Asian woman sitting on a sofa using a laptop
Yahoo! Japan logo

Yahoo! JAPAN is one of the country’s biggest and most popular portal sites, with about 80 million people visiting the website every year. It is a subsidiary of Z Holdings Corporation, headquartered in Tokyo, and its offerings include e-commerce, internet advertising, and member services.

目的

  • Maintain customer service levels and security
  • 事業の継続性
  • Certify and authenticate every application running on Yahoo! JAPAN’s PKI

技術基盤

ビジネスにおける課題

Yahoo! JAPAN’s mission is making Japan more convenient with the power of information technology. As part of this mission, the security of the provider’s services, data, and customers is its number one priority. A Security Engineering Team Manager of Yahoo! JAPAN said, “Any security incident would be bad for our customers, bad for our business model, and bad for our reputation, so we cannot allow that to happen.” In addition, maintaining business continuity was of utmost importance.

Technical Challenge

Yahoo! JAPAN needed to authenticate and certify that every application in its IT infrastructure can be trusted to be what it purports to be. Consequently, when the application attempts to connect to a gateway or central server, it needs a unique, authenticated identity. With this unique ID in place, IT system administrators can track each application throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If an application exhibits unexpected behavior, administrators can revoke its privileges.

ソリューション

Yahoo! JAPAN selected Entrust nShield® HSMs to act as a secure and scalable key storage environment.

成果

Increased security for Yahoo! JAPAN through robust authentication.

The Transformation

Yahoo! JAPAN implemented a public key infrastructure (PKI) using digital certificates to identify and authenticate applications that access the system. Because digital certificates facilitate the verification of identities between actors in a transaction, it is imperative to protect the authenticity and integrity of the certificate, and thus maintain the trustworthiness of the system.

The certificate authority (CA) is the core component of a PKI and is responsible for establishing a hierarchical chain of trust. CAs issue the digital credentials used to certify the identity of actors. The CA underpins the security of a PKI and therefore can be the focus of sophisticated, targeted attacks. To ensure encryption keys were securely stored, highly available and effectively managed, Yahoo! JAPAN needed physical and logical controls as well as HSMs in place.

HSMは、データの暗号化と復号化、およびデジタル署名と証明書の作成に使用されるキーを生成、保護、管理することで暗号化プロセスを保護する、強化された改ざん防止ハードウェアデバイスです。 After reviewing HSMs from two different vendors, Yahoo! JAPAN decided on Entrust nShield® HSMs to provide the secure and scalable key storage environment.

Entrust nShield HSMs are among the highest-performing, most secure and easy-to-integrate HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and application security for enterprise, financial, and government organizations. The purpose-built hardware devices are designed to generate, safeguard, and manage cryptographic keys on behalf of applications. The unique nShield Security World key management architecture enforces important separation of duties with dual controls that segregate security functions from administrative responsibilities.

Yahoo! JAPAN chose nShield HSMs because of their industry leadership, reliability, and scalability, the number of applicable use cases, and the experience of the Entrust technical team. nShield HSMs were deployed across two geographically separate data centers, located in eastern and western Japan.

HSMハードウェア
白い左引用符のアイコン

The introduction of Entrust nShield HSMs has been a significant contribution to increasing the security of Yahoo! JAPAN’s authentication platform.

Senior Manager
Security Engineering Department, Yahoo! 日本

Measures of Success

All the nShield HSMs run under the same nShield Security World, which enables load balancing and failover between the HSMs. So, in the unlikely case that one of the HSMs should fail, the others immediately pick up the slack. And, even if one data center was to go down, the HSMs in the other data center would be able to respond to demand.

As its nShield HSMs run in physically secure, lights-out data centers in locations far from the IT staff who manage them, Yahoo! JAPAN also installed nShield Remote Administration. nShield Remote Administration lets the IT staff manage the HSMs – including adding applications, upgrading firmware, and checking status – from wherever and whenever they choose. This means less travel to data centers, helping cut maintenance and travel costs and optimizing resources.

The Senior Manager of the Security Engineering Department, Yahoo! JAPAN, adds: “The introduction of Entrust nShield HSMs has been a significant contribution to increasing the security of Yahoo! JAPAN’s authentication platform. We were impressed with how easy they were to install and operate and are very satisfied with their performance, functionality, and Entrust technical support.”

お問い合わせ

フォームにご記入いただくと、nShieldハードウェアセキュリティモジュールがお客様のデジタルセキュリティのユースケースをどのように実現できるかについて、当社の専門スタッフがご相談に応じます。

Download the Yahoo! JAPAN HSM Case Study