MKSystem Hardens the Security and Accelerates the Agility of Social Insurance and Labor Services for 8.32 Million People by Shifting to AWS

MKSystem provides business support services, including its in-house developed Shalom cloud service, to social insurance consultants, insurance administration associations, and general corporations, enabling businesses to calculate and report insurance premiums, determine salaries, manage employment, and distribute pay slips.

2,729 social insurance consultants—about 10 percent of the total Japanese sector—use the services. As of May 2023, these consultant agencies service around 570,000 businesses, or 15.5% of all domestic companies, meaning that MKSystem reaches over 8 million people.

Many of the company’s services use on-premises IT environments. Handling information on social and labor insurance, salary, and social security numbers for so many citizens makes security a top priority, and MKSystem enforces strict measures in its on-premises environments. However, there are limits to the strength of on-premises security measures.

According to Tatsuo Miwa, General Manager of the Digital Architecture Design Department, “We tried to harden our security products with security appliances, but rack space and other problems prevented us from updating them in a timely manner; we struggled to keep up with constantly evolving cyberattacks.”

Meanwhile, business growth meant the on-premises environment was approaching performance and availability limits, and operational management work had become a burden. Some of the services therefore moved to the cloud for easier infrastructure scalability.

In June 2023, MKSystem discovered ransomware in its on-premises servers. As a result, many systems shut down and the company was unable to provide normal services. “We took restorative measures as soon as possible to ensure the end customers of our clients could calculate payroll,” says Noboru Miyake, President and CEO of the enterprise.

After starting to rebuild its service platform, MKSystem considered two options: restore the on-premises environment or migrate to the cloud. The company chose the latter and selected AWS based on recovery speed, security, and cost.

Replacing Microsoft RemoteApp—an application delivery service used in on-premises environments—with Amazon AppStream 2.0—a fully managed application streaming service allowing us to restore service to customers as quickly as possible—was the deciding factor,” says Hiroshi Kiyama, Executive Officer and Head of Development.

“We were also impressed with the AWS services we were already using, the comprehensive migration support partner ecosystem, and Security Assessment System (ISMAP) accreditation for government information systems.”

The decision to adopt AWS passed on June 21, 2023. Construction of the environment and data migration work commenced immediately, and major services resumed from June 30.

“When we announced our migration to AWS, many people said that AWS alleviates security concerns as governments, financial institutions, and large companies use its services,” explains Miyake.

“Our shareholders, banks and other stakeholders are positive about the shift and appraisals are exceptional.”

MKSystem implemented the company-wide migration project at a rapid pace, and hard work from partners restored services in the shortest possible time.

“Few other companies were using Amazon AppStream 2.0 in the way we are, so we modified applications to avoid restrictions; we encountered some unexpected errors but overcame them by having AWS personnel contact the US technical team,” says Kiyama.

Migrating to AWS enabled the company to restore services just three weeks after discovering the ransomware incident, minimizing the impact on users. This also diminished the business impact on the company, which offers its services as cloud services for monthly fees.

According to Kiyama, “It takes several months to prepare infrastructure for on-premises platforms, and the biggest advantage of AWS was that it reduced the procurement period and initial costs.”

Security levels are also better than those of on-premises environments, and workloads on infrastructure personnel are lower.

“With AWS' shared responsibility model, we can leave everything in the infrastructure area to AWS, including security and communication problems,” says Miwa. “And with managed services, we don't have to worry about operational work so we can shift our focus to maintaining and operating other areas.” After restoring services, MKSystem worked to harden security by introducing EDR, multi-factor authentication, and stronger password policies. The enterprise also holds weekly security and log review meetings for more robust countermeasures.

“Although we don't have 100 percent security, AWS provides better security than on-premises environments,” says Miyake. With services up and running again, the company’s next step is to fully shift its mainstay services to the web. MKSystem will completely renew its Shalom insurance consultancy service with cloud-native architecture and further increase customer value as it aims to launch the next version, Forever, on AWS within FY2024.

“We will only see the real benefits and value of migrating to AWS after shifting entirely to the web,” says Miyake. “The various services AWS provides makes it easier to appeal to users from both business and marketing perspectives, which I believe will accelerate the digital transformations (DX) of social insurance consultants and their clients.”