Plus Alpha Consulting, which centralized its system and security management with Azure Arc, and three reasons why it was adopted

Delivering “Plus-Alpha” Values To Businesses, Based On Three Pillars — Visualization, CRM, and HR

Plus Alpha Consulting, with text mining technologies at its core, transforms its clients’ businesses by “visualizing” all kinds of big data in the society, and develops its businesses with the aim of creating plus-alpha values. Founded in 2006 in terms of data mining system development and consulting businesses, the company launched Japan’s first SaaS-type text mining “Mieruka Engine” services in 2008.

Currently, in addition to the marketing solutions business centered on the Mieruka Engine, the company is engaged in three major businesses that include the CRM solutions business using CRM/MA system “CustomerRings” and the HR platform business using talent management system “Talent Palette.”

Mr. Masashi Inomata, Deputy Director of the Information Technology & Innovation Center, explains the characteristics of the company’s businesses as follows:

“We provide the power to visualize and bring awareness to big data, such as customer feedback, data, and personnel information, through our cloud solutions business, which has text mining and data mining technologies at its core. In addition to software development that creates plus-alpha values for our customers’ businesses by visualizing collected information, we are also engaged in consulting and new business creation,” said Mr. Inomata.

The Information Technology & Innovation Center is responsible for the operation of the company’s network infrastructure and servers, while providing support for the construction and operation of security functions to be implemented in solutions and also being engaged in company-wide training education. Kyohei Morimoto, Manager of the Security Group, describes the company’s these roles as follows:

“The Information Technology & Innovation Center — as the in-house information system — is responsible for the construction and operations management of the IT infrastructure, and it also supports governance and compliance initiatives in terms of security and P-Mark, for example. As the size of a company grows, the targets of cyberattacks also expand, requiring more ingenuity in how to protect its businesses and systems. It is important to flexibly improve the organizational structure and business practices in response to business developments and faced challenges,” said Mr. Morimoto.

In particular, the protection of systems is prone to security holes due to the increasing complexity of systems and the diversification of protection targets. In addition, there are an increasing number of cases were responding after an incident has occurred is too late to solve its problem. Therefore, the company set out to create a centralized system and security management mechanism utilizing Azure Arc. 

Establishing a Mechanism That Centrally Manages Existing and New Systems by Utilizing Azure Arc

The challenge Plus Alpha Consulting faced was how to maintain a high level of security for the system infrastructure that provides its three services, namely Mieruka Engine, CustomerRings, and Talent Palette. These services were running in different system environments and differed in terms of the release timing, operational mechanisms, security mechanisms, and involved team members.

“If a significant damage is caused by a cyber attack, the company’s businesses are significantly affected. Especially in recent years, the neglect of security measures certainly results in experiencing some form of attack. Since the security issue is directly related to business continuity risks, it is required to maintain a high level of security in terms of all providing services. It was also important to smoothly scale up the level of security measures to make the measures more robust as the company grew,” said Mr. Inomata.

For CustomerRings and Talent Palette — among the services provided by Plus Alpha Consulting — the system infrastructure has been migrated to Microsoft Azure (hereafter, Azure), and system management and security management mechanisms that use Microsoft’s latest services have been established step by step. Specifically, the environment is protected using Azure Monitor, which monitors service logs and manages operations, and Microsoft Defender for Cloud (hereafter, Defender for Cloud), which provides integrated security services that include cloud environments.

“In terms of monitoring the logs of various systems, we utilize Azure Log Analytics (hereafter, Log Analytics), which comes with Azure Monitor. For example, with the tool, system and event logs are visualized to help us ensure company-wide compliance and governance, focusing on recognizing the status of services and user environments. In addition, Defender for Cloud will be integrated with Azure Sentinel, an SEIM solution, for centralized security management across services,” said Mr. Inomata.

However, for the Mieruka Engine with more than a decade of service experience, it was not realistic to make major changes to the existing system environment and operational structure, from the perspective of the cost, man-hours required for migration, risks, and migration effectiveness. Therefore, we considered updating the infrastructure to the latest security level while maintaining the existing infrastructure. In the process of considering various options, we found Azure Arc. 

Three Reasons for Adopting Azure Arc to Strengthen the Security of Existing Systems

Azure Arc is a service that enables integrated management of multi-cloud environments across multiple public clouds and hybrid cloud environments including on-premise environments. It allows users to recognize the running state of resources on different environments through a single Azure console. Plus Alpha Consulting selected Azure Arc to enhance the security of its existing systems for three main reasons.

The first reason is log collection and integration within existing systems. The Mieruka Engine consists of dozens of servers located in a data center. The server groups are mainly composed of Windows Server and SQL Server, and multiple developers and operators access the servers to perform various tasks.

“Each Windows Server obtains system logs and event logs. To be able to centrally recognize logs existing in different locations, it was necessary to build up a server that aggregates logs, aiming to ease log analysis. However, installing a new logging system and monitoring system can be a burden on developers and operators. Therefore, a system that can be easily implemented with as little man-hours and risks as possible was required,” said Mr. Morimoto.

In fact, they had tried to build up a dedicated server for log collection and integration, but they had needed to solve problems on the reduction of their cost and operational burden.

