Simplex has adopted Microsoft Defender for Cloud to strengthen its multi-cloud security.

Simplex Inc. leverages three major cloud services to provide a fully operational environment for system development, operation and maintenance that quickly meets the needs of all customers, including financial institutions and government agencies.

Simplex prioritizes security, implementing zero trust with Microsoft 365 E5 and adopting Microsoft Defender for Cloud. This ensures robust security for all development environments across our multi-cloud platform.

Microsoft Defender for Cloud automatically enforces Simplex's security policies across all major cloud environments, enhancing cybersecurity and boosting productivity confidence.

A highly flexible development environment that anticipates customer needs

Simplex, which provides IT services to financial institutions and public organizations, has always placed a high priority on cybersecurity measures and has implemented operations in accordance with the FISC Security Standards, the same guidelines used by financial institutions. With the COVID-19 pandemic in 2020 bringing about changes in the way people work, Simplex quickly transitioned from traditional perimeter security to zero trust security that fully leverages Microsoft 365 E5.

Simplex has always practiced strict cybersecurity, but there was one “management issue,” according to Mr. Takashi Ota. That was the countless development environments available on the three major clouds: AWS, Azure, and Google Cloud.

Simplex, which stays ahead of customer needs by keeping a close eye on the latest technologies and conducting flexible and rapid research and development of various systems and services, has an ever-changing number of projects in progress. In Azure, developers are allocated resources on a subscription basis, while in AWS, resources are allocated per AWS account. Within these highly flexible development environments, new instances and VPCs are created daily on Azure and AWS for development and testing.

At Simplex, which prioritizes business agility, “approved projects are provided with significant freedom to utilize resources across the three major clouds,” says Mr. Ota. Each of the three major clouds has its own security administrator who implements security management such as control and auditing, but Mr. Ota continues, “There were aspects that we couldn't fully address in order to operate more strictly.”

"For example, AWS Security Hub is applied to VPCs created within AWS, but we were concerned about whether it was consistent with our security policy. With an overwhelming number of VPCs being created at a rapid pace, it was nearly impossible for our small team to keep track of and manage everything.“

To address this ”nearly impossible" challenge and further strengthen security for all development projects, Simplex adopted Microsoft Defender for Cloud, Microsoft's cloud-native application protection platform.

Further strengthen zero trust security with Microsoft 365 E5

Defender for Cloud is highly compatible with the zero-trust security environment implemented by Simplex, and “it was an extremely attractive option for us as we were considering the adoption of CSPM (Cloud Security Posture Management) and CWPP (Cloud Workload Protection Platform) products,” said Mr. Noboru Nakano, Associate Principal of the Cross-Frontier Division at the company.

"We fully leverage Microsoft 365 E5 to meet the zero-trust security requirements aligned with FISC security standards. Defender for Cloud seamlessly integrates with this security environment, enabling a more robust security posture. In addition to protecting Azure, we can also protect multi-cloud environments that use AWS and Google Cloud via APIs using Microsoft's native connectors. This was a very important point for us.“

Mr. Ota also said, ”When I heard from Mr. Nakano in the spring of this year (2025) that ‘by connecting with a connector, we will be able to automatically monitor AWS,’ I was very excited. We had been waiting for such a solution for a long time," he recalls with a smile.

Once Defender for Cloud was on the table, Simplex immediately set up a PoC (Proof of Concept) environment to verify whether it could properly protect the VPC on AWS. The superiority of Defender for Cloud was immediately proven, he says.

Mr. Nakano mentioned that applying Microsoft Defender for Cloud to AWS and Google Cloud did not require complex configurations. He noted that AWS CloudFormation can be used for deployment to AWS, making the process straightforward. Additionally, he observed that the system effectively monitors AWS with minimal effort.

“Microsoft Defender for Cloud to AWS and Google Cloud did not require complex configurations. He noted that AWS CloudFormation can be used for deployment to AWS, making the process straightforward. Additionally, he observed that the system effectively monitors AWS with minimal effort.”

