1 Hitachi ID Suite
Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
Administration and Governance of Identities, Entitlements and Credentials.
2 Agenda • • • • • •
Introductions. Hitachi ID corporate overview. Hitachi ID Suite overview. The user management lifecycle. Addressing identity management system deployment challenges. Advantages of the Hitachi ID solution.
© 2015 Hitachi ID Systems, Inc. All rights reserved.
1
Slide Presentation
3 Hitachi ID Corporate Overview
Hitachi ID delivers access governance and identity administration solutions to organizations globally. Hitachi ID solutions are used by Fortune 500 companies to secure access to systems in the enterprise and in the cloud. • • • • •
Founded as M-Tech in 1992. A division of Hitachi, Ltd. since 2008. Over 1200 customers. More than 14M+ licensed users. Offices in North America, Europe and APAC. • Partners globally.
© 2015 Hitachi ID Systems, Inc. All rights reserved.
2
Slide Presentation
4 Representative Customers
5 The User Lifecycle At a high level, the user lifecycle is essentially the same in all organizations and across all platforms.
Š 2015 Hitachi ID Systems, Inc. All rights reserved.
3
Slide Presentation
6 Business Challenges • More IT → more users to manage. • There are challenges throughout the user lifecycle. • Support cost. • User service. • Security.
Slow: too much paper, too many people.
Role changes: add/remove rights. Policies: enforced?
Expensive: too many administrators doing redundant work.
Audit: are privileges appropriate? Org. relationships: track and maintain.
Reliable: notification of terminations.
Passwords: too many, too weak, often forgotten.
Fast: response by sysadmins.
Access: Why can’t I access that application / folder / etc.
Complete: deactivation of all IDs.
7 IAM in Silos In most organizations, many processes affect many applications. This many-to-many relationship creates complexity:
© 2015 Hitachi ID Systems, Inc. All rights reserved.
4
Slide Presentation
8 Distributed IAM Is Complex • Managing each system and application separately is complex. • Complexity is bad: – Expensive: redundant updates to every system when hiring, moving or terminating users. – Unfriendly: users have lots of different IDs and passwords, which they don’t know how to manage. – Insecure: mistakes are made and users get or retain excess entitlements. Orphan and dormant accounts. Stale privileges. • Every system and application added makes things worse.
9 Integrated IAM Processes
Business Processes Hire
IT Processes
Retire
Transfer
Resign
Fire
Finish Contract
Start Contract
New Application
Retire Application
Password Expiry
Password Reset
Identity and Access Management System
Users Passwords Operating System
Directory
Application
Database
E-mail System
ERP
Legacy App
Mainframe
Groups Attributes
Systems and Applications
© 2015 Hitachi ID Systems, Inc. All rights reserved.
5
Slide Presentation
10 Hitachi ID Suite
11 Onboarding New Users Hitachi ID Identity Manager can accelerate the onboarding process and reduce the security administration burden: • Automation: Detect new hires in HR and automatically create access on managed systems, such as AD, SAP and the mainframe. • Self-service workflow: Managers can request and approve access electronically, for example for contractors. • Consolidated administration: Security administrators save time by using one tool to manage users across every system.
© 2015 Hitachi ID Systems, Inc. All rights reserved.
6
Slide Presentation
12 Change Management
Hitachi ID Identity Manager manages changes to user profiles: • Self-service updates to phone numbers, department codes, etc.
HiIM, Hitachi ID Group Manager and Hitachi ID Org Manager manage changes to user roles and responsibilities: • Self-service requests for new entitlements. • Distributed audit of user rights by managers and app owners. • Distributed update of organizational relationships by managers.
© 2015 Hitachi ID Systems, Inc. All rights reserved.
7
Slide Presentation
13 IT Support
Hitachi ID Password Manager for "I forgot/locked my password" calls: • Synchronization: Users with fewer passwords have fewer problems. • Reset: Users can resolve their own problems without calling the help desk. • Assistance: A help desk interface reduces the duration and cost of remaining calls.
Hitachi ID Group Manager for "access denied" calls: • Self-service: Users browse for resources and request access. • Authorization workflow: Group owners are asked to review and approve change requests.
© 2015 Hitachi ID Systems, Inc. All rights reserved.
8
Slide Presentation
14 Deactivating Access
Retirement, resignation, end-of-contract: • Hitachi ID Identity Manager detects changes in systems of record, such as HR, and deactivates all access. • Managers can schedule deactivation with a workflow form.
Dismissals: • Security administrators use an HiIM form to terminate all of a user’s accounts immediately.
Asset retrieval • HiIM inventory tracking assists in retrieval of PCs, cell phones, building access badges, etc.
© 2015 Hitachi ID Systems, Inc. All rights reserved.
9
Slide Presentation
15 Closed Loop IAM Integrated Systems of Record
Hitachi ID Suite List people
Auto discovery
Detected changes Auto-provisioning Identity synch.
