Adopting HENNGE One to Secure
Microsoft 365 and Mobile Devices.
Achieving Comprehensive Information Security
and Improved Operational Efficiency.
Netz Toyota Tochigi and Tochigi Toyopet, which provide wide-ranging mobility services rooted in the local community of Tochigi Prefecture, faced the need to strengthen cybersecurity measures required in the automotive industry. Triggered by the introduction of Microsoft 365 and the enhancement of their device environment, they adopted HENNGE One in 2020. By leveraging its rich functionality, they achieved comprehensive information security enhancement alongside improved operational efficiency.
We spoke with Mr. Makoto Kobayashi (Manager) and Mr. Makoto Otani from the DX Promotion Office of Netz Toyota Tochigi, along with section chiefs Mr. Jun Odagaki, Mr. Fumihiro Nozawa, and Mr. Naoki Masuda. From Tochigi Toyopet, we were joined by Mr. Junichiro Shiraiwa, Office Manager of the Management Administration Division.
Mitigating Dispersed Security Risks and Meeting Strict Compliance Guidelines
— Could you please introduce your companies?
Netz Toyota Tochigi Co., Ltd., established in 1967, operates community-based automotive sales and services. We handle multiple brands including Toyota, Lexus, Volkswagen, and Daihatsu. With 27 locations within the prefecture, we provide services tailored to each customer. Beyond car sales, we operate a diversified business supporting regional mobility, including used car sales, maintenance, repair, and insurance agency services. (Mr. Kobayashi)
Tochigi Toyopet Co., Ltd., established in 1956, is deeply rooted in the local community. Focused on new Toyota vehicle sales, we handle a diverse range of models to meet individual customer needs. With 18 locations in the prefecture, we comprehensively support regional mobility not only through car sales but also through high-quality used car sales, maintenance, inspections, and insurance services. (Mr. Shiraiwa)
Additionally, as members of the Toyota Group, both companies are actively engaged in CSR activities for a sustainable society and information security enhancements such as governance and compliance. The adoption of HENNGE One is part of this initiative. (Mr. Otani)
— What was the background behind adopting HENNGE One?
Previously, multiple staff members shared a single terminal, leading to complex ID management where one person used multiple accounts, resulting in a lack of governance. Furthermore, email security rules regarding file encryption (password-protected ZIPs) were not strictly followed, and the use of unauthorized free external storage services for file transfer was occasionally observed, making security risks tangible. (Mr. Shiraiwa)
The Toyota Group has the “ATSG: All Toyota Security Guidelines,” and in 2020, the “JAMA/JAPIA Cyber Security Guidelines” were formulated. In this context, Toyota Group companies were required to strengthen security in anticipation of the Tokyo 2020 Olympics, including ID management, eliminating the use of password-protected ZIP files, and preventing mis-transmissions. Therefore, Tochigi Toyopet and the then pre-merger Netz Toyota Tochigi and Netz Toyota Utsunomiya* decided to collaborate and adopt HENNGE One. (Mr. Kobayashi)
*Merged on May 1, 2019, with Netz Toyota Tochigi as the surviving company.
— Why did you choose HENNGE One after comparing with other products?
The decisive factors were its high affinity with Microsoft 365, which we were introducing around the same time, and its high compliance with the aforementioned ATSG (All Toyota Security Guidelines). Additionally, we prohibited the use of shared or personal devices and proceeded to create an environment where everyone has their own device—using PCs, smartphones, and tablets depending on the job function. We believed that HENNGE One was essential for strengthening information security in this new environment. (Mr. Kobayashi)
Establishing Operational Design in Advance and Phased Deployment with On-site Support
— How did you proceed with the implementation?
Since it was a joint usage across three companies (two after the merger), we held repeated meetings to discuss usage conditions, specifications, and operational rules, clarifying the operational design. This allowed us to implement the system without major confusion. (Mr. Otani)
The rollout to each store was conducted in phases, considering the age gaps and IT literacy differences at each location. To minimize confusion on-site, we carefully deployed the system by preparing manuals, holding briefing sessions, and occasionally using remote operation support. Our DX Promotion Office took the lead in gathering user feedback to ensure understanding and consensus building on the frontline. (Mr. Nozawa)
— Did you face any challenges or use specific strategies during configuration?
