Post on 07-Mar-2016
description
1 ID Management Suite
Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications
Fully integrated identity and access management.
2 Agenda
• Hitachi ID corporate overview.• Identity problems and ID Management Suite benefits.• ID Management Suite technology.• Example deployments.• Discussion.
3 Hitachi ID Corporate Overview
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
Slide Presentation
3.1 Hitachi ID Corporate Overview
Hitachi ID is a leading provider of identityand access management solutions.
• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 900 customers.• More than 11M+ licensed users.• Offices in North America, Europe and
APAC.• Partners globally.
3.2 Representative Hitachi ID Customers
4 Identity Problems and ID Management Suite Benefits
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
Slide Presentation
4.1 Business Challenges
• More IT→ moreusers to manage.
• There arechallengesthroughout theuser lifecycle.
• Support cost.• User service.• Security.
Slow:too much paper,
too many people.
Expensive:too many administrators
doing redundant work.
Role changes:add/remove rights.
Policies:enforced?
Audit:are privileges appropriate?
Org. relationships:track and maintain.
Reliable:notification of terminations.
Fast:response by sysadmins.
Complete:deactivation of all IDs.
Passwords:too many, too weak,often forgotten.
Access:Why can’t I access thatapplication / folder / etc.
4.2 ID Management Suite
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
Slide Presentation
4.3 HiIM Benefits
Feature Impact Benefit
Auto-provisioning Changes on a system of recordtrigger account creation,deactivation.
Cost, Service, Security:Less manual administration.New hires setup on time.Reliable termination.
Self-service workflow Change requests via web form.Authorizers selected by built-inlogic.E-mail invitations, webapprovals.
Service, Cost:More efficient changemanagement.Less manual administration.
Consolidated administration Security officers can manageany user on any system from aweb console.Reports show entitlementsacross systems.
Cost, Security:More efficient to manage byuser than by system.Known account ownershipestablishes accountability.
4.4 HiPM Benefits
Hitachi ID Password Manager is an authentication management platform, providing a consistentprocess for managing passwords, tokens, smart cards and more.
Feature Impact Benefit
Password synchronization Fewer passwords toremember.
Improved ease-of-use.Fewer password problems.
Self-serve password, PINreset
Users resolve their ownproblems.
Fewer help desk calls.
Assisted password reset Faster call resolution. Lower cost per incident,improved service.
Policy enforcement Password complexity, history,periodic changes.
Passwords harder tocompromise.
Single signon Automated application logins. Users happier with IT.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
Slide Presentation
4.5 HiPAM Impact
Feature Impact Benefit
Randomize passwords daily Eliminate static, sharedpasswords.
Disconnect former IT staff.
Controlled disclosure Control who can seepasswords.
The right users and programscan access privileged accounts,others cannot.
Logging & Reporting Monitor password disclosure. Accountability.Faster troubleshooting.
Encryption Secure passwords in storageand transit.
Physical compromise does notexpose passwords.
Replication Passwords stored on multipleservers, in different sites.
Survive server crashes and sitedisasters.
5 ID Management Suite Technology
5.1 Closed Loop IAM
IntegratedSystems
of Record Autodiscovery
Auto-provisioningIdentity synch.
IdentityCache
IntegratedTarget Systems
Non-integratedSystems
Transaction Manager
Connectors
List accounts
Create,delete,update
accountsUpdates
UpdatesDetectedchanges
Listpeople
Authorizers Approve,reject,delegate
Invitations
ApprovalsWeb UI
Certifiers Review,certify,correct
Invitations
CertificationWeb UI
Requesters Manualrequest
RequestsWeb UI
- Validate requests- Route for approval- Invite authorizers- Send reminders- Escalate- Delegate
Manualfulfillment
Auto-fulfillment
Create,delete,updateaccounts
Automaticrequest
ImplementersAccept,confirm
Invitations
ImplementerWeb UI
RequestQueue
WorkflowManager
Hitachi ID Management Suite
WorkQueue
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
Slide Presentation
5.2 Included Connectors
Many integrations to target systems included in the base price:
Directories:Any LDAP, AD, WinNT, NDS,eDirectory, NIS/NIS+.
