Hitachi unifies governance and access for ~480,000 global users

Okta, a key part of the Identity infrastructure for Hitachi Group

Hitachi, Ltd., Japan's leading general electronics manufacturer, has 612 consolidated subsidiaries and manages the identities of about 480,000 users across consolidated corporate employees and business partners (as of June 30, 2024). The IT Strategy & Digital Integration Division controls IT for this huge organization. The division supports Hitachi's business growth by formulating and promoting a common IT strategy and providing IT digital technology to users worldwide.

To support continuous growth and innovation, Hitachi is currently constructing a third-generation Identity infrastructure. The first generation was mainly on-premise, the second generation was a hybrid environment of on-premise and cloud, and the third generation is a cloud-centric Identity infrastructure. 

The Okta Workforce Identity Cloud (WIC) plays a central role in this new identity infrastructure. With the increasing use of cloud services within the company, Hitachi first adopted Okta in August 2017 to provide a superior login experience, reduce security risks caused by cumbersome password management, and reduce administrator effort and operational costs. At the beginning of the implementation, Hitachi mainly used the Single Sign-On (SSO) functionality but has since expanded the use of features such as Multi-Factor Authentication (MFA), Workflows, and Lifecycle Management. Now, Okta WIC integrates all of Hitachi’s authentication and authorization for cloud services and on-premise business applications.

“The hybrid on-premise and cloud configuration of the second-generation Identity infrastructure presented challenges, such as increased system complexity,” says Toshihiko Ono, Senior Manager, Next Generation Security & Solutions Department, Global Solutions 2nd Office, IT Strategy & Digital Integration Division. “Therefore, Hitachi considered implementing a fully cloud-based authentication solution, and after comparing various products, we decided to adopt Okta WIC. This third-generation Identity infrastructure uses Microsoft Entra ID as a directory but centralizes authentication in Okta WIC to ensure user experience and security. Okta plays a central role in our Identity infrastructure as Hitachi Group promotes cloud-lift.”

The Okta Integration Network (OIN) offers more than 7,500 pre-integrated application templates to facilitate best-of-breed application integration. This enables quick and secure SSO and provisioning of business applications.

“Currently, the entire Hitachi Group has about 1,500 applications integrated with Okta WIC, including SaaS, on-premise, and self-developed applications. Some applications are provided by the corporate side, while others are implemented independently by each business unit or group company, but Okta WIC is deployed as the standard in-house certification,” Ono says. “We would like to further promote the deployment of Okta WIC from the viewpoint of security control and consolidate application authentication on a global basis in the future. Okta WIC is easy to use because it can be integrated with a wide range of applications and its usability can be unified.”

Cost optimization and sustainability through on-premise reduction

One of the goals in establishing a new Identity infrastructure was cost optimization. By downsizing the existing on-premise authentication servers and consolidating functions into Okta WIC, Hitachi reformed its cost structure to reduce fixed IT costs, while gaining flexibility to support the expansion and contraction of the organization through mergers and acquisitions (M&A).

By doing so, Hitachi aimed to advance its sustainability goals to shift management focus from business portfolio reform to responsible growth. As part of these efforts, the IT Strategy & Digital Integration Division selects products with carbon neutrality in mind.

“We have reduced the number of Active Directory (AD) authentication servers running on-premise and integrated authentication with Okta, which is expected to reduce CO2 emissions by about 41 tons per year,” says Hitoshi Tanaka, General Manager, Global Solutions 2nd Office, IT Strategy & Digital Integration Division. “We used to have nearly 100 AD authentication servers, so we can expect considerable benefits just by moving those servers to the cloud.”

Okta helps with authentication integrations during M&A and divestitures

Another goal of the revamped Identity infrastructure was to enhance agility to respond quickly to changing circumstances. The Hitachi Group, which operates various businesses around the world, is involved in numerous mergers, acquisitions, and divestitures. Okta WIC contributes to the smooth integration and separation of IT environments at these times.

“We need to quickly integrate and authenticate Identity in order for people to use applications common to the Hitachi Group, but the companies we acquire have their own IT environments,” Ono says. “Until a few years ago, it was realistic for some M&A companies to replace their IT environment to match ours, but as the scale of acquisitions has increased, and there are more cases where the IT environment is at the same maturity as ours resulting in a complex process. In such cases, Okta WIC provides a great advantage because it allows us to integrate by linking identity (platforms), rather than absorbing the other parties' infrastructure whether it is on-premise or in the cloud.”

Additionally, companies brought under the Hitachi portfolio by M&A often use business and authentication tools different from those of the parent organization. Forcing those companies to switch tool providers would be too costly and, in some cases, may not even be possible for various business reasons. Because Okta WIC has neutrality at its core, it is able to quickly integrate and decouple identities in large-scale enterprise M&As through flexible system integration without significantly changing the other party's IT environment.

