Founded in 2004, Classmethod has emerged as a leading Japanese cloud integrator that provides technical consulting, development, support, and operations across big data, mobile, and artificial intelligence use cases. Today, Classmethod employs over hundreds of workers across seven offices in Japan and six overseas across Canada, Germany, India, South Korea; Thailand, and Vietnam.
Like many organizations in early 2020, Classmethod switched to remote working in response to the global pandemic. This sudden shift forced Classmethod to reevaluate its overall approach to IT and security, particularly to secure employee access to internal applications and to protect workers from malware and other Internet threats.
When employees started working remotely, Classmethod could no longer rely on the network-based protections and controls within the company’s physical offices. Within its offices, Classmethod could enforce authentication to company resources via its identity provider, Azure Active Directory, and could block employees from browsing unwanted or harmful Internet content via web filtering.
Looking ahead, Classmethod recognized that as pandemic restrictions were lifted, employees – particularly its sales teams – would be interested in working from cafes, co-working spaces, or other public spaces where connecting over public Wi-Fi could be a risk. To date, Classmethod had given employees mobile Wireless Access Points (or mobile hotspots) to avoid risks like Wi-Fi snooping, on-path attacks, and DNS cache poisoning. Deploying this hardware was not only costly, but also inconvenienced users. Over time, Classmethod knew it needed a more streamlined way to protect employees from public Wi-Fi risks while maintaining an encrypted connection to the Internet or other internal environments.
“Of course, not all public Wi-Fis are dangerous, but it's impractical for our Information Systems Department to identify which ones are safe and which ones are dangerous,” said Mr. Kazuki Ueki from Classmethod’s Information Systems Department. “We wanted to create a stress-free working environment for our employees, so we need an approach that could provide secure access to our internal systems that could be available over public Wi-Fis."
In late 2021, Classmethod saw an opportunity to address its application and Internet access concerns with a single vendor by adopting Cloudflare Zero Trust for its entire distributed workforce, across all locations in Japan, the rest of Asia, and Europe.
“We adopted Cloudflare Zero Trust to support secure access and threat defense in a single platform. Setting identity-aware policies integrated with our Microsoft Azure AD environment has been really easy for our administrators and gives them the controls to keep our users safe.” said Mr. Ueki.
First, Cloudflare Zero Trust Network Access (ZTNA) service would secure employees reaching internal applications by first authenticating each request with identity-based check against Classmethod’s Azure AD. With this method, Classmethod no longer needed to set location- and IP-based access policies.
Second, from the same policy dashboard, Classmethod could now set DNS filtering policies to block employees from reaching harmful web content with risks like ransomware and phishing.
“Currently, our employees generate 37 million requests to the Internet per week, out of which we block around 4,000 of them as dangerous sites,” Mr. Ueki said. “Cloudflare not only blocks direct access to dangerous sites, but also prevents unauthorized access that goes on in the background, hidden behind ads or web beacons that appear on safe sites.”
Classmethod was particularly impressed by its ability to address both these application access and Internet protection needs with a single device client, which was deployed via a mobile device management (MDM) tool. With Cloudflare’s device client, Classmethod can enforce encrypted connections for all remote users, reducing the company’s concerns for using public Wi-Fi. Over time, this will allow Classmethod to reduce the number of mobile hotspots it deploys and further lower its hardware costs.
“Cloudflare’s device client is providing secure, encrypted connections whether a user is running a PC in a cafe or a co-working space,” Mr Ueki said. “Since deployment, the Information Systems Department has not heard of any complaints from employees.”
Now that Classmethod has secured remote access to applications and their Internet, it is exploring new opportunities to simplify the organization’s overall corporate network and expanding on-ramps to include the use of smartphones. Additionally, they are looking into Cloudflare Cloud Email Security, with the aim of eliminating phishing, malware, and unscannable attachments (e.g. password-protected zip files) sent to inboxes from either external or internal senders.
"Cloudflare Zero Trust is recommended as a service for companies that have a lot of remote workers, or companies where employees use their personal computers externally while on the go,” Mr. Ueki said. “Even when you set up a new office, your initial and operating costs could potentially be lower because you can provide an inexpensive private networking environment without the need to install costly leased lines. When we were setting up a new office in South Korea, we were able to get the network access ready early on by using Cloudflare Zero Trust. This would have been much more difficult with any other solution."
Block 4,000 requests per week to harmful and unwanted Internet content via DNS filtering
Reduced workload for IT and security staff to manage application access policies for hundreds of remote workers
Secure public Wi-Fi via encrypted Internet connections and reduced hardware spending on mobile hotspots
“We adopted Cloudflare Zero Trust to support secure access and threat defense in a single platform. Setting identity-aware policies integrated with our Microsoft Azure AD environment has been really easy for our administrators and gives them the critical controls to keep our users safe.”
Information Systems Department
“Cloudflare not only blocks direct access to dangerous sites, but also prevents unauthorized access that goes on in the background, hidden behind ads or web beacons that appear on safe sites.”
Information Systems Department