To strengthen security, we implemented HENNGE One features such as keyword control for outgoing emails, IP restrictions, device certificate authentication, Cookie control, and domain restrictions. Initially, we received inquiries stating that “emails are not being delivered.” Therefore, we adjusted the balance between convenience and security, for example, by encrypting only external emails while leaving internal ones unencrypted. regarding the “Temporary Suspension” function, if the hold time was too long, users misunderstood it as “not delivered,” and if too short, it couldn’t be stopped in time. We repeatedly adjusted the settings to find the optimal balance between operations and safety. (Mr. Otani)
Comprehensive Security and Efficiency Gains via HENNGE One Features
— What is the current usage status?
Approximately 900 employees working at the headquarters and stores of Netz Toyota Tochigi and Tochigi Toyopet use HENNGE One on company-issued devices such as PCs, smartphones, and tablets. (Mr. Kobayashi)
— Could you tell us about the effects of each feature?
Regarding Access Control (IDaaS), by restricting access based on device, location, and time, we block access from unauthorized personal devices. In addition to work-style reform effects like separating work and private life, this has led to a significant reduction in data leakage risks. (Mr. Kobayashi)
Regarding Email DLP (Mis-transmission prevention / Secure File Transfer), the automatic conversion of attachments to URLs and mis-transmission prevention functions have suppressed human errors and firmly established a workflow free from password-protected ZIPs. (Mr. Otani)
Secure Transfer (Large File Transfer) has enabled safe file sharing with external parties, improving operational efficiency. The use of free storage services has become unnecessary. Before introduction, the planning department especially struggled with sending large files for advertisements via email, but now Secure Transfer is the standard internal method unless the recipient specifies otherwise. (Mr. Odagaki)
Email Archive is utilized for internal audit responses and trail verification during troubleshooting. Its high searchability contributes to strengthening information governance. (Mr. Kobayashi)
We are not yet using Tadrill (Targeted Attack Simulation), but we have expectations for improving employee security awareness and are considering its future introduction. (Mr. Kobayashi)
— What are the other effects of utilization?
Alongside the introduction of HENNGE One, we implemented a rule prohibiting simple passwords as part of security enhancement. Initially, there were voices saying it was “hard to remember” or “troublesome,” but it has now taken root. This has realized compliance with ATSG (All Toyota Security Guidelines) along with improved employee security awareness. (Mr. Nozawa)
SSO (Single Sign-On) integration with Microsoft 365 and “jinjer” (cloud-based HR system) has also led to improved convenience. Regarding integration with LINE WORKS, we found issues in terms of convenience, so we are re-organizing requirements and operational design to plan for integration again. (Mr. Masuda)
Expectations for Proactive “Zero Trust” Proposals
— Finally, please give us a summary of this project and your expectations for HENNGE.
Before implementation, it was a time when business partners began refusing password-protected ZIP files. We frequently received inquiries about why files couldn’t be sent or received, consuming considerable man-hours. However, with the introduction of HENNGE One, such inquiries dropped to zero, and we truly realized the effect of eliminating insecure file attachments. We are grateful that HENNGE One continues to improve usability through feature expansions and UI updates even after implementation. We look forward to further feature expansions aimed at realizing Zero Trust security. (Mr. Shiraiwa)
Although we introduced it simultaneously with Microsoft 365, HENNGE One’s integration features allowed for a smooth internal rollout, which was very helpful. Additionally, they proactively proposed various features that were not yet standard at the time. In an era where change is rapid and prediction is difficult, we expect HENNGE to continue staying ahead of the curve and providing features and services beneficial to us. (Mr. Kobayashi)
Simulating IT department scenarios with the “IT System Board Game 2” in a friendly atmosphere.
