By ensuring its clients receive all the information they need and understand their priorities, system integrator SB Technology is increasing security in the age of information.
Japan has a reputation overseas for being very slow to adopt digital trends and digital tools. However, many of the interviewees we have met for this report believe this to be a misperception, and behind the scenes and in B2B spheres, that is not actually the case. This point is hard for us to reconcile with the fact that Japan routinely ranks very low in global digital competitiveness rankings, ranking 28th in the world, 29th, and routinely the lowest among OECD nations. Do you believe that this reputation is valid, and if not, then why do you believe there is this misperception?
In 2000, efforts were made toward the introduction of the Social Security Number (Resident Basic Ledger), which is the predecessor of the current My Number Card. However, this effort was not widely disseminated due to the backlash from the public. Japan’s economic boom halted in 1990, causing banking and security firm bankruptcies. The 2000 numbering system aimed to aid economic recovery. The arrival of Microsoft Windows in Japan in 1995 triggered the spread of the Internet; personal use was not widespread, and the LAN base was very secluded. The Japanese government wanted to take advantage of this network system and envisioned the creation of a numbering system. However, their vision for a numbering system was hindered by protests.
What happened in the 2000s with regard to various information leaks triggered privacy law (Act on the Protection of Personal Information) enactment, limiting government use of identifying data. Cyberattacks such as Ransomware and phishing emerged as smartphone usage evolved. In 2018, My Number’s introduction saw monetary incentives adopted, resulting in approximately 80 million citizens, or 75% of the populace, participating in this new numbering system. Though My Number encountered resistance, most Japanese citizens are now registered. My Number is issued by the local government in the area where they reside, and there are three layers of network security system configuration. The first network level is closed and quite secure, pertaining to personal information. The second is the citizen service application level, and only staff can connect. The third layer relates to the Internet. However, further reforms are necessary to realize its full potential.
In 2016, the security environment of the Internet of 47 Japanese prefectures and all 1770 municipalities was unified and improved to a certain level by the national government's policies. This project was allotted through a bidding process. Our involvement supported network establishment in four prefectures and 121 cities and towns over five years. Since then, from the trend of digitalization, there was a secondary information security system project in 2021. We were able to acquire 12 prefectures and 405 cities and towns, which accounts for 25% of Japan.
What is your perception of how young people are reacting to what some may call oversight or overreach?
The younger generations are more accustomed to using smartphones and cashless systems, as they welcome things that make their lives more comfortable. In the years after WWII, there was a population boom in Japan with around 2.5 million babies born each year. Those people are now 70 or 80 years old, which means that in ten years, many of that generation will not be around. Their babies are now around 50 years old and will likely be retiring in 10 years. This generation must be supported by younger generations, but the current birth rate is decreasing year by year to about 0.8 million, which is a major burden for younger generations.
How is your firm dealing with the challenges that Japan’s declining population has created, and what opportunities has this presented for you?
I am very optimistic about the future of Japan when it comes to leveraging digital tools. The next three or four years will be focused on the introduction of more and more digital tools into Japanese society. With the decline in the population of Japan, the introduction of more robotics into the manufacturing field will be required. I believe that the implementation of digitalization into Japanese manufacturing will greatly increase productivity and place Japan in an advantageous position in the global market.
Many Japanese companies, including ours, have an employment system where those in the management step down when they reach the age of 50 years. They do this to let the younger generation take over and rejuvenate the company. However, this employment system has led to a decline in motivation among senior employees with merit; I believe that this hinders the growth of Japanese companies.
We have an employment system that gives jobs regardless of age, as we want our management to continue working in their positions until they are 60, 70, or even older. As long as they are willing and have the capabilities required, we want them to continue working, and we will pay higher salaries for them to do so. We continue to update our system with the aim of creating an environment in which more diverse human resources can work.
A few years ago, we hired a very experienced individual who had previously spent thirty years working for Japan's leading electronics company. He was part of their senior management with a salary of over JPY 15 million. When he turned 55 years old, he needed to resign from his position at the company. However, he wanted to continue working for the next ten years. His salary at the company was automatically reduced by 20%, and it would be further reduced by 40% as he got older. These policies have a very serious impact on the motivation of older employees. We are willing to hire such people, as their expertise can greatly benefit other IT companies.
What do you perceive to be the strengths of Japanese digital tools providers and integrators such as digital security companies like yourselves when it comes to the international market?
Every three years, we devise midterm plans, and we are now in the second year of our fourth midterm plan which is focused on DX. Cloud system usage requires security for effective data manipulation. Our first-year initiatives focus on EDR and managed security systems services. Our second year develops to BI and AI for data utilization. The third year prioritizes consultations and training to maximize DX systems’ value. Through this plan, we aim to offer comprehensive DX services, and leads to the business growth of customers.
Earlier, you mentioned LAC. We are on very good terms with them and share a lot of business. Our attention extends to comprehensive risk analysis involving network access. For instance, if the network is contained within a room, the room entrance and exit are monitored and analyzed to mitigate security risks.
Our 24/7 security operations center has a system to ensure continuous service. Our decade-long focus on cloud-based services, particularly Microsoft Azure, positions us atop engineering standards.
