Today, all sorts of services are connected in cyberspace to generate new innovation. As the digitization of businesses accelerates, more proactive security is essential to support new business creation. Besides utilizing a company's strengths, collaboration with partners who have expertise the company lacks is crucial. What is the key to realizing a system that protects data and accelerates business instead of stopping it? We will search for hints to achieve this.
[Fujitsu Forum 2018 Conference Report]
At this conference, Junichi Iijima, Head of the Cyber Security Business Strategy Unit, Fujitsu Limited began by speaking about the importance of ensuring security during development of new services against the backdrop of accelerating digital transformation. Next, representatives from three leading companies engaged in business innovation--Mr. Hitoshi Uotani, Director, Deputy Chief of the Systems Development Research Institute, TKC Corporation; Mr. Haruhisa Fujikawa, Director, Managing Executive Officer of SECOM Trust Systems Co., Ltd.; and Mr. Tatsuhiro Takahashi, General Manager, IT & Systems Planning Department, Mizuho Financial Group, Inc.--each introduced their efforts on co-creation in the stated order.
A Call for Security Measures Involving Those On-site and Those Who Utilize Data
From what many customers have told me recently, I feel that security efforts are changing. In addition to viewpoints such as risk minimization and assessment of measures' effectiveness, outsourcing things that one cannot handle on one's own and compliance measures--and lately, a call for security that can support our customers' new products and services--are all on the rise. From a business perspective, this means "proactive security" is in demand in addition to "defensive security."
Today, with digitization's acceleration, the three elements of product hardware, service models, and security blend in total harmony to create new products and services. That said, now that services connect in cyberspace and data has value, it is essential to protect ICT from threats and to secure proper data flows.
To achieve this, CIOs and CISOs as well as personnel on-site and in departments that study data utilization must also think about security. It is important that UX (user experience) is considered from the early phases of product development, and an approach to security and data protection mechanisms are embedded in advance.
Supporting Accounting Firms and Partners--TKC's "Self-interest is in the realization of others' interest" Efforts on Security
TKC helps tax accountants and certified public accountants as well as their client corporations and organizations nationwide. Approximately one-third of accounting firms in Japan are affiliated with TKC, and roughly 1 in 4.6 corporations that file corporate tax returns use our system. We develop various systems and services, such as financial accounting, - sales management and payroll, to cover all corporate accounting operations. For TKC, which is building its business in cyberspace, security is essential as the company's lifeline.
To ensure security, TKC carries out various efforts. For example, by connecting the nationwide members belonging to the TKC national association via a secure communications network, and by building/operating a datacenter (TKC Internet Service Center) in-house, TKC ensures provision of safe, secure, and convenient cloud services 24/7 to member offices and their associated companies.
Many TKC member accounting firms are small businesses, and while they handle highly confidential information, it can be too costly for them to implement advanced security measures on their own. Thus, TKC has continued to support accounting firms over the years in enhancing their security by sharing advanced security products and infrastructure such as next generation firewall products, distributing free antivirus products, and providing endpoint security services. As part of these efforts, TKC uses Fujitsu's asset management solution, "IT Policy N@vi." TKC values Fujitsu's solution as software that provides a sense of security that feels like "being protected" rather than "being managed." Additionally, TKC established an in-house timestamp authority for a voucher storage service that stores national tax-related documents, and provides "SkyPDF" free of charge so that individual accounting firms can use the system at a low cost.
Recently, TKC began providing new services using FinTech, such as a "bank and credit data reception function" and "TKC monitoring information service" under a complete security system. In providing these services, which generate new added value, we feel the importance of incorporating security mechanisms in upstream processes.
These services could not be realized without associating with various partners. TKC also feels strongly that an individual company cannot ensure security single-handedly. We believe that we can ensure security by implementing TKC's corporate motto of "Self-interested/Altruistic" and considering the interests of others. We will continue to provide services while focusing on the co-creation concept.
SECOM Works Towards "Co-creation" by Providing a "Personal Identification Platform"
Since around the year 2000, SECOM Trust Systems has been developing electronic certification authorities with physical measures taken to provide the "SECOM Authentication Service," a certificate issuance service using PKI technology. SECOM Trust Systems has built a robust key management system and issues certificates for professionals and EV-SSL certificates. The company also provides electronic signature and timestamping services. SECOM Trust Systems is also preparing to establish a certification authority for Local Government Public Key Infrastructure (LGPKI). In the process, we have participated in the industry group called "CA Browser Forum" and joined the discussion on how to handle security standards such as SSL/TLS in the browser.
