OUTSOURCING Inc. adopts CyberArk Endpoint Identity Security to strengthen corporate governance

Summary

OUTSOURCING Inc., a global human resources service company, is strengthening its group governance. With many employees around the world, endpoint identity security was one of the most important challenges for the group, which led to the decision to introduce CyberArk Endpoint Identity Security (EIS). EIS, enforcing least privilege and implementing policy-based application controls, can thoroughly manage software assets. It has also strengthened ransomware counter measures and achieved stronger governance and security. The rollout began with OUTSOURCING TECHNOLOGY Inc., accumulating implementation and its operation know-how and is now being introduced to each group within OUTSOURCING Inc.’s headquarters.

Company profile

OUTSOURCING Inc. was founded in 1997 in Shizuoka City, Shizuoka Prefecture, as a contracting business for the manufacturing industry. Based on the management philosophy of “Eliminating labor disparities and creating workplaces where people can have a sense of purpose in life, thereby enriching the lives of people around the world,” the company is focused on creating employment and educational opportunities, nurturing the talent required in the global marketplace and working to improve productivity. What started out in the manufacturing field has now expanded to include a wide range of services, including engineering dispatch services, design and development contracting and IT services, characterized by the flexible provision of services tailored to customer needs.

Employees: 10,000

Challenges

OUTSOURCING Inc. has approximately 230 consolidated companies in 38 countries and regions, providing human resources services with a wide range of offerings globally. The OUTSOURCING Inc. Group’s strength is to provide highly skilled human resources, covering a wide range of fields, including electronic devices, automobiles, home appliances, steel materials, housing and food, and providing flexible services such as business contracting and contract development. In the technology field, the group has approximately 27,000 engineers in Japan and maintains high technical capabilities by establishing education and training systems within the OUTSOURCING Inc. Group.

“In response to the rapid global growth in recent years, we are swiftly establishing a senior executive Chief Compliance Officer (CCO) and a specialized team to advance our governance enhancement efforts. Due to the nature of our business, we handle confidential information such as technical data from customers around the world and personal information of employees. As a provider that plays a crucial role in the ‘human resources’ supply chain, we must ensure that we can adequately respond to our customers’ security policies. Governance and security are among the essential measures for us,” says Yoshinori Kasai, Executive Officer of OUTSOURCING Inc. and Head of the Domestic Technology Headquarters.

Striving to enhance governance and security, one challenge remained. There are 30,000 staff members in the country alone, including non-engineers, who perform their duties using PCs. Since the usage varies widely depending on the position and tasks, it is difficult for the information systems department to maintain complete control without tools. Particularly concerning was the existence of a wide variety of software used by engineers for development and other purposes.

“In many cases, engineers are often lent devices from clients on-site, but we may also use devices provided by our company. Even if the devices are supplied by us, it is essential to operate in accordance with the client’s policies. We believe it is our responsibility to properly manage software assets and prove to the client that unauthorized tools or middleware are not installed,” says Takuya Saito, head of the Integration Business Division at OUTSOURCING TECHNOLOGY, Inc.

OUTSOURCING Inc. focuses on endpoint identity security solutions to secure these endpoints and emphasizes that properly managing privileges leads to enhanced security. In other words, if it can prevent the installation of software that is not authorized, it can also help prevent ransomware damage.

“If privileges are managed properly, even if malicious scripts are executed, it is possible to prevent the execution of more malicious exploit code and break the cyber kill chain. This is an area where EDR can also strengthen countermeasures, but it deals with the aftermath of installing unintended software or applications, and there is also the existence of zero-day attacks that are difficult to detect and defend against. Endpoint identity security can prevent the installation of unintended software, whether it is zero-day or not,” said Mr. Saito.

Solutions

Global large-scale environments also require an integrated approach with world-class privileged access management tools for maintaining environments. When considering endpoint security solutions, the first focus of OUTSOURCING Inc. is to support large-scale global environments. It is difficult to implement and maintain endpoint security properly unless the solution can flexibly integrate and manage all terminals under all conditions. Therefore, OUTSOURCING Inc. turned to CyberArk Endpoint Identity Security (EIS).

“CyberArk is known as a global leader in privileged access management, and we have the capability to support our locations around the world, with abundant know-how and experience. CyberArk EIS is highly regarded as a solution for endpoint identity security, and we believe it has the ability to adequately cover our group’s large-scale environment,” said Mr. Saito.

“Our group is also engaged in providing security for our customers. In recent years, the demand for privileged access management has increased, and among them, CyberArk’s solutions have received very high praise. We also had the desire to provide high-value-added security by accumulating operational know-how of CyberArk EIS in-house,” Mr. Kasai reflected.

Results

At OUTSOURCING Inc., there are about 10,000 endpoints utilizing CyberArk EIS, operating with settings to detect unauthorized tools and unintended software installations. Since the start of operations, the solution has been able to secure endpoints while not interfering with the employee’s daily tasks.

“CyberArk EIS has an architecture that implements endpoint privilege controls to reduce incidents requiring IT assistance like other security products, which means that the burden on administrators does not increase. It also provides the significant benefit of easily obtaining device inventory information, facilitating asset inventory work. We can present evidence that we are managing endpoints securely with CyberArk, which is expected to have a positive impact on the business.”
-Takuya Saito, Head of the Integration Business Division at OUTSOURCING TECHNOLOGY Inc.

After accumulating the know-how for the implementation and operation of CyberArk EIS at OUTSOURCING TECHNOLOGY Inc., they are advancing its deployment to the OUTSOURCING Inc. headquarters, with plans to expand it across the entire group. Additionally, as envisioned by Mr. Saito, they plan to achieve integration between CyberArk EIS and CyberArk Privilege Cloud, their PAM as a service solution, significantly enhancing global group governance and security measures.

“With CyberArk EIS, we have been able to accelerate organizational expansion and business growth while enhancing group governance and security measures. Moving forward, we aim to deliver our experience and know-how regarding privilege management to our customers through human resource services. We expect more personalized support from CyberArk than ever before,” noted Mr. Kasai.

Key benefits

• Securing and monitoring over 10,000 endpoints, with plans for future deployment to overseas locations.
• Improved privileged access management, significantly strengthening group governance.
• Complement existing ransomware countermeasures with an architecture that has no false positives or false negatives.