Sony Music Group, which is based around Sony Music Entertainment (Japan) Inc., spans 20 different companies, and is constantly expanding their business to increase the size of their footprint in the entertainment industry. Their customers on the business-to-business side include recording artists, music retail outlets, and distributors. On the business-to-consumer side, they serve a wide variety of clientele, including fans of music and animation. While the core businesses of their entire organization are music and animation production and development, they also have IT departments which provide users with their own CMS creations and other departments which develop games and apps. Their website serves as a link between the end user and their artists and animation content, and it delivers a large amount of content (more than 400GB per month). They receive nearly 8 million requests per month and manage more than 500 websites.
Sony Music Group manages more than 500 different websites. This requires the handling of a lot of personal data, which requires strong security measures. Additionally, any noticeable drop in performance would damage the trust that their users place in them.
While they originally delegated security concerns to the operators of each site, they soon realized that this led to inconsistent security policies across their properties. Asking the individual operators to implement these measures also increased their workloads and decentralized the line of communication for threat detection. They needed a solution for gateway security in multi-cloud and hybrid environments without getting locked in to a single cloud vendor. They needed to implement zero-trust security countermeasures for each environment, with rapid propagation against blocked threats. They also wanted a security vendor that could provide them with detailed daily reports. They ultimately chose Cloudflare to meet all of these needs.
Once Sony Music Group started using Cloudflare, they noticed results almost immediately. The Cloudflare WAF, which uses threat intelligence collected from data centers all over the world, was turned on for a set of Sony Music Group’s sites and was able to detect and prevent numerous attacks. The Cloudflare log monitoring platform provided a central point from which to observe the attack traffic across all of Sony Music Group’s sites.
The Cloudflare WAF was able to block over 400 attacks to one particular site over the course of a single day, while also improving that site's performance, which led to a more stable user experience and less time wasted dealing with these attacks.
Now that they have seen the results of using Cloudflare WAF, Sony Music Group is looking at enabling it across their network of sites, maximizing efficiency and cost-effectiveness.
While Sony Music Group is solidifying these operations, they have been considering adding other Cloudflare services as well. They are particularly interested in Cloudflare Bot Management. The strength of Bot Management lies in its ability to evaluate and block not just basic bots that can be detected with conventional security tools, but also more sophisticated bots capable of elaborate attacks, like credit card fraud. Bot Management is able to score requests and stop bots thanks to machine learning and a behavioral analysis engine.
Having access to a global network is becoming more and more important as the world changes. For example, Sony Music Group is working on initiatives like going paperless and facilitating remote work. Cloudflare will be an indispensable partner for these kinds of initiatives.
By using Cloudflare, Sony Music Group was able to improve performance and apply consistent security rules across all of their 500+ websites and maintain a single point of control.
The Cloudflare WAF blocked 400 attacks in a single day to a Sony Music Group site.
“Ensuring security is a serious issue in terms of conducting business. Cloudflare is a very good solution and cost-effective compared to the labor costs of pursuing daily security information and manually applying the rules to your organization's site. ”
Yusuke Tashiro & Kensuke Haga