J:COM partners with Okta to improve operational efficiency and reduce development time and costs
core systems authentication integrated with Okta
decrease in time to develop identity management and authentication functions
Reduction in authentication-related operational man-hours
See More from J:COM :
VideoJ:COM adopted Okta Workforce Identity Cloud (Okta WIC) as an authentication platform to revamp its core systems. This migration unified IAM, strengthened security, and improved operational efficiency.
"By integrating the authentication of our mission-critical systems with Okta, we were able to reduce development time and costs as well as improve operational efficiency. Additionally, doing so has significantly reduced problems with forgotten passwords and operational man-hours."
Koichi Umeda, Director Next BSS Development Dept. AIT Division
Revamping core systems that support cable TV business
Since its founding in 1995, JCOM Co., Ltd. (J:COM), has provided high-quality entertainment through community-based broadcasting and communications. Today, J:COM offers a diverse set of services ranging from cable TV and high-speed internet to insurance, electricity, and gas utilities in five major metropolitan areas across Japan. With their brand message of “Something New as the New Norm,'' J:COM is continuously expanding the areas in which they do business while working closely with local communities and customers to make cutting-edge technology more accessible.
Three departments manage the various business systems that support J:COM's wide-ranging business activities: Information Systems, IT Planning and Promotion, and the Cyber Security Promotion Office. There are currently 158 staff members who are responsible for the important tasks of planning, developing, and operating core and commercial systems that provide services for internal and external customers.
In recent years, the Information Systems Division has focused on revamping the systems that support J:COM’s core cable television business. This project, named the "Next Core System Project," is currently managed by the Next BSS Development Department, which is nested within the newly established IT Planning and Promotion Headquarters. The entire project is expected to take approximately 3,000 man-months and cost hundreds of millions of yen, making it a large-scale and important initiative.
"One of the reasons for revamping the core systems that play a central role in the services and operations of the cable television business is to make them compatible with lifecycles. Due to the EOSL (end of service life) of Java SE 8, several business applications in core systems needed to be redesigned. Additionally, over the past 20 years, the existing core system has been built in such a way that makes it nearly impossible to make fundamental changes such as incorporating new technology.” Says Koichi Umeda, director of Next BSS Development Department “As the times and the market change, we need the ability to quickly develop new services for our customers and improve business operations of each department within the company.”
That is why J:COM chose to migrate the core system that had been built in an on-premises environment to a cloud-based platform.
"By migrating core systems to a cloud environment, we can transform to a flexible and agile architecture for future business expansion. We can stop maintaining servers and equipment required for an on-premises environment and reduce operational load and labor costs for troubleshooting (H/W failures),” explains Umeda. “Further, we gain flexibility in the amount of system resources, security, and sufficiency of infrastructure requirements such as BCP. After comparing and comprehensively considering the total cost, we decided to migrate to the cloud.”
Among approximately 50 large and small systems in the core systems, the Next BSS Development Department carried out the replacement in three key phases. The first phase, a system to manage the installation of the cable service lines and equipment, is complete. The second phase consisting of a system to accept applications from customers and a provisioning system to enable the use of subscribed services, is also complete. The third and final phase, which includes a system to manage contracts, fee calculation, billing, invoicing, and receivables, is in progress.
Integrating identity management and authentication functions for each system with Okta
While the core systems are being migrated to the Cloud, the Next BSS Development Department also updated the authentication infrastructure. Previously, each system had individual identity management and authentication (IAM) functions, but now J:COM has adopted the Okta Workforce Identity Cloud (Okta WIC) as the Identity foundation for their new core systems.
According to Satoshi Hidaka, the assistant manager of the Next BSS Development Department., there were three main drivers behind introducing Okta WIC.
The first was around password management and password resets. Previously, users, which include on-site personnel, in-house operators, and contractors, had to use different passwords when using each system. Most people had to manage 5 or 6 passwords and had to deal with the Help Desk when they forgot their passwords.
The second driver is the high cost of authentication and unnecessary operational man-hours. Developing authentication functions internally for each system or using packaged products increases costs and requires the system's developer to operate it, resulting in unnecessary operational costs. Another issue was that there were no clear rules for authentication functions, such as identity authentication being independently constructed or AD authentication.
The third driver is security. When converting core systems to the cloud, it is necessary to strengthen the security of identity authentication and support new authentication methods such as multi-factor authentication (MFA) and one-time password (OTP). However, since conventional methods require support for each system, the team decided that it would be more convenient to integrate identity authentication.
"I think we will keep adding new security requirements for identity authentication. It is very challenging to adapt to individual systems accordingly, and some packages and solutions that we use may not meet internal security requirements,” says Hidaka. “However, if we can manage this with a unified authentication service like Okta WIC, we can increase development benefits, reduce security risks, and standardize security policies to strengthen governance."
Improved convenience, reduced man-hours, and strengthened security
The Next BSS Development Department began their Okta WIC deployment by first integrating with three core systems: Construction Management, Delivery Instruction, and Self-Status Management. Then Okta was deployed in a fourth system, the Personal Billing System. Although the plan is to switch over to other in-house systems in the future, significant effects can already be seen from just introducing these four systems.
To address password management issues, users leverage Okta single sign-on (SSO) to smoothly access necessary applications with a single ID and password. By reducing the number of passwords users need to remember and enabling self-service password resets, J:COM is able to reduce the risk of information leaks and calls to the help desk.