Servers:Windows NT, 2000, 2003,2008, Samba, Novell,SharePoint.
Databases:Oracle, Sybase, SQL Server,DB2/UDB, Informix, ODBC.
Unix:Linux, Solaris, AIX, HPUX, 24more.
Mainframes, Midrange:z/OS: RACF, ACF2,TopSecret. iSeries,OpenVMS.
HDD Encryption:McAfee, CheckPoint.
ERP:JDE, Oracle eBiz, PeopleSoft,SAP R/3 and ECC 6, Siebel,Business Objects.
Collaboration:Lotus Notes, Exchange,GroupWise, BlackBerry ES.
Tokens, Smart Cards:RSA SecurID, SafeWord,RADIUS, ActivIdentity,Schlumberger.
WebSSO:CA Siteminder, IBM TAM,Oracle AM, RSA AccessManager.
Help Desk:BMC Remedy, SDE, HP SM,CA Unicenter, Assyst, HEAT,Altiris, Track-It!
Cloud/SaaS:WebEx, Google Apps,Salesforce.com, SOAP(generic).
5.3 Simple Integration with Custom Apps
• ID Management Suite easily integrates with custom, vertical and hosted applications using flexibleagents .
• Each flexible agent connects to a class of applications:
– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.
• Integration takes a few hours to a few days.• Fixed cost service available from Hitachi ID.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 6
Slide Presentation
5.4 Multi-Master Architecture
UserPasswordSynchTriggerSystems
Load Balancer
SMTP or Notes Mail
IncidentManagementSystem System of
Record
IVRServer
ReverseWeb Proxy
Target Systemswith local agent:OS/390, Unix, older RSA
Firewall
TCP/IP + AES
Various Protocols
Secure Native Protocol
HTTPS
Remote Data Center
Firewall
Local Network
Target Systemswith remote agent:AD, SQL, SAP, Notes, etc
Target SystemsEmails
Tickets
Lookup & Trigger
Native
password
change
AD, Unix,
OS/390,
LDAP,
AS400
Validate PW
Web Services
Proxy Server(if needed)
Hitachi IDApplicationServer(s)
SQL/Oracle
SQLDB
SQLDB
Cloud-hosted,
SaaS apps
VPNServer
6 Example Deployments
6.1 Case Study: US Bank
Customer description: US bank
Product: Hitachi IDPassword Manager
Industry: Banking
Number of users: 150,000
Functionality: Password reset via telephone, web browser
Main business driver: Reduce IT support cost, improve authentication security when userscall for help.
Business impact: Eliminated 33,000 help desk calls/month.Saved at least US$ 4,000,000/year.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 7
Slide Presentation
6.2 Case Study: Restaurant Chain
Customer description: Global restaurant chain
Products: Hitachi IDIdentity Manager
+ Hitachi IDPassword Manager
Number of users: 110,000
Functionality: Simplify onboarding, deactivation of users in 12 countries.
Main business driver: Reduce IT administration cost.Eliminate orphan accounts.
Business impact: Create and delete thousands of user accounts/year withoutinvolvement by corporate security.
6.3 Case Study: Semiconductor Company
Customer description: Semiconductor company
Product:
Industry: Semiconductor
Number of servers: 3,000 – Unix, Windows, SQL Server, VMWare ESX
Functionality: Randomize local administrator passwords on mission-critical servers,daily. Control disclosure to 200+ users.
Main business driver: Secure sensitive password and discontinue manual effort.
Business impact: Improved system security, reduced monthly cost of manually changingthousands of passwords.
6.4 Case Study: Insurance Company
Customer description: Insurance company.
Products: Hitachi IDPassword Manager
Industry: Financial
Number of users: 40,000
Functionality: Browser-based password synchronization and reset.
Main business driver: Reduce IT support call volume.
Business impact: Automate 25,000 password resets and unlocks per month.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:presDate: March 1, 2012