The second reason is log visualization. The logs to be collected included not only event logs, audit logs, and access logs generated by Windows, but also application logs and user operation logs generated in various ways in the system.

“Rather than collecting specific system logs, the objective was to also obtain user operation logs for compliance purposes. By aggregating and visualizing them, it is now possible to monitor large amounts of failed login communications and also login attempts with invalid strings entered in input forms. For CustomerRings and Talent Palette, we are already proceeding with log visualization using Log Analytics and Defender for Cloud, so that we can centrally recognize logs on a dashboard. It was important to be able to work with these services to enhance the security and governance,” said Mr. Morimoto.

The third reason is to build an integrated security infrastructure for the future. We plan to offer new services and features to meet expected business conditions and customer needs.

“By collecting, analyzing, and visualizing various logs on the same infrastructure when new services are released, it is possible to continuously enhance the security and governance throughout the company. However, taking such measures is difficult if existing systems are still monitored by individual systems. If we have a security infrastructure, we can smoothly adopt new security features when they are provided to deal with new threats,” said Mr. Inomata. 

Enabling the Analyses of Incident Status and Causing Factors by Collecting and Integrating All Logs

Azure Arc was a smart choice for the challenges that Plus Alpha Consulting was facing.

“While looking for a solution to enhance log visibility and security, we came across an article on Azure Arc on the website. We immediately installed and tested it on several servers and found that it was very easy to achieve what we wanted to do. We were so impressed that we decided to apply it to our production environment. We asked our development team to conduct installation works, and while following the instructions, they were able to complete the works in less than 10 minutes per machine. It has become one of our indispensable services as if we forgot when and how we first introduced it. Without Azure Arc, our only options were to spend additional money and man-hours to build up a new log collection system or to continue operating at a lower level of security,” said Mr. Morimoto.

After finding Azure Arc, they did not need any special support from their partners and Microsoft, in terms of planning the implementation, implementing it in the system, and establishing a concrete operational structure.

“Azure Arc can be installed on existing servers without any difficult configuration, and it smoothly acquires logs we want to collect. Although the service was relatively new, there was no lack of information to get started using it. It is highly compatible with Windows and Azure environments, and has a high degree of linkage with account management centered on Azure Active Directory (Azure AD) and also with Log Analytics and Defender for Cloud”, said Mr. Inomata.

The installation works began in 2020 and were proceeded with in phases, with all works completed by the end of 2021. Currently, they are already experiencing a variety of benefits from the introduction of the service.

According to Mr. Morimoto, the most important factor in the success of the project was the realization of the integrated log management environment that includes both existing systems and new cloud services.

“Various logs generated by existing systems can now be collected and analyzed. They can also be integrated with logs from systems already migrated to Azure, for centralized management. Since all kinds of logs have been collected, it is now possible to perform analysis that was not possible before, by issuing queries: for example, cause analysis by combining event logs and user operation logs,” said Mr. Morimoto.

This capability allows them to determine which user actions introduced threats to servers and how infections spread.

Considering Also the Construction of an Azure Sentinel-based Company-wide Security Infrastructure As a Future Plan

The security environments of the existing systems have also been greatly enhanced with the adoption of Azure Arc. Azure Arc provides technologies to enhance the security of the existing systems.

“One of the features that have proven to be of great utility since its introduction is the integration with Microsoft 365 Defender and Defender for Cloud. When linked to these security products, information on server settings and installed software can be collected from servers registered in Azure Arc. This enables us to see server misconfigurations and check for older software versions, and to perform evaluation using the Azure Security Benchmark. For example, we can assess and visualize the vulnerability status of the OS and software that we are using, and build up a secure management system on Azure by configuring Defender for Cloud in accordance with the Azure Security Benchmark. In addition, it not only identifies but also suggests a list of recommended measures to be implemented and non-recommended. We had been wondering how to build up a vulnerability management system, and thus this has been very helpful,” said Mr. Morimoto.

They intend to further strengthen the integration with security services such as Defender for Cloud in the future.

“We are trying to further raise the level of security by effectively utilizing the various security services provided by Azure. Azure Arc allows us to apply the same level of security to our existing servers as of the servers already running on Azure. Ensuring the security of all servers on Azure leads to the construction of a company-wide security infrastructure based on Azure Sentinel for example, in addition to the centralized management of resources via Azure Arc”, said Mr. Inomata.

Plus Alpha Consulting is building up an integrated security infrastructure so that it bridges various systems with Azure Arc.

“One of Azure’s attractions is that it offers a wide variety of services, and new services are provided timely, so that we can keep using it without experiencing inconvenience. Also, since preview versions allow us to try out new features as we want, we can easily evaluate them beforehand and we can use them with confidence after their official release. This progression makes it harder for us to catch up with, but we are trying to accumulate knowledge and know-how by using Microsoft’s public documents and support,” said Mr. Morimoto.

Plus Alpha Consulting has released two new services: “Sales Square,” which realizes everything from visualization of sales activities to human resource development on a single platform, and “Yorisoar,” a school management system that helps improve the quality of education by visualizing data inside schools. Azure has also been fully utilized in the deployment of these service infrastructures. Microsoft and Azure will continue to support Plus Alpha Consulting, which will further grow their businesses based on visualization.