Aqua Delivers Security for “Human-level” HCM SaaS at Forum Engineering

Company Name
Forum Engineering Inc.
Organization Size
4,377 Employees
Appliances, Electrical, and Electronics Manufacturing
Minato, Tokyo


Customer Overview: Forum Engineering Co., Ltd.

Forum Engineering is a well-established engineer staffing company with headquarters in Tokyo, Japan. With almost five thousand employees, it provides temporary staffing of mechanical and electrical engineers for companies looking to meet short-term demands. Forum Engineering has experts on staff covering multiple disciplines in IT services, as well as general science and engineering services, and corporate training.

As demand for its services began trending down, Forum Engineering sought to find new opportunities. Over the past 10 years, it has aggressively invested in , which is unusual for a technology staffing company. That investment has resulted in its “Cognavi” AI platform, which they believe will transform the normally labor-intensive staffing industry. By adding AI and natural language technologies to its already rich pool of knowledge, it can better match its resources with customers’ demands. Cognavi can support better, faster decision-making based on objective indicators. Furthermore, development continues to reduce human-dependent touchpoints for this service, including customer contact points.

The Challenge: Securing the company’s container platform supporting ICT

By 2018, the company had solidified the product concept for its new SaaS service, “Cognitive Talent Management,” and turned its focus on choosing the right platform to deploy it. The company, which decided to adopt container technology for its Cognavi SaaS service, chose Aqua Security to secure its container platform and fully realize the potential of its new offering. In addition, it leveraged Cresco Co., Ltd. for system integration.

Part of the reason that Aqua was selected was its extensive support for AWS Fargate and Amazon ECS — and its very positive reputation for securing container technologies. Cresco was chosen based on its experience providing Forum Engineering with a wide range of services from consulting, design, development, operations, and maintenance for information systems.

"Looking back on those days, assuming a multi-tenancy architecture, we decided on using cloud and container technology, and Cresco, who had been supporting us from the system side for a long time, to help us build the system infrastructure.”
Masahiro Takeuchi, Managing Director of Forum Engineering

The Solution: Aqua provided proven container security for AWS Fargate and Amazon ECS

From the start, the Cresco and Forum Engineering teams looked at AWS Fargate orchestrated by Amazon ECS as their container platform of choice. They determined this based on its cost performance and usability. The AWS platform lets them focus on application development and operations — independent of the OS and server. That meant its security also had to have the same level of expandability and flexibility to meet changing requirements. So, a security solution with a proven track record working with AWS was an important deciding factor.

“We needed to support a dynamic, platform-based service, so it was necessary to build a system with expandability and flexibility. AWS Fargate stood out to us as a container platform that can respond to rapid increases and decreases in the number of users and meet portability requirements.”

Mr. Hiroyuki Nakata
Senior Project Manager, Cresco

Next, the team mapped out their security requirements. Since this new platform service was something that customers would interact with directly, it was essential to ensure platform security for the end-user, while maintaining usability.

After learning more about Aqua Security, including its current cloud native security successes, the team selected Aqua as the final candidate and conducted detailed functional verification. Keiko Uemura, a Cresco IT specialist, was put in charge of integrating Aqua and designing how it would work in their system environment.

The team completed its verification work in March of 2019, and by October of that same year, the Forum Engineering Cognitive Talent Management service, secured by Aqua, was put into full operation.

"…we evaluated four cloud-native security products, including OSS and paid products, but one solution stood out. Only the Aqua platform met our requirements and had demonstrable success working with AWS Fargate."
Hiroyuki Nakata, Senior Project Manager, Cresco

System Overview: Security throughout the development life cycle for large-scale container platforms

The Cognavi Talent Management service responds to requests for resources and matches engineers to client companies with specific requirements. This service helps to refine results provided by other Forum Engineering services, such as Cognavi Dispatch, Cognavi Career Change, and Cognavi New Graduates. By ranking the necessary attributes required: experience, length of deployment, and other factors, the Cognavi Talent Management service can efficiently and accurately suggest personnel that more closely align with client needs to equip companies with any level of engineering support.

On the system side, by using the AWS Fargate container service, it is easier for Forum Engineering to respond to rapid increases or decreases in the number of client users, they also eliminate the need to provision and manage servers and, instead, stay focused on the performance of the application.  With more than 130 containers deployed, this large cloud-native AWS deployment is meeting the company’s need for flexibility, availability, and portability.

But all this capability is nothing without security, Aqua makes it is possible to detect vulnerabilities, misconfigurations, and threats caused by malware.  Forum Engineering uses Aqua to scan images at build, as well as at scheduled intervals. When a problem is detected, an alert notification is sent to the operations administrator with the necessary details surrounding the vulnerability through the Aqua Security console. 

Similarly, to ensure the protection of applications at runtime, selected policies enforce least-privileges requirements for any processes required for the operation of containers — this helps to ensure the immutability of images. Security risks such as unauthorized image deployment, malicious code injection, tampering, illegal data leakage, and various types of attacks can be eliminated. The runtime protection policy can be set using out-of-the-box and customer-defined policies. In addition, the operational load can be reduced by taking advantage of Aqua’s ability to learn the behavior of the container and automatically set the policy to enforce least privilege.

"Availability was very important to us, which is redundant in the Amazon ECS environment. We verified whether configuration and failover were possible and if the features described in the technical documentation were accurate. Although it was our first introduction to the Aqua platform, we successfully performed our verification with the support of Creation Line and were able to confirm that it met our requirements."
Keiko Uemura, IT Specialist Cresco

Results: Aqua ensures problems are addressed during the build and deployment phases

After a successful roll-out, Cognitive Talent Management is being used to support multiple companies, and the benefits of using Aqua are clear. The features of runtime protection, image scanning, single console, etc., are all available, but image scanning has delivered the biggest positive benefit so far.

Mr. Uemura, who oversees operations for the container platform, said,

“The Aqua image scanner has provided the most initial benefits, effectively detecting vulnerabilities at build and displaying them all in one console. We’re infrastructure-oriented engineers, so in the past, we were in a situation where we couldn’t see security issues in the application, but with image scanning, including vulnerabilities in the application library. I now have a panoramic view into vulnerabilities.”

Keiko Uemura
IT specialist, Cresco

Also, the new infrastructure provides deployment automation, and when changes are made in the application, it is usually deployed automatically. Fortunately, the Aqua scanner can also be integrated into this process.

“I like that it’s possible to automatically prevent the deployment of problematic containers, this feature has had a major positive effect on the introduction of new containers."
Keiko Uemura, IT Specialist Cresco

The Future: Expanding Aqua’s security footprint

In addition to launching full-scale sales activities for its Cognavi Talent Management Service, Forum Engineering has already begun to consider future expansion leveraging Aqua Security.

Currently, Cognavi consists of five services. By seamlessly linking these services, the company can maximize opportunities for its engineers and services. But Forum Engineering would also like to quickly build on its success of Cognavi to maximize the potential of the service. The company believes that by using Aqua, they can virtually guarantee a secure environment as the service’s capabilities expand.

Using the Aqua platform, the level of control and visibility provided enables Forum engineering to focus on managing application functions — instead of worrying about security. After the successful deployment of Aqua, Forum Engineering expects to use the Aqua for future security needs.

Aqua enables Forum Engineering to:

  • Secure its new SaaS-based service
  • Enforce least-privileges requirements
  • Scan container images in the CI/CD pipeline and registries for known vulnerabilities
  • Gain visibility into the security posture of applications from development to production
  • Focus on application development, including large container platforms, without sacrificing security or speed
  • Establish container security in runtime with policy-based controls and image immutability