NTT TechnoCross, a subsidiary of telecommunications company Nippon Telegraph and Telephone (NTT), offers its customers advanced IT services and technology, and develops a wide range of businesses by leveraging state-of-the-art security, cloud and network technology. Since the company started in July 1985, NTT TechnoCross has contributed significantly to its customers’ businesses through its technical knowledge and NTT Laboratory’s advanced technology. Following the motto “Powering society through advanced technology”, the company operates in a wide range of businesses in design systems, construction, maintenance, and operations, and utilizes its experience in ICT system integration and leveraging its security, cloud, and network technology.
The company, which regards business-to-business efforts as its core offering, uses its website for digital marketing. The website serves as the central source of information by delivering the brand directly to customers and helping build customer loyalty. As a result, any interruption in the operation of the website has a large impact, with the potential of a loss of trust that extends beyond the company to the NTT Group as a whole. As a company that builds its branding on security technology, it is imperative that NTT TechnoCross protects itself against cyberattacks as any damage would bear a significant loss in its brand value. When the time came for the company to renew its website, selecting a solution to protect the site was crucial for the company.
Business and Technical Challenge
The NTT TechnoCross website, arguably the centerpiece of its brand strategy, came up for renewal in mid 2014. The company was already facing growing demand for cloud computing in business at the time. With technical support for customers’ cloud computing and security as one of its core offerings, NTT TechnoCross considered using cloud-based services for its own renewed site. At the same time, it made the decision to switch from in-house operations to the use of services in security as well. Ryo Sakamoto, Section Manager in charge of sales in the marketing and sales department of NTT TechnoCross, shares the thinking behind those decisions.
“Reliably defending the website against global-scale threats that evolve on a daily basis, such as DDoS attacks, became essentially impossible under in-house operation. There was also the major burden of working day-by-day through the chain of investigation, analysis, testing, analysis of results, full-scale response, and reporting of results, in order to deal with these threats. Of even greater concern was the risk of overlooking a threat itself because of an insufficient response.”
At the time, two people were in charge of the website. However, they spent their days using information from the Internet and from the in-house security department to investigate attacks and countermeasures, all while updating content on the site. Both staff members had reached their limits in terms of workload.
When the renewal began, NTT TechnoCross began the selection of a solution to protect the website from attacks that took advantage of vulnerabilities to implement more website security and reduce the burden on the people in charge.
Technical Requirements and Solution
The requirements for selection of a solution were: a global track record of adoption, operability that reduces operating load, availability that achieves stable operation, ease of implementation, usage not as an asset but as a service, and monthly payable usage fees.
Sakamoto notes, “All of these, including global track record, are important. However, we faced a really tight schedule with the transfer to the new system scheduled at about two months out, so ease of implementation was a particularly vital requirement.”
Yusuke Takahashi, Manager of the Business Solution Business Department at NTT TechnoCross, in charge of offering products and services to outside customers, contributed to the selection process. “For reasons related to NTT’s laboratories and websites in use, IPv6 compatibility became one of the requirements. In addition, prompt response in the case of an incident within the NTT Group was necessary, so the ability to use custom policies was also an absolute requirement,” he said.
In investigating solutions, NTT TechnoCross found Imperva Incapsula to be the only cloud-based WAF service that met the requirements. At the end of 2014, the company made the decision to adopt Incapsula, and completed the implementation in just a month and a half. It launched practical application in March 2015 together with the website renewal.
Sakamoto immediately saw the operation of the website had stabilized and saw a reduction in operational load.
“After implementing Imperva, countermeasures against specific threats have been off our radar in a good sense and we essentially leave things to Imperva. The ability to achieve stable operation of the website without worries really has great merits, both physically and mentally. In addition, since the burden of investigating and testing for threats was significantly reduced, we were able to allocate one of the two people in charge of the website to other work.”
Sakamoto said, “As the expense for one person is several million yen per year, this expense was saved and the resources could be redirected to work that we originally needed to focus on. I’d call this a quantitative effect of implementation.”
“Something we really appreciated was the life cycle aspect of the service. The successive appearance of features that we had wanted is really effective. For example, although we thought that IPv6 compatibility would not be possible in a cloud service, that feature eventually appeared. When we talked about other features we wanted, those would come up on the next road map. I get the impression that Incapsula takes full advantage of its format as a service provided in the cloud.”
As a member of the NTT Group, NTT TechnoCross receives questions that include inquiries from other companies in the Group. The company also praises the response to these questions from Imperva’s support.
“The response to questions from Imperva’s support is incredibly quick. We get responses on the average in two to three hours, letting us respond when an inquiry from within the Group calls for a prompt reply. When a prompt reply looks to be difficult, Imperva’s support quickly informs us of this in the form of a preliminary response,” says Sakamoto.
Throughout the live operational period of roughly three years following the transition, NTT TechnoCross has been able to fully benefit from the merits of the Incapsula service and the merits of Imperva support as well.
Having clearly outlined the obvious effects of implementing Incapsula, Sakamoto also sees the role of Incapsula in future system planning. “Our department essentially engages in digital marketing with a focus on the website. We are planning to move beyond the current domain and gradually expand our websites to increase visitor inflow. I think defense through Incapsula will become more important than ever. At the same time, the fact that we can offer reliably secured services is something that I want to properly communicate to customers.”
For NTT TechnoCross, which leverages the latest security, cloud, and network technologies to always undertake bold challenges, Imperva Incapsula has already established an essential presence in ensuring the security of the website which is arguably the company’s face.