Pokémon pursues Zero Trust security with Akamai

Minimize Security Risks That Hinder Business Growth

Pokémon video games, trading cards, movies, media, merchandise, and events are well known across the world. Because The Pokémon Company is a high-profile global business, cyberattacks pose a real risk to growth.

Technical Director Takeshi Seki, who looks after the company’s internal information systems, explains, “Today’s cyberattacks, especially targeted attacks, are truly ingenious and sophisticated. No matter how many defenses we put up between our internal network and the internet, it’s nearly impossible to completely prevent the risk of compromise. It’s essential to establish a means of protecting sensitive information from these attacks in order to safely scale the business and reduce the risk of data leaks that could harm the Pokémon brand. Being prepared for these attacks is an extremely important issue for us.”

Zero Trust Security Is the Ultimate Goal

The Pokémon Company’s work style makes implementing a security architecture challenging. Employees frequently access the corporate intranet remotely during business trips, while offsite at events, or while working in its stores. The company also has a large number of business partners who access Pokémon’s internal resources, each with their own unique IT security standards. Additionally, The Pokémon Company has significant intellectual property that requires tight control and granular access rights to ensure security standards are met.

When Seki took charge of internal information systems at Pokémon, he immediately implemented additional safeguards against unauthorized access. He introduced an authentication infrastructure using single sign-on, and conducted a third-party security assessment to identify potential risks and better understand the company’s security needs.

“While no risks were found, it did not mean that we were well prepared for targeted attacks. Going forward, we felt it was important to further prioritize protecting our business against targeted attacks and breaches of sensitive information,” recalls Seki. The process led Seki to conclude that a Zero Trust architecture should be implemented.

“With increasingly sophisticated cyberattacks, it was clear that the traditional perimeter-based security method of separating networks into trusted and non-trusted areas was obsolete. We needed to inspect, authenticate, and authorize everything. In other words, we needed to take a Zero Trust approach,” explains Seki.

“However, there are challenges with implementing a Zero Trust security model, too,” he continues. “The biggest concern was an increase in work for our security team. With a limited number of personnel in the Internal Information Systems Department, we had to avoid a situation where new security measures would increase our workload.”

Detect and Prevent Potential Threats with Minimal Engagement

To implement a Zero Trust architecture while keeping his security team’s workload increases to a minimum, Seki chose Akamai’s Zero Trust security solutions: Secure Internet Access Enterprise and Enterprise Application Access (EAA).

Secure Internet Access Enterprise is a cloud-based secure web gateway that inspects DNS traffic and proactively blocks requests to malicious domains and URLs. It uses Akamai’s extensive threat intelligence to prevent company devices from accessing malicious sites and command and control servers, thereby stopping harmful targeted attacks such as phishing, malware, and data theft.

“The best thing about Secure Internet Access Enterprise is that you can deploy it by simply changing your DNS server destination to Secure Internet Access Enterprise's IP address. And because it’s a cloud service, you can also maintain the same level of security on off-network devices, without any extra effort,” adds Seki.

“Akamai’s servers are probably the most widely used machines on the internet, meaning that they have the world’s largest threat intelligence database. That’s why we trust it completely,” Seki explains.

Seki’s colleague Emiko Inoue, who manages the product, shares those sentiments: “Secure Internet Access Enterprise really made our security operations easier. For example, we would previously have to compare and analyze logs from different devices after an incident occurred. Now, Secure Internet Access Enterprise eliminates this kind of work, as the dashboard allows us to easily see what is happening on the internal network in real time. It’s easy to filter and allows us to see who has tried to visit malicious sites, which helps us proactively take action against incidents.”

Adopt Zero Trust Access to Continue Transformation

Threat protection completed the first phase of Pokémon’s migration to a Zero Trust architecture, and it is now focusing on the second phase — securing application access. The company is planning to introduce Akamai’s Enterprise Application Access, a cloud-based Identity-Aware Proxy that delivers secure and adaptive application access based on real-time signals such as threat intelligence, device posture, and user information. It’s part of Akamai’s highly scalable edge platform, and eliminates the need for network access over a VPN, while reducing application delivery risk, cost, and complexity.

“Enterprise Application Access will allow us to remove our labor-intensive VPN and enable faster remote access to corporate resources. We will continue to use Secure Internet Access Enterprise to prevent targeted attacks. This will be a big step toward realizing Zero Trust security,” says Seki.

Implementing Akamai’s two Zero Trust solutions will help The Pokémon Company be more secure and grow more quickly.

About Pokémon:

Founded in April 1998 as a joint venture between Nintendo, Creatures, and Game Freak, its name was originally The Pokémon Center Company. In December 2000, the company changed its name to the current name and expanded its role to cover managing the overall Pokémon brand. Today the company produces, sells, and licenses the Pokémon video game series, anime, trading card game, movies, and related character merchandise, as well as runs the official Pokémon website. Subsidiaries include Pokémon Center Co., Ltd., which operates Pokémon Centers and other official stores; the Pokémon Company International, which handles Pokémon-related business in non-Asian regions including North America and Europe; and Pokémon Korea, Inc.