“When integrating on-premise Identity infrastructure, it can take six months just to pull the network. But with Okta WIC, Identity integration can be done in one to three months,” Tanaka says. “The most attractive point of adopting Okta WIC is the ability to centralize authentication and use that authentication layer for efficient Identity management and unified security measures.”

Enhanced security with MFA and Device Trust

To achieve their goal of enhanced security, the IT Strategy & Digital Integration Division uses Okta WIC to authenticate users and has introduced MFA capabilities. When users sign in to their Okta accounts using the Okta Verify application or access resources protected by Okta WIC, they are authenticated using one-time passwords (OTP) and push notifications.

“Hitachi shifted to a Zero Trust security model, and when using SaaS, it is important to control security at the endpoint and authentication layer. We have set up MFA, but recently there have been some attack methods that can break through,” Ono says. “Therefore, we introduced Device Trust last year to strengthen security through device authentication. We also plan to implement passwordless and biometric authentication using FastPass by December 2024.” 

Strengthening Identity Governance 

The IT Strategy & Digital Integration Division manages the identities of about 480,000 users across consolidated corporate employees and business partners. As the organization shifts to a Zero Trust model, Identity governance has become an important tool for the IT Strategy & Digital Integration Division to enable efficient inventory of identities and approval of application usage applications.

“Zero Trust security requires a periodic inventory of identities since leaving unused identities in place can make them a target of attacks or be misused,” Ono says. “However, since we have 480,000 identities, it was not practical to check the usage status of each and every one of them.”

Now, Hitachi has been using Okta Identity Governance (OIG) since April 2024 to check whether unnecessary identities are assigned to applications and groups within Okta, and performs automatic processes such as suspending unused accounts and notifying users using Okta Workflows. 

“Previously, administrators had to visually check last logins on Okta or script to extract unused identities, but with Okta Identity Governance, they can set any criteria such as groups, users, and apps and perform a regular inventory of identities on a scheduled basis, which greatly reduces workload,” Ono says. 

Streamline Identity Management with hub-and-spoke

The IT Strategy & Digital Integration Division's future focus will be on the development of the entire global IT layer. The Hitachi Group is undergoing large-scale M&A activities, and its business portfolio is changing dramatically. Until now, the division has played a central role in operations, but due to time differences and other factors, it faces issues such as the inability to respond to local requests in a timely manner.

To address these issues, the division is considering pivoting to a hub-and-spoke architecture. This means the head office (Hub) will be able to manage identities, security, monitoring, and applications used company-wide, while each location or business unit (Spoke) will be able to administer its own applications.

“From the perspective of control and operating costs, we believe that global, single-tenant management is ideal, but considering actual business scenarios such as business integration and divestiture in M&A, we need to be flexible,” Ono says. “Therefore, as a baseline for tenant configuration, we plan to allow the Hub to control authentication and other key functions. Of course, we also need to delegate appropriate authority to the Spoke in order to comply with regional needs and local laws.”

Identity solutions built for large enterprise environments

As for why the IT Strategy & Digital Integration Division has continued to use Okta WIC for so long, Tanaka says it is largely due to the sophistication of the technology.

 “The authentication solution we used before Okta was on-premise, so it tended to lag behind the latest cloud technologies. As a cloud-native platform, Okta is very quick to deploy the latest techniques and technologies,” he explains. “The fact that we can keep up with the latest trends by partnering with Okta is the main reason we continue to use the platform.”

Ono agrees: “At first, we were concerned about whether we would be able to successfully move to the cloud and enhance our agility. However, with Okta WIC, we have smoothly transitioned our IT infrastructure and services to the cloud. Okta WIC is now an indispensable component of our cloud-centric IT infrastructure.”

In addition, the IT Strategy & Digital Integration Division also highly appreciates Okta's ability to handle large-scale enterprise environments in terms of capacity and service design.

“There were two major challenges we faced in the process of cloud-lifting our existing IT infrastructure: one is the lack of capacity due to the unexpected load caused by moving an infrastructure with a large number of users to the cloud all at once, and the other is the lack of experience on the vendor side in dealing with operational issues caused by the scale of the project,” Ono says. “One of the reasons why we chose Okta is they have the expertise to tackle these issues and successfully work together with us.”

“We have built a solid partnership with Okta, far beyond simply a relationship between a service user and a provider, which has led to the construction of a stable infrastructure,” Tanaka says. “We hope that Okta will continue to listen to our opinions, and we look forward to receiving a variety of new proposals from them.”
 

About Hitachi

Hitachi, Ltd. took its first steps in 1908 by founder and president Nampei Kodaira and a few young engineers who shared his aspirations. Under the corporate philosophy of “contributing to society through superior, independent technologies and products,” Hitachi, Ltd. is promoting the Social Innovation Business to realize a sustainable society through data and technology in a wide range of fields related to social infrastructure. The company is also engaged in “Green Energy & Mobility,” which contributes to the realization of a decarbonized society through energy and railroads, and “Connected Industries,” which digitally connects products in a wide range of fields, including industrial distribution, water infrastructure, home appliances, and air-conditioning systems.