Becoming the De Facto Market Leader:
From On-Premise to the Cloud
“…we believed in the potential of G Suite. We believed that it would eventually replace the existing on-premise solution… “
In December of 2007, ISR met Japan’s Google Enterprise team and offered to support their newly launched Google Apps (currently known as G Suite) as a system integrator (SI). Their team consisted of only three people, but we believed in the potential of G Suite. We believed that G Suite would eventually replace the existing on-premise solution prevalent at that time. Our belief was based on our own experience of having used G Suite internally at ISR for more than 6 months.
The shift from our own on-premise mail server (OPMS) to G Suite brought us many advantages. First, we did not have to operate our own mail server anymore. There was no need to worry about increasing our server capacity and disk hardware as the number of employee increased. Second, we did not need to have one engineer specially dedicated to running the mail server. The third and most important factor was that G Suite could filter spam, which at that time was more than 80% of received mail and was difficult for our mail server engineer to control.
After making a presentation about ISR, the Google team agreed to have ISR as their SI partner.
“…in the early spring of 2008, we got our first deal. Unicharm with 3,500 employees across five countries.”
Working with the Google team entailed going with them on sales calls. This was a hard slog. From January to March of 2008, we visited a number of large enterprises who all turned down the opportunity to shift to the cloud. However, in the early spring of 2008, we got our first deal, Unicharm, with 3,500 employees across five countries.
Unicharm’s CIO had been given the mission of increasing employee productivity. He saw that a browser-based product was easier to use and more intuitive than a special mail client. Ultimately, the critical factor in his choosing to go with G Suite was that Unicharm’s IT staff in Tokyo did not have to worry about controlling its OPMS in five different countries operated by IT staff speaking different languages and on different time zones and calendars. All the IT operators had to do was to facilitate the initial setup of G Suite and then mail service operation was left up to Google.
At the second sales meeting with Unicharm, ISR made a presentation about CloudGate, our single sign-on (SSO) product, which at that time existed only in prototype form. An SSO server controls access to third party services such as Google’s e-mail service. It also verifies the identity of each employee before allowing access to the service. As such, Unicharm employees are the only ones who can access their Google e-mail accounts. We were to operate the SSO server at our own data center and provide our services to Unicharm for an annual fee. Unicharm’s switch over to G Suite did not take place until our CloudGate service was ready in November of 2008.
“CloudGate became the de facto SSO solution for G Suite. G Suite and CloudGate created an ecosystem that would eventually replace the established OPMS within the next five years.”
In December of 2008, we officially announced CloudGate as an SSO service for G Suite. Starting in 2009, a number of large accounts, including Fuji Soft, switched from their OPMS to G Suite and CloudGate. By enabling access control and user authentication, CloudGate complemented G Suite. Since enterprises’ on-premise security policy in Japan required access control and authentication, CloudGate became a must-have product when choosing G Suite in the Japanese market. CloudGate became the de facto SSO solution for G Suite. These two products created an ecosystem that would eventually replace the established OPMS within the next five years.
Slow Growth to Growing Pains
The G Suite and CloudGate ecosystem both experienced relatively tepid growth for the first two and a half years (December 2008 to June 2011; user accounts grew from 10,000 to 50,000) as companies hesitated to abandon their traditional on-premise mail service infrastructure. However, beginning in the summer of 2011, the shift to the cloud underwent an explosive period of growth. This trend was driven in large part by Softbank, who had become a reseller of both G Suite and CloudGate in the spring of 2011.
“User accounts increased from 50,000 in the fall of 2011, to 150,000 by the winter of 2012.”
The pace of G Suite adoption continued at a rapid pace. User accounts increased from 50,000 in the fall of 2011, to 150,000 by the winter of 2012. And with this sudden influx of users, CloudGate had a major outage on March 19, 2012.
On that day—a Monday—at 8:15 a.m., we experienced a 40-minute outage during which our users could not login to their G Suite accounts because CloudGate was slow in responding and users were experiencing timeouts.
I still vividly remember the nonstop ringing of the phones that morning from our users and their frustration at not being able to access their email to start their workday. By 8:55 a.m., our engineers had solved the problem—a temporary capacity problem on our load balancer which could not handle the increased number of users. This outage experience served as a crucial reminder for us at ISR as to how vital it was for our end users that our service be available to them at all times. No access to CloudGate meant no access to Gmail, and therefore, no access to emails to get their job started. From that day forward, high availability became one of the highest priorities for our CloudGate service.
Personally, this outage was one of the most difficult times of my professional life. I felt terrible. I could barely sleep that night. I felt that as a service, we had failed our users. I made a promise to myself that night—in the future, I would make every effort possible to avoid failing our users again.
“…our company has been able to provide 99.99% service availability for 4 consecutive years…”
Learning from our shortcomings, we adapted multiple precautions to avoid a repeat of that incident. From making drastic changes to our hardware platform, to improving our power outage response strategy, we became better equipped to handle the needs of our customers. With these new countermeasures, our company has been able to provide 99.99% service availability for 4 consecutive years starting from the fiscal year of April 2012.
