Mainichi Broadcasting System (MBS) + Duo

Mainichi Broadcasting System is a radio and television broadcasting company headquartered in Osaka Japan with studios across the Kansai region and a presence in Shanghai, China.

MBS needed to provide a safe, remote working environment and enable employees to securely access everything from on-premises systems, HR and accounting systems for attendance and expenses and other cloud-based services.

Duo’s deployment enabled staff to securely access the TV station’s core Electronic Data Processing System (EDPS) to maintain business continuity from anywhere employees work.

The Organization

Headquartered in Osaka Japan, Mainichi Broadcasting System (MBS) is a radio and broadcasting company with a strong legacy as a pioneer in Japanese broadcasting. It has been serving its viewers for more than 70 years. MBS first radio broadcast dates back to 1951, and its first television broadcast dates back to 1959. That same pioneering and entrepreneurial culture is still going strong. Today, MBS is forward thinking and expanding.

The Challenge

While MBS proudly serves viewers in Kansai with regionally produced programs, it provides a wide range of programs from variety shows, to dramas, to anime, nationally. Meanwhile, MBS is also part of a growing partnership of stations that are forming a new network called the Japanese News Network or JNN.

This exciting growth also brings challenges. Besides expansion, MBS also saw an explosion of VPN use during COVID, and there were security concerns around fake and illegal users. To address these concerns, MBS migrated to multi-factor authentication (MFA) to develop a safe remote working environment regardless of the system used.

“We had been using VPN via Cisco AnyConnect in the past, but only certain users were eligible to use it, such as reporters who were based outside the company to do interviews, and staff on long business trips,” explains Yusuke Suzuki, Assistant Manager, DX Promotion Department, Corporate Strategy Division. “When COVID hit we needed employees and other staff be able to externally access on-premises systems using VPN,” he adds.

But the accessibility and security issues that MBS faced were uniquely complex. TV stations have a core system called Electronic Data Processing System (EDPS), which manages TV commercial contract information, program information, and broadcast operation data. “We needed to make this system securely accessible from the outside in order to maintain business continuity,” Suzuki says. “With the rapid increase in the number of VPN users, there was concern of increased security risks, such as posers and illegal usage, so we considered the introduction of multi-factor authentication to enhance security.”

Choosing the Right MFA Solution

Since MBS already leveraged Cisco AnyConnect, the progression to Cisco Duo was a logical step. “We had conventionally used Cisco ASA, Cisco AnyConnect’s VPN, and for authentication server we used Cisco Identity Services Engine (ISE). So, the introduction of Duo was easy,” Suzuki explains. “Besides, many on-premises users were used to Cisco AnyConnect’s VPN, so the addition of Duo was easy for them to adopt. Additionally, Duo is a cloud service, so we didn’t need to purchase any new hardware to get it up and running. It met our needs in terms of delivery schedule and maintenance costs as well,” Suzuki notes.

“We had conventionally used Cisco ASA, Cisco AnyConnect’s VPN, and for authentication server we used Cisco Identity Services Engine (ISE). So, the introduction of Duo was easy.” Yusuke Suzuki, Assistant Manager, DX Promotion Department, Corporate Strategy Division.

Deployment

The rollout was strategically planned and completed in stages. Because more users were working remotely, and face-to-face interactions were more limited, the switch had to be simple and easy to grasp. But as Suzuki’s team collaborated with its Cisco partners, additional benefits came to light, such as the ease of synchronization with Duo’s AD (Active Directory) and the fact that AD could handle the centralized management of users.

“Initially, we expected Duo’s user information to be manually registered or use CSV imports, but we found out that we could use the AD integration function,” says Suzuki.

“Synchronization using the AD integration function was extremely easy after developing Duo Authentication Proxy (DAP), which had the role of safely mediating on-premises ASA, ISE, and AD with Duo on cloud,” he continues. “By syncing Duo and AD, you can control whether to use multi-factor authentication by just switching the security group each user on AD belongs to,” Suzuki explains.

Solution

Roughly 650 users were eventually migrated with only minimal challenges, and the solution is perfect for remote or on-prem situations. “We use cloud services for our communication tools like email or chat. Those can be used at any time during remote work, as long as there is internet connectivity,” says Suzuki. “Meanwhile, on-premises users gain access after connecting to VPN. But general users and reporters who leave the company often now have access via VPN,” he adds.

General administrative tasks, such as attendance management and expense reimbursement could now be performed remotely. EDPS that used to only be available on-premises can now be accessed temporarily, which improves business continuity. Additionally, users can leverage their smartphones to access various cloud services, simply by installing the Duo Mobile app and receiving multi-factor authentication push notifications.

What’s Next

The next chapter in the MBS story will be written in the years to come, and Cisco security solutions will play a key part. “For the future, we are exploring if we can apply multi-factor authentication to services other than VPN by utilizing Duo’s interoperability. We also want to use the SSO (single sign-on) function to improve user convenience by making a self-service device management system,” Suzuki exclaims.

And while new uses are being explored, simple traditions will continue as part of the overall company culture. “We have had a good relationship with Cisco for many years. For example, every December we hold a concert called ‘Suntory Presents Beethoven’s 9th with a Cast of 10,000’,” Suzuki says. “We use Cisco Webex to make this concert an event that connects with everyone in the world. So, I hope Cisco continues to provide easy-to-use and safe solutions for us in the future.”

© 2023 Cisco and/or its affiliates. All rights reserved.