As part of its sustainable growth support program, the Nissin Foods Group is aggressively promoting digital transformation, with the aim of improving employee productivity through efficiency. To that end, the company moved to the cloud using Microsoft 365 as its communications infrastructure and early adopted a remote-enabled environment. With Microsoft 365 E5 Security, the company also implemented a Zero Trust security strategy and is now advancing even further in cybersecurity hygiene, which continuously maintains the integrity of the IT environment.
Building on the mid- and long-term growth strategy initiated in fiscal 2021, and on the fiftieth anniversary of the launch of its flagship product, Cup Noodles, Nissin Foods Group is working on three themes to realize its vision. For the former, the Group promotes its greater cash generation capacity in existing businesses to seek sustainable growth, significantly altering its profit portfolio.
On the sustainability side, the company focuses on its environmental strategy, called the Earth Food Challenge 2030, to address the effective use of finite resources and mitigate their impact on climate change. For the last priority, the company is working on promoting new businesses to pursue the foods of the future through collaboration with the field of food science. All three of these growth strategy themes require creative thinking from all areas, including IT, which supports the day-to-day business, allowing the company to implement measures to stay ahead of the curve.
In its Future Office Project started in 2014, the Group adopted Microsoft 365 (at the time Office 365) as the communication infrastructure for its offices, in addition to easy-to-carry Microsoft Surface devices. The company aims to achieve an IT environment that is comfortable, highly secure, creative and easy to work from anywhere. Preparations for the Tokyo 2020 Olympic Games turned out to be a key element that helped the company establish a remote work framework during the COVID-19 crisis, which now serves as a foundation for hybrid work.
In addition, Nissin continued its Legacy Termination Project, eliminating mainframes by migrating its enterprise resource planning systems to Microsoft Azure. The Group also completely reorganized its old isolated systems that were blocked at different levels, achieving a reduction of more than 80% in its business systems. Maintenance cost, which previously accounted for almost 90% of the IT budget, has been reduced to approximately 60%, which has generated new value creation results.
In 2014, people were still wary of cloud security. Keita Nakano, deputy head of the Information Planning Department at Nissin Foods Holdings, Inc. (at the time of the interview) describes why the company might decide to deploy the cloud on a massive scale amid so much skepticism. “The progress of IT is remarkable and only a handful of people in the world know everything about technology,” he says. “If you think like that, it's obviously very difficult to manage and control information security without hardware problems or external attacks when we operate servers and networks on our own. In this regard, cloud service providers including Microsoft have vast knowledge about cyber attacks and offer reliable services and the latest security measures. We concluded that it would be much safer and more productive for us to understand and leverage cloud services like Microsoft 365 and Microsoft Azure rather than taking the risks of maintaining our own systems.”
Another factor that contributed to Nissin Foods Group's quick decision-making was that it had already built the Nissin Zero Trust Architecture under the leadership of Teruhiko Iwashita, Section Chief of the Information Planning Division and Assistant Director of Assurance Process Safety Information from Nissin Foods Holdings Co., Ltd., between 2018 and 2019, and implemented a Zero Trust security framework. “In the Future Office project, we were working to build a very high-productivity IT environment that we would love to work in ourselves,” recalls Iwashita.
Iwashita recalls that the first key point was the deployment, in 2019, of Microsoft Defender for Office 365 to protect its system against attacks made through corporate email. “We deployed Defender for Office 365 to enhance our email security and have been successful in preventing commercial fraud, where an attacker impersonates the target business owner.”
The next turning point was enhancing device security with a combination of Microsoft Defender for Endpoint and a security operations center (SOC) provided by an external IT partner. In 2020, Nissin Foods Holdings, Inc. decided to stop the work of approximately 3,000 of its employees as of February 26, the early stage of COVID-19 in Japan.