Mr. Noboru Nakano, Cross Frontier Division Associate Principal, Simplex Inc.

Annual configuration checks will now be performed daily, significantly reducing management workload

Simplex has conducted a proof of concept and is gradually implementing Defender for Cloud. We have begun applying it to Azure, starting with the following two verification tasks.

1. Detection of vulnerable Azure configurations
2. Vulnerability management for devices on Azure

Mr. Nakano explains, "We design and audit to meet high security standards, but configuration errors and design omissions do occur. In addition, developers currently manage devices and VMs on Azure individually, so security administrators are unable to identify and detect incidents such as VM vulnerabilities and malware detection. To resolve these issues, we wanted to enable Defender for Cloud to perform comprehensive checks. Furthermore, we wanted to incorporate incident response for malware detection and other incidents occurring on Azure devices into the Microsoft Defender XDR (Extended Detection and Response) incident response flow, similar to that for devices in our internal office environment."

Mr. Nakano continues, saying that the effects of implementing Defender for Cloud were immediately apparent.

"First, detecting vulnerable configurations used to be very labor-intensive, so we conducted annual audits. However, thanks to Defender for Cloud, this process has been automated, eliminating the need for labor and allowing us to check daily. This is a dramatic change. We were also able to detect configuration omissions during the development stage and vulnerable configurations that we had not noticed during the design stage, which has improved security. As for vulnerability management for devices on Azure, we have confirmed that it can be managed in the same way as internal devices managed by Microsoft Defender XDR. Currently, our zero trust security integrates multiple layers, including endpoints such as PCs, the cloud, and the network, and enables XDR to respond to detected threats. Defender for Cloud is also integrated into this system. As a result, nearly everything can be monitored and confirmed from a single management console. As mentioned earlier, the ability to “connect via a connector and simply turn it on” is a result of fully leveraging Microsoft 365 E5.

Centralize management of multi-cloud environments

Mr. Nakano emphasizes, “The advantage of achieving such comprehensive security with so little effort is something that other solutions cannot offer.”

“At least when I set up Defender for Cloud on Azure by myself, I didn't need any connectors. All I had to do was turn on a switch in the management console, so the effort was practically zero.”

Furthermore, Nakano adds that “we have confirmed that it is possible to detect vulnerable configurations across the entire multi-cloud environment, including AWS and Google Cloud,” and that the benefits of expanding its use in the future will be significant.

“Until now, we used different products for each cloud service to detect vulnerable configurations, and we also had to build a system to notify developers of any issues found. By consolidating this into Defender for Cloud, we can significantly reduce management effort. Additionally, administrators only need to become familiar with Defender for Cloud's features to handle multi-cloud environments, further reducing the time needed to catch up. The benefits of this implementation will continue to grow in the future.”

“We can't let the momentum of development be hindered by a lack of management. Maintaining this pace of development is crucial to staying ahead of customer needs. However, thanks to Defender for Cloud, we can now automatically monitor multiple clouds, including Azure, AWS, and Google Cloud, all in one place. This change is very welcome.”

Mr. Takashi Ota, Cross Frontier Division Principal, Simplex Inc.

Promoting innovation through active use of innovative technologies

Although Simplex has only just begun using Defender for Cloud, Mr. Ota says that expectations are high.

"Since moving our development environment to the cloud, we can easily create instances and VPCs. In the past, it took a long time to procure PCs and servers, so the speed is like night and day. We can't let the momentum of development be hindered by a lack of management. Maintaining this pace of development is crucial to staying ahead of customer needs. However, thanks to Defender for Cloud, we can now automatically monitor multiple clouds, including Azure, AWS, and Google Cloud, all in one place. This change is very welcome."

Finally, Mr. Ota concludes by saying, “When it comes to managing not only Azure but also AWS with Microsoft products, it might seem like a challenging endeavor. However, if there is a possibility of achieving stronger security and even accelerating our business speed, our corporate culture is to create a risk-free environment on the cloud and verify it, rather than engaging in endless discussions. Especially regarding security, you often can’t find the right answer just by researching and deliberating before actually trying things out.”