrangements at the height of COVID-19 as identified by both Yamazaki and Yokota.
“COVID-19 struck right after we began using ZENMU for PCs. At a time when we were faced with the need to suddenly increase the number of PCs for remote work at all times from around 100 before COVID-19 to around 700, the work required for this process was facilitated by ZENMU for PCs, and we were able to rapidly transition to teleworking by our employees.” (Yokota)
Since the end of COVID-19, the company went with a hybrid work system. As part of this move, Yamazaki indicated that it was very important that the company use a tool like ZENMU for PCs to ensure that the robustness of PC security would be maintained. He talks about the future:
“We are in the process of upgrading our PCs for the next period and are looking into various issues in connection with this process, including with respect to the use of new tools and technologies.”
Secret-sharing technology is likely to continue supporting the company’s approaches to work and security.
Company profile
Company | Asset Management One Co., Ltd. |
---|---|
HP | https://www.am-one.co.jp/ |
Location of head office | Tekko Building, 1-8-2 Marunouchi, Chiyoda-ku, Tokyo |
Representative | Noriyuki Sugihara, Representative Director & President |
Number of employees | 885 (as of March 31, 2023) |
Contents of operations | The company operates both a business for institutional investors and a business for individual investors as an asset-management company. |