Since 2015, SECOM Trust Systems has placed the most emphasis on developing a new personal authentication platform. With the emergence of various online services, including those for banking and shopping, I personally use approximately 50 IDs and passwords. It's a big burden to manage this information. Many people use the same pattern of passwords, but this is dangerous in terms of security. On the other hand, for the service provider, creating an authentication system or mechanism for managing personal information every time a new service is created can be costly.
Thus, we are developing a personal authentication platform to increase user convenience while ensuring security and to "eliminate IDs and passwords if possible." Using a common platform can significantly reduce costs for businesses as well. Personal authentication is not a field where businesses compete. It is a cost for them, and SECOM Trust Systems intends to take on that burden.
In the future, SECOM Trust Systems plans to utilize a biometric authentication supported by smartphones as well as implementing single sign-on across multiple services and speedy online identity checks. We plan to release a new service using the personal authentication platform at the "securities consortium," which was launched a few days ago. If there are people who are interested in our ''Co-creation,'' we would like to create good services together.
Mizuho Financial Group Creates New Value by Co-creation for Survival
Having experienced the financial Big Bang and Lehman shock, the financial industry is entering an era in which new ways of finance based on technological advancements are being explored. This is where FinTech is key. Mizuho Financial Group is utilizing the latest technology to advance its efforts to expand business.
A specific case study is "AI score lending (J.Score)" launched in September 2017, the first FinTech service in Japan to determine lending conditions for customers who apply for loans. Additionally, an incubator company named "Blue Lab" that aims to create new business domains utilizing FinTech and IoT was established in July 2017. Rather than limiting ourselves to the framework of finance, we at Mizuho Financial Group are broadening our perspective to encompass all industries and businesses in order to create next-generation business models. Moreover, in March 2016, jointly with Fujitsu, we conducted a demonstration of an international securities settlement utilizing blockchain technology. We demonstrated that the time required for settlement can be reduced from three days to a single day by sharing and processing transaction information among relevant parties.
How much Mizuho Financial Group's business will grow by using FinTech depends on how we manage our management resources, namely data in digital space, and personnel development. In that sense, security is the "admission ticket" to digital space and essential for promoting digital transformation.
In data management, what is important is embedding security from the requirement definition and design phase based on a "security by design" perspective when developing new products and services. It is also important to collect activities or logs of digital space and visualize these to see data utilization. It is crucial that data is firmly managed and protected while not reducing the speed of new businesses.
Personnel development and acquisition is required to manage data from both the defensive and offensive sides. There is a lack of cyber security specialist personnel inside and outside Japan, and there are limits to in-house recruitment and development. Therefore, Mizuho Financial Group as a whole conducts "Cyber Dojo" to obtain real-world experience, which enables us to improve our cyberattack skills and discover highly skilled talent.
As described above, as business digitization advances, the co-creation spirit and personnel development have become key to developing new services while balancing offense and defense. Secure, safe infrastructure is becoming increasingly essential due to the advancement of digital technology and security.
Providing One-stop Cyber Security Services Across All Phases
Finally, Iijima again took the podium to conclude the conference with the following statement.
The three companies have each introduced their efforts. I believe these efforts have two things in common. One is the importance of co-creation. The other is facing social structural changes with a position based on the three pillars of "personnel," "technology," and "security."
Security is essential in promoting business in digital space. Besides the information systems department, other departments in the field must work together. Additionally, it is important to form an ecosystem by involving the relevant parties inside and outside the company and to promote co-creation.
In the cyber security field, Fujitsu has been providing services in four phases, namely assessment/consulting, technology, integration, and operation. Rather than serving each area independently, the strengths and partnerships of the Fujitsu Group are utilized to provide one-stop service that includes the processes that connect these phases, quality assurance through verification, and information sharing.
On May 9, Fujitsu announced enhancements to the managed security service function.
In addition to the network area, where Fujitsu has mainly provided services, we are expanding our targets to the cloud and endpoint areas through our partnerships. Meanwhile, Fujitsu is enhancing overall services using threat intelligence information for proactive prevention. We are implementing this through our security operation centers at 11 locations worldwide by making the most of our global partner alliances in order to continue to support value creation backed by security.
- Hitoshi Uotani
Director, Executive Officer
Deputy Chief of the Systems Development Research Institute
- Haruhisa Fujikawa
Director, Managing Executive Officer
SECOM Trust Systems Co., Ltd.
- Tatsuhiro Takahashi
General Manager, IT & Systems Planning Department
Mizuho Financial Group, Inc.
- Junichi Iijima
Head of the Cyber Security Business Strategy Unit