Updates
Manual request
Requests Web UI
Updates
Invitations
Authorizers
Approve, reject, delegate
Approvals Web UI
- Validate requests - Route for approval - Invite authorizers - Send reminders - Escalate - Delegate Request Queue
Autofulfillment Work Queue
Manual fulfillment
Connectors
Review, certify, correct
Transaction Manager
Create, delete, update accounts
Invitations
Invitations
Certifiers
Non-integrated Systems
Create, delete, update accounts
Identity Cache
Automatic request
Requesters
Integrated Target Systems
List accounts
Certification Web UI
Workflow Manager
Implementer Web UI
Accept, confirm
Implementers
Š 2015 Hitachi ID Systems, Inc. All rights reserved.
10
Slide Presentation
16 Multi-Master Architecture as ep tiv nge a N ha c
ate lid Va
pw
ord sw
, nix , U 0, AD S/39 P, O DA 0 L S 40 A ch s y n ms ord yste w ss r s Pa igge tr
d, ste o h s ud app Clo aaS S ith s w 90, em OS/3 t s y : SA s t s nt ce ge ge r R rvi se Tar cal a , olde b e o l nix W h L, u wit SQ ms : AD, e t ys nt t s ge etc ge e a es, Tar mot Not re AP, S
ad cer Lo alan b Hitachi ID server se y ver rox Re eb p w N VP erver s IVR erver s
ail E-mystem s
TCP/IP + AES Various Protocols Secure Native Protocol HTTPS
SQL DB
n tio ad cer ca Lo alan s pli e b tion ons SQL R DB ca ati tifi vit No nd in Hitachi ID a ts server ke Tic m ste ord all Sy f rec ew o Fir m nt ste ide sy Inc gmt m
ta Da
rA nte e c
HR
t Da
all ew Fir
B ter n e ac
er erv y s ded) x Pro f nee (i
t ge ms Tar yste S te
mo Re
r nte e c ta da
Š 2015 Hitachi ID Systems, Inc. All rights reserved.
11
Slide Presentation
17 Included Connectors Many integrations to target systems included in the base price:
Directories: Any LDAP, AD, WinNT, NDS, eDirectory, NIS/NIS+.
Servers: Windows NT, 2000, 2003, 2008[R2], 2012, Samba, Novell, SharePoint.
Databases: Oracle, Sybase, SQL Server, DB2/UDB, Informix, Progress, ODBC, Oracle Hyperion EPM Shared Services, Cache.
Unix: Linux, Solaris, AIX, HPUX, 24 more variants.
Mainframes, Midrange: z/OS: RACF, ACF2, TopSecret. iSeries, OpenVMS.
HDD Encryption: McAfee, CheckPoint, BitLocker, PGP.
ERP: JDE, Oracle eBiz, PeopleSoft, PeopleSoft HR, SAP R/3 and ECC 6, Siebel, Business Objects.
Collaboration: Lotus Notes, iNotes, Exchange, GroupWise, BlackBerry ES.
Tokens, Smart Cards: RSA SecurID, SafeWord, RADIUS, ActivIdentity, Schlumberger.
WebSSO: CA Siteminder, IBM TAM, Oracle AM, RSA Access Manager.
Help Desk: ServiceNow, BMC Remedy, SDE, HP SM, CA Unicenter, Assyst, HEAT, Altiris, Clarify, RSA Envision, Track-It!, MS System Center Service Manager
Cloud/SaaS: WebEx, Google Apps, MS Office 365, Success Factors, Salesforce.com, SOAP (generic).
© 2015 Hitachi ID Systems, Inc. All rights reserved.
12
Slide Presentation
18 Rapid Integration with Custom Apps • Hitachi ID Suite easily integrates with custom, vertical and hosted applications using flexible agents . • Each flexible agent connects to a class of applications: – – – – – – – –
API bindings (C, C++, Java, COM, ActiveX, MQ Series). Telnet / TN3270 / TN5250 / sessions with TLS or SSL. SSH sessions. HTTP(S) administrative interfaces. Web services. Win32 and Unix command-line administration programs. SQL scripts. Custom LDAP attributes.
• Integration takes a few hours to a few days. • Fixed cost service available from Hitachi ID.
19 IAM Project Risk Management IAM projects often take too long and cost too much. Why? • Data quality:
Risk management • Combine automation and self-service for clean up.
– Nonstandard, disconnected IDs – Incorrect, old identity data. • Never-ending role engineering:
• Start deployment with just a few roles. • Add roles gradually, based on demand.
– Role based access control is a good objective, but... – It can be slow and costly to develop and maintain roles. – Some users just don’t fit. • Too many workflows: – Defining too many forms, processes takes too long. – One form, one process per change type? Per system?
• Implement a generic change management system. • Custom forms for just the most popular requests.
© 2015 Hitachi ID Systems, Inc. All rights reserved.
13
Slide Presentation
20 Hitachi ID Technology Advantages Industry-leading technology at the lowest TCO: • More features and functionality for less money: – Lower initial and ongoing investment (License scheme) – Lower on-going administration costs • Technology (not services) drives down deployment costs: – – – – – –
Reference builds. All features, connectors included. Auto-discovery of systems, accounts, entitlements. Automated and self-service ID mapping. Policy-driven workflow easier to manage. No need to engage in costly role engineering.
21 Hitachi ID Suite