As you have mentioned, you are currently in the second year of your three-year plan, in which you have been utilizing BI and AI for the analysis of collected data to understand the best applications and the best proposals that you can make to your clients with this data. We know that last month you launched your MSS for Vulnerability Management (VRM) which is a regular scanning of all IT assets of the client and it provides a comprehensive 24/7 security report. Can you talk about how this new VRM service differs from the ones in the past and how you have built on them?
This is our “MSS for Vulnerability Management” (VRM). It shows the customer services we offer on-cloud or on-premise. Every day, the whole network is checked thoroughly, including all versions of the patch programs as well as worldwide vulnerability information. Our service is built on ServiceNow, the data is gathered on the ServiceNow database and the information is checked with fresh information being updated every day.
We manage this with our vulnerability scanner (Tenable Vulnerability Management). The scanner checks the assets on the network for the need for a new version of the patch program. Moreover, vulnerability information that cannot be obtained from the vulnerability scanner is checked from the security alert of the external organization, The customer's CIOs or security operators can use this system, the risk score can be used as a reference to determine whether vulnerability can be addressed and to formulate a response plan.
The application compatibility check is carried out by informing CIO level persons by the system. Then, the adaptation of the patch can be decided at the optimum timing, if required.
We relay the information to CIO-level people, enabling them to determine whether patches are necessary and if so, the optimal timing. Additionally, compatibility checks for applications are part of their decision-making process. This encapsulates the essence of vulnerability management. Our system plays an important role in implementing security strategies.
When we talk to other companies about bringing their services abroad, the big difference they see is that Japanese digital security providers and cybersecurity vulnerability providers create a very tailored system. You demonstrated well that you are prioritizing the CIO by making sure they can get all the information that they need and helping him to understand their priorities. In contrast, some of your competitors in the international market set their system and expect the client to adapt. Do you agree with that analysis?
We are a system integrator, rather than a technology provider. The IT landscape encompasses three entities: technology providers such as Microsoft or Amazon, customer companies, and system integrators. Notably, in Japan, the ratio of system integrators to technology providers is distinct from that in the US.
In the 1980s, Japanese companies developed programming systems and computers for employee salary calculations. These systems, however, had a singular purpose and were eventually sold to prominent IT companies. This shift promoted the idea that IT companies such as system integrator managed IT operations, while user companies focused on industry advancement.
From this background, 70% of IT engineers are system integrators in Japan. A large number of the remaining engineers work for the customers. They learn about new technologies, and knowledge of the legacy systems currently in use also needs to be obtained.
When it comes to your international development and expansion, are you interested in markets other than Japan where you can provide your system integration services?
Yes, we are interested in expanding beyond Japan. There are many solutions when it comes to security, and there are many different methods for scanning and analyzing information and deciding whether something is a real-time risk or a ticking time bomb. Information collection and analysis for analyzing needs require experienced personnel.
When it comes to your international business, we know that you have been present in Hong Kong, Taiwan, and South Korea. What were some of the key lessons and takeaways that you have learned operating in these international markets and how you will proceed from here?
Our overseas business has been primarily through Norton and its subsidiaries, with whom we have collaborated extensively. Our rights to conduct business in double-byte regions, including Hong Kong and Taiwan, led to subsidiary establishments. However, with the change in ownership of Norton, we anticipate discontinuing our Norton-related business within the next few years.
Last month, we announced that our company Fontworks would be sold to Monotype, a US-based entity. This change means that we will cease direct business dealings with end-users from October of this year. Our core focus lies in cloud systems, security, Big Data, and AI, catering to major enterprises and governmental bodies. In 2018, we established a global operations center to serve our global clients.
Our developmental base in Vietnam has facilitated collaborations with three companies. While cost-efficiency and streamlined processes initially attracted us to R&D in Vietnam, we recognize Southeast Asia’s emerging market potential. Now that we have transitioned into the post-Covid era, this year marks a renewed focus on international approaches. Two considerations guide our approach. The first is the trend of reduced investments in China, and the second is the shift towards Southeast Asia for economic security. Thailand, Vietnam, Laos, and Myanmar are appealing markets, and Vietnam’s IT advancement and Japanese affiliations make it particularly promising. While I cannot specifically mention what kinds of investments we will be making in Vietnam at this point, I can say that Vietnam is a very attractive market for us.
Another promising avenue for our overseas business is agricultural-related services. Eight years ago, we began providing our services to the Japanese Ministry of Agriculture, Forestry, and Fisheries (MAFF). We introduced the eMAFF Map which is a digital application system for agricultural land analysis. Our accumulated expertise positions us well in this sector, and we have attracted interest from Vietnam, Cambodia, and other countries. This is an area we plan to strengthen, extending our services to other Asian nations.
How do you see the next step for increasing your presence in Southeast Asia? Is it a matter of HR finding the right people to hire, or will you be looking for new partnerships besides the three in Vietnam that you have already mentioned? Are potential M&As also something that you are interested in? How would you describe your focus in as much detail as you can disclose at this time?
There are many combinations that we have in mind. The money from the sale of Fontworks will be used for large investments in those areas. That is as much as I can disclose at this time.
Imagine that we were to return on the last day of your presidency to redo this interview all over again. Is there a certain goal or personal ambition that you would like to have achieved by that date that would be your lasting legacy as president?
I will have to think about that and get back to you later. Thank you very much