Panasonic Heating, Ventilation & A/C Company’s Path to Enhanced Development Operations and Security Using the JFrog Platform

OVERVIEW

Panasonic Heating, Ventilation and A/C Division develops and operates residential air conditioners, electric water heaters, CO2 heat pump water heaters, air-to-water heat pumps, commercial air conditioners and VRF multi-split air conditioning systems for residential and commercial buildings.

The company’s services are deployed across a wide range of environments, from sports centers, train stations and schools to hospitals and department stores. Additionally, the organization is moving towards AI-powered models for their energy-saving control systems as part of a greater strategy to differentiate themselves from the competition by using a more  innovative approach to meet industry challenges. For example, the company uses AI models to determine the customer’s local weather, temperature, and air humidity, to provide the optimal air conditioner settings for energy savings.

The Panasonic AC Smart Cloud system provides status updates to all installations, reducing potential breakdowns and optimizing costs.

Given the complexity of combined responsibility for ensuring application security and management of AI/ML development operations, and the need for auditing of all software artifacts to ensure compliance with relevant standards, the team realized that a more comprehensive software development and security platform had become an urgent requirement.

The project was led by Mr. Kengo Nishimura, Director of the Service Development and Operation Department, Solution Business Development Center, Solution Engineering Business Division at Panasonic Corporation’s Heating & Ventilation & Air Conditioning (HVAC) Company, and Senior Engineer Hideki Homma.

CHALLENGES

Before adopting the JFrog Platform, Panasonic HVAC relied on manual processes, such using a spreadsheet to track information and manage vulnerabilities in multiple coding languages such as C, C#, C++, Java and Python. This approach was labor-intensive, prone to errors, and inadequate for addressing the rapidly growing volume of vulnerabilities.

The team was also faced with the challenge of managing vulnerabilities for open source software (OSS) packages. This included ensuring security compliance across multiple services, which required a large amount of man-hours to review each vulnerability and make sure that there was a remediation plan and countermeasures were in place.

Additionally, the company needed a more efficient way to manage binary artifacts and ensure that all software components met their stringent security standards. The reliance on open databases like the National Vulnerability Database (NVD) provided insufficient coverage, leading to last-minute rollbacks and wasted time in the development cycle.

SOLUTION

To address these challenges, Panasonic HVAC followed a growing industry trend, in seeking a platform approach covering the three major pillars of software artifact management, application security and continuous release distribution. In the end, JFrog’s comprehensive DevOps and Security Platform was selected as their solution of choice.

The JFrog Platform helps protect against OSS vulnerabilities while auditing artifacts for compliance with quality and security standards.

More specifically, the team believed that the end-to-end solution provided by JFrog products and features could provide the improved efficiency and security they required:

• JFrog Artifactory: Centralized the management of all binaries, ensuring that the company could store, track, and manage all artifacts with consistent security and compliance controls. Leveraging Artifactory also provided the ability to federate development environments in different locations between servers and AWS, and create a more efficient centralized repository for the entire organization.

• JFrog Xray and JFrog Advanced Security: Significantly improved the speed and accuracy of dependency vulnerability detection based on JFrog’s unique vulnerability database, that includes daily updates providing far more extensive coverage than previous NVD open database solutions. The addition of contextual analysis gave an even more in-depth understanding regarding the impact of CVEs on specific applications, thereby minimizing false positives and misdetections, while identifying real threats with significantly greater accuracy.

• JFrog Distribution: Facilitates the secure and efficient distribution of artifacts across different environments, ensuring consistent deployments.

RESULTS

By adopting the JFrog Platform, Panasonic Corporation’s HVAC Division transformed its approach to DevOps. achieving significant improvements in security, efficiency, and overall development quality, as well as the following critical benefits:

• Integrated Security at Every Stage of Development: With JFrog Xray’s comprehensive scanning capabilities, Panasonic was able to detect and address vulnerabilities earlier in the development cycle, reducing the risk of security breaches and the need for costly rollbacks.

• Single System of Record for Secure, Automated Software Releases: The integration of JFrog’s tools enabled a shift-left approach, allowing developers to perform vulnerability checks earlier in the development process. This not only reduced labor costs but also improved the overall release cycle, streamlining Panasonic’s overall security processes.

• End-to-end Auditing and Traceability: With JFrog Artifactory, the management of binaries became more efficient, reducing the time and effort required to track and deploy software components across different environments.

• Enterprise Proven Scale and Governance: As Panasonic HVAC continues to innovate in the IoT space, the JFrog Platform provides the scalability needed to support increasing demands, ensuring that the company can continue to deliver cutting-edge solutions to its customers, including:

• • Centralized Governance: The ability to set policies and continuously monitor compliance across all repositories ensuring that Panasonic can still enforce their stringent security standards while reducing manual oversight.

• • Secure Distribution Across Environments: JFrog Distribution allowed Panasonic to overcome network limitations and securely deploy artifacts across various environments, maintaining consistency and security throughout the development lifecycle.

This partnership between Panasonic’s HVAC Company and JFrog has been instrumental in transforming development and operations processes, resulting in not only in better security and compliance, but also enhanced efficiency and reduced costs.  After streamlining its development operations, Panasonic is now better equipped to deliver secure, innovative solutions to its customers, solidifying its position as a leader for air conditioning, hot water and IoT solutions.

The JFrog Platform

Overcoming network limitations and securely deploying artifacts across various environments, deployment of the JFrog Platform ensures consistency and security throughout the development lifecycle, while providing a complete audit for regulatory and standards compliance.

We invite DevOps and Security professionals who are managing software updates to edge devices to schedule a one-on-one demo or take an online guided tour and see how the JFrog Platform changes how AI/ML software is developed and delivered to the edge.

Products
The JFrog Platform, JFrog Artifactory, JFrog Xray, JFrog Distribution

Additional Resources
White Paper:      The Definitive Guide to Securing the Software Supply Chain
Solution Sheet:  ML Model Management
Case Study:         Telecomm Giant Achieves Scalable, Resilient & Secure Software Development