Multi-Factor Authentication (MFA)
CloudGate has experienced steady growth (from 150,000 to 680,000 users) in the last four years, in part due to its high service availability rating during that time (99.99% each year). A very important factor driving this expansion has been the rapid adoption of software as a service (SaaS), or cloud services, within the enterprise market. Microsoft Office 365 has played a huge role in accelerating user adoption of cloud services in this market. CloudGate support for Office 365 was launched in 2015, and the need for SSO for Office 365, in parallel with that of G Suite, has been a major factor driving our growth over the last two years, as many corporate users are deploying both G Suite (for mail) and Office 365 (for groupware).
Salesforce, box, rakumo, kintone and many other cloud services have also greatly contributed to the growth of the SaaS market. Within the small and medium business (SMB) sector, many companies’ main applications are now cloud-based. For CloudGate, the SMB sector growth now surpasses that of the large corporations (LCS) segment, reflecting the acceleration of the adoption of cloud services in that sector of the market.
“In parallel with the rise of cloud services in the last few years, we have witnessed an increase of internet breaches as well.”
In parallel with the rise of cloud services in the last few years, we have witnessed an increase of internet breaches as well. This trend has increased dramatically, especially in the last two years.
Roughly two years ago, in the US and Japan, there was a breach of major government data—government employee data in the US and personal pension data in Japan. Also within the past year, we have seen a dramatic escalation of internet breaches. The breaching of the personal email account of Clinton’s campaign manager during the US presidential election, and similarly during the French presidential election, are well-known cyberattacks. More recently, the WannaCry ransomware virus, as well as the compromise of customer data at a major SSO provider in the US, are equally shocking.
“Passwords are at the heart of these breaches and there is an urgent need to replace passwords as the primary method of user authentication.”
Most of these breaches can be traced back to Advanced Persistent Threat (APT) attacks during which user credentials were compromised. Passwords are at the heart of these breaches and there is an urgent need to replace passwords as the primary method of user authentication. The Fast IDentity Online (FIDO) Alliance is an association of over 250 companies worldwide whose mission it is to develop standard protocols that enable easy to use, strong authentication which complement or replace passwords.
ISR joined the FIDO Alliance in late 2014, and then in early 2015, released CloudGate support for the FIDO U2F protocol using YubiKey hardware tokens as strong second-factor authentication. Late in 2015, employing FIDO security principles, we also released CloudGate support for enabling smartphone fingerprint-based authorization for user login from PCs or other desktop-based devices. At ISR, we strongly believe that biometrics will revolutionize authentication—that by taking us beyond passwords, this growing trend will usher in a more secure internet.
Reliable, Affordable, Strong Authentication (RASA)
Since the start of CloudGate in December of 2008, we have operated the service for more than 8 years. We have succeeded in increasing our user base to more than 650,000 users within 1,400 companies. In this final section of the CloudGate story, I would like to summarize the factors driving CloudGate adoption in the marketplace: CloudGate provides Reliable, Affordable, Strong Authentication.
All in all, we have served more than one billion user authentications while attaining 99.99% availability for the last five years. High availability is a term that is easy to understand for system administrators. However, when talking to end users, reliable is a term they use when referring to CloudGate. CloudGate enables a quick login regardless of the time of the day, day of the week or month of the year. CloudGate’s dependability is a result of our efforts to plan capacity, avoid outages, and hold continuous training and rehearsal for quick outage recovery.
Throughout the history of CloudGate, we have strived to make the product affordable. As the numbers of users increase, economies of scale allow us to lower the operation cost per user. We have reinvested our increasing margins in the development of new features, with an emphasis on supporting multi-factor authentication (MFA).
As mentioned in the previous section, CloudGate’s strong authentication support is enabled by complementing or replacing passwords with multiple factors such as hardware tokens (YubiKey) or biometrics (fingerprints).
Lastly, I want to emphasize that providing strong authentication through MFA to our end users is just a part of the overall effort at ISR to make CloudGate the safest, most secure SSO solution in the marketplace. CloudGate’s support for MFA, which started nearly 3 years ago, is still ahead of market demand and is a powerful indicator of our total commitment to providing the highest possible security for our service.
For the whole team at ISR, staying ahead of existing as well as emerging threats is a never ending endeavor, but one that we single-mindedly pursue to make our product the safest, most secure SSO service in the marketplace.
CEO AND FOUNDER
Raul Mendez is the chief executive officer and the founder of International Systems Research Co. (ISR).
With a Ph.D. from University of California, Berkeley, Mendez has more than 20 years of experience in the internet and computer field. Initially, he was an assistant professor at Naval Postgraduate School doing extensive research on supercomputers in the 1980s. He was later scouted as the head for the Institute for Supercomputing Research of Recruit Corporation in Tokyo, Japan.
Ever since he established ISR in 1993, he has been focused on providing IT-related services that cater to the ever changing needs of consumers that have evolved along with the progression of technology and, in particularly, the internet. What started as a consulting company in the HPC (high-performance computing) domain has now become a notable entity in the cloud security market in Japan.
Now, with the groundbreaking product CloudGate, an access control Single Sign-On solution initially created for
G Suite (formerly known as Google Apps), Mendez is leading ISR to secure consumers’ every access to the cloud by providing reliable, affordable, strong authentication.
Trisha U. & Ellie H.
Trisha and Ellie are the executive assistants under the CEO office of ISR.
They designed and edited this web page.