©2025 Akamai Technologies
Operating one of Japan’s largest food delivery services
One of Japan’s largest online food delivery services, Demae-can Co., Ltd. has grown its business while adding new services — including the shared delivery and Shiire-can joint procurement services for restaurants. With recent changes in lifestyle, the food delivery industry has achieved strong growth, and Demae-can Co.’s business has expanded at an unprecedented rate. They believe in taking responsibility for safely delivering meals carefully prepared by restaurants right to customers’ doorsteps. The company aims to stay ahead of the curve in these times of rapid change, responding to market needs as it pushes the Demae-can brand forward.
VPN devices didn’t meet the demands of office relocationand increased system load
When Demae-can Co.’s internal business systems were remotely accessible from outside the office, employees used SSL VPN clients on their computers to access the devices in the office. The company had roughly 500 VPN accounts, but office relocation and an increased system load required them to implement a new remote access environment.
“We were not able to bring our network equipment to the new offices due to limited space,” says Hideoki Yoshikawa, head of the Information Systems Department in the Product HQ at Demae-can Co. “This meant we couldn’t install our VPN devices at the new offices, so we were at risk of losing access to internal systems.”
Similar to the office relocation, the increase in system load was also a result of expanded operations and personnel. The number of active users reached 3.7 million in the third quarter of 2020, with 24,000 member restaurants and a gross merchandise volume (GMV) of 29.7 billion yen. By the third quarter of 2021, this had grown to 6.52 million active users (~ 1.8x), 74,000 member restaurants (~ 3x), and a GMV of 42.8 billion yen (~ 1.4x).
Business grew at a rate the company had never experienced before. “Our IT systems were no longer able to follow the pace of business growth. There were no available racks in the data center, so we couldn’t add more physical servers. Obviously, we worked diligently on performance tuning, but couldn’t keep up with the rate with which the business was growing,” says Yoshikawa.
The main reason we selected EAA was that it allowed us to seamlessly access both data centers and the cloud. Moreover, it enabled us to control access by the Zero Trust framework with stronger authentication and authorization systems.
Hideoki Yoshikawa, Head of the Information Systems Department in the Product HQ, Demae-can Co.
Need for seamless access to a hybrid environment
Because of its data center situation, Demae-can Co. began ramping up its move to cloud services and migrated to a hybrid environment that combined on-premises and public cloud services. For campaigns and other customer-oriented services that generate a heavy load on servers, for example, Demae-can decided to use a cloud service, since servers can be easily added and cloud services are more resilient to heavy loads.
Development staff began migrating business systems to the cloud as well, but there were still many systems that used data centers instead. For this reason, Demae-can Co. needed new remote access that would enable seamless access to both data centers and the cloud.
“The most important thing was to avoid any disruption in productivity. We needed users to be able to seamlessly access both data centers and the cloud without thinking about which system they needed to access. We also weren’t able to install appliances due to the lack of space in our offices and the data center,” says Yoshikawa. “Thankfully, Akamai Enterprise Application Access met all of our requirements.”
Akamai facilitates secure connectivity
With the Demae-can Co. office relocation plan in place, the company considered several options, and Enterprise Application Access (EAA) as identified as the best solution. As Yoshikawa described it, “We compared and contrasted Enterprise Application Access with cloud-type VPNs offered by other vendors. The main reason we selected EAA was that it allowed us to seamlessly access both data centers and the cloud. Moreover, it enabled us to control access by the Zero Trust framework with stronger authentication and authorization systems. For all of these reasons, we decided to implement EAA as our new remote access solution.”
While preparing for Demae-can Co.’s office relocation, the company conducted an Enterprise Application Access proof of concept (PoC). No major problems arose during the PoC phase, and after the relocation was complete, Enterprise Application Access progressed directly from PoC to production. Enterprise Application Access quickly became an essential part of the new remote access environment.
“EAA was introduced as a remote access solution to replace our VPN and came with tight Zero Trust access controls,” says Yoshikawa. “We expected some complex process to install the Enterprise Application Access connector (virtual appliance) to the server, but the process was almost completed using the template alone. It was quite simple to install.”
Demae-can Co. has nearly 800 user licenses of Enterprise Application Access and has already issued more than 700 accounts. When employees leave the office, the engineers use the EAA client for all their access. “We have users install the EAA client, and for them EAA has simply replaced VPN. What changed is only the way they log in. Nothing has changed in terms of usability,” continues Yoshikawa. “The user doesn’t have to think about whether they are connecting to a data center or the cloud. The EAA client automatically connects to the appropriate EAA connector for each application. And the fact that we haven’t received any negative feedback from users is proof that they are accessing what they need without an issue.”
The fact that we haven’t received any negative feedback from users is proof that they are accessing what they need without an issue.
Hideoki Yoshikawa, Head of the Information Systems Department in the Product HQ, Demae-can Co.
Segmented access through Zero Trust security initiatives
Demae-can Co. not only uses Enterprise Application Access as a simple remote access tool, but it has also begun using it as an authorization control solution to enable Zero Trust security. Authorization is controlled by Enterprise Application Access, and access permissions are granted according to employee role. For instance, access to business systems used internally is granted to a wide range of users, but only engineers in the relevant departments are allowed access to development environment databases and similar systems. The system is configured such that sales staff and other employees are not able to access development environments. Naturally, not even engineers are able to access all of the company’s databases. Connections are restricted to staff belonging to the departments involved in development.
According to Yoshikawa, “Since we installed Enterprise Application Access, we really wanted to thoroughly implement Zero Trust security. However, our journey is just beginning. We hope to implement more granular control based on the concept of Zero Trust in the future.”
Further security improvements planned throughmulti-factor authentication
Zero Trust and other security measures are ramping up at Demae-can Co., and as the business grows, there is also an associated increase in the amount of personal information the company handles. “Demae-can has grown into a popular delivery service used by many customers, and we feel a great responsibility to protect our customers’ personal information,” says Yoshikawa. “We need to be especially careful of targeted attacks that run the risk of infiltrating our network and leaking personal information. To that end, we are considering implementing Akamai MFA as multi-factor authentication to stop account takeover and data leaks. We look forward to continuing to work with Akamai in the future.”
*Details in this story are based on the time of the interview. Please note there is a possibility of changes since this story was first written.
About Demae-can Co., Ltd.
Demae-can Co. operates Demae-can, the largest food delivery portal site in Japan. Demae-can offers delivery services for more than 100,000 participating stores, ranging from pizza to Chinese food, sushi, Western cuisine, alcohol, and online supermarkets. Company performance has grown through services including Sharing Delivery, whereby even restaurants without in-house delivery services can offer deliveries by sharing Demae-can’s delivery network; Incubation Kitchen, which provides support for trial food delivery services at low risk and cost; and Shiire-can, a joint procurement service for restaurants. Demae-can signed a business collaboration agreement with LINE Corp. in May 2016. This was followed by the announcement of a capital and operational agreement with LINE Corp. in March 2020. Moving forward, Demae-can aims to be a comprehensive food marketing platform that covers all restaurant services. https://demae-can.com
About Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world’s most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai’s security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.