Okta was also able to reduce authentication costs and unnecessary operational man-hours by centralizing identity authentication and clearly defining each system's requirements.
“Until now, it would have taken five to six months to develop identity management, authentication, and security functionality. But now, with Okta, it can be done in two to three months,” says Hidaka. “Assuming that it costs about six to seven million yen to develop an authentication function for one system, the development cost savings become enormous as the number of systems increase. In the long run, I believe that introducing Okta WIC will have significant cost advantages.''
When it comes to strengthening security, there is no longer a need to deal with each system individually, and it is now possible to centrally manage security through Okta WIC. When users access one of the four core systems, Active Directory (AD) authentication is run, and then Okta WIC’s ID and password authentication is run. Additionally, when on-site, personnel can access core systems from an iPad using the iPad's login password, and Okta authentication.
Ultimately, it took a village to support the deployment of Okta WIC. SCSK Corporation (SCSK) assisted members of the Next BSS Development Department in the design and implementation of Okta and provided key support functions. Macnica coordinated the licensing agreement and provided additional technical support.
Problems may occur when introducing a new system, but according to Ryosuke Kita of the Next BSS Development Department., the construction of identity authentication using Okta WIC went more smoothly than expected.
"Okta WIC has an intuitive and easy-to-understand UI design, which enables configuration and confirmation without complicated steps during development and operation,” says Kita. “We rely on SCSK to provide operational support, so if there is something we don't understand, SCSK is available or we refer to Okta's website or FAQ. Additionally, SCSK works with Macnica to contact Okta with inquiries and has established a system to help us promptly resolve issues."
Reasons for choosing Okta were ease of linking, iPad control, and availability
There are various cloud-based identity management services, but why did J:COM choose Okta WIC? When selecting a vendor, the Next BSS Development Department compared and considered a shortlist of vendors from the Gartner Magic Quadrant. After a comprehensive evaluation, they selected Okta WIC, with particular emphasis on the ability to link with existing identity management systems and control iPad access.
"Okta WIC performs authentication based on identity information issued by our in-house on-premises identity management system, which made this collaboration effortless,” explains Hidaka. We also needed to control access on iPads. Since iPads access core applications from an external LAN, it is impossible to identify the user or their location. That meant we could not guarantee security, thus making it crucial to have a so-called device authentication function that could only authenticate our iPad devices."
Hidaka also mentions that Okta provides an abundance of APIs to facilitate integration with various systems, and Okta Universal Directory allows the team can map user attributes from a conventional identity management system (UID), making the initial integration process very smooth. Previously it took several days for users to be able to use the system after applying for an ID, but after introducing Okta, the flow has been improved to the point where users can access applications the day after applying. For access from iPads, J:COM created an environment that allows secure secure access from outside the company by using the Adaptive Single Sign-On, which authenticates devices and detects new IP.
Furthermore, since core systems will be migrated to the cloud, having high availability was an important factor when comparing products.
"In-house operators and construction-related contractors who interact directly with customers use Okta WIC as a system that reflects and references the service and construction reservation status in real time, so the business impact of service failures can be huge,” says Hidaka. “Therefore, we also evaluated SLAs when comparing products. Okta WIC has an uptime rate of 99.99%, which was better than other companies' products.''
In fact, J:COM experienced zero service failures caused by Okta in the core systems during the production migration in November 2021.
A major advantage of introducing Okta is a significant reduction in operational man-hours
Overall, the J:COM team is confident in their Okta deployment and feels that systems using Okta authentication can be operated with insignificant man-hours compared to systems not using Okta.
"If you look at how many man-hours are spent on authentication-related operations for the systems controlled by the Information Systems Division (10 systems), it was around 20 hours per month. This made me think that we would have to spend a certain number of man-hours even on a system that installed Okta WIC, but the reality is we are able to operate it with almost none and only light support from SCSK,” says Kita. “We almost never have to deal with end-user support either. I think the fact that users can now reset their own passwords is a huge factor. In general, when introducing a new system, operational man-hours tend to increase, but we were able to reduce operational man-hours by introducing Okta. This enabled us to start making operational improvements that we had not been able to make before."
In this way, by adopting Okta WIC, the Next BSS Development Department. succeeded in reducing development time and costs as well as improving operational efficiency. Looking to the future, J:COM would like to implement additional security features including MFA and passwordless, as well as Okta Workflows functionality for automation.
J:COM's Information Systems Division has a vision of increasing customer value and creating a better society through small improvements and creative initiatives. As such, they wish to expand their use of Okta WIC as an authentication platform for their core operations and continue to improve the level of operational sophistication that will serve as the foundation for providing better services to customers.
"IT is evolving very quickly, and we need to respond to this quickly,” says Umeda. “New technologies such as PaaS and SaaS are being provided back-to-back out in the world, so I would like to continue to watch out for these and be prepared to deal with new projects as they arise.”
About J:COM
Since its founding in 1995, JCOM Co., Ltd. (J:COM), has provided high-quality entertainment through community-based broadcasting and communications. Today, J:COM offers a diverse set of services ranging from cable TV and high-speed internet to insurance, electricity, and gas in five major metropolitan areas across Japan. With their brand message of “making new things the norm,'' J:COM is continuously expanding the areas in which they do business while working closely with local communities and customers to make cutting-edge technology more accessible.