Moving to remote work all at once required a highly secure and reliable environment to enable business continuity. “In addition to the point-of-entry security measures provided by Defender for Office 365, measures to deal with malware and virus-infected devices were also essential,” explains Iwashita. “Next, we deployed Defender for Endpoint to enable AI-based device monitoring, leveraging Microsoft's vast expertise. However, the volume of alerts from 3,000 user devices is quite significant, which includes overdetection and false positives. Thus, it was difficult for our Information Planning Department to analyze detected content, make decisions and continue or restore business operations. We turned to an external SOC that provides continuous monitoring, advanced analytics and response measures, allowing us to resolve issues with less user downtime.”
Iwashita adds: “We have successfully protected our systems from Emotet, one of the top strains of malware today, thanks to measures based on Defender for Office 365 and Defender for Endpoint. The first wave of attacks of this type occurred between August and October 2020, followed by the second and third waves. In March 2022, we received a lot of attack emails – five times more than in the first wave – but we haven't had any damage so far.” Measures enabled by Defender for Office 365 and Defender for Endpoint have demonstrated clear and recognizable effectiveness, according to the executive. "So we were ready to move forward with a more comprehensive security strategy through Microsoft 365 E5 Security that gives us clear results of how the tools prevented attacks."
“The core of our Zero Trust security plan is to suspect, verify and determine who (ID), what (device) and where (network),” continues Iwashita. “Since devices and networks have their own IDs, we have placed Azure Active Directory (part of Microsoft Entra) at the center of the authentication foundation of our Zero Trust security strategy.”
Accelerate security enhancements across the Group, involving management
The Nissin Foods Group has been developing its Zero Trust security strategy through a phased approach. What is surprising is that the Information Planning Department, made up of just three members, carried out all of the Group's security measures from 2014 to 2021. “We don't have a significant budget or resources,” explains Iwashita. “When we deployed Microsoft 365 as a communications platform in 2014, it only covered 1,800 users across five national companies. By 2022, approximately 5,000 users across 24 domestic and foreign companies are using Microsoft 365. Few organizations are capable of managing so many user accounts with just three security personnel.” Nakano adds, "The company's unique corporate culture played an important role in enabling the success of this action."
For this initiative, Nissin Foods Holdings, Inc. was selected as a company engaged in digital transformation (DX) in 2021 by the Ministry of Economy, Trade and Industry of Japan. In 2020, the company was selected as a 2020 DX Stock for a number of initiatives, including creating a digital workplace to increase productivity by 200%, the Legacy System Termination Project, and promoting remote work during COVID-19. 19. The Group has received a lot of attention from the industry for two consecutive years.
Getting immediate results with cybersecurity hygiene
While the Nissin Foods Group's commitment to Zero Trust safety is a never-ending journey, Iwashita points out that it has already achieved significant results in the initiatives the Group has put in place thus far. Performance results through fiscal 2020 (March 2021) illustrate his point. “We are not an IT company,” he says. “Moving to the cloud and promoting Zero Trust security means contributing to the business. Our effort reached around 55.5 billion yen in value in FY20, which is more than double our investment from seven years ago. “Additionally, total annual working hours per person was reduced to 1,990 hours in FY20, 207 hours less compared to 2,197 hours in FY13. Based on eight hours of work a day, 207 hours is more than an entire month. This increase in productivity is indeed a great achievement.”
Iwashita concludes that the next step is for the company to implement “cybersecurity hygiene”, a concept that understands the integrity of all endpoints and systems in real time, to address any immediate vulnerabilities and maintain a healthy environment.
“First, we want to create this environment at Nissin Foods Holdings and automate various processes, strengthening coordination across the Group and further expanding the range of AI applications,” he says. “Security and protection are the crucial elements to create our ideal IT environment with high productivity, although it is quite challenging, we continue to work towards it. We can now implement a variety of measures through our Future Office and Legacy Shutdown Projects. The Group's complicated system environment caused by individual optimization in its long history will be a very simple system. A consistent solution enabled by Microsoft 365 and Microsoft 365 E5 Security will help us achieve this.”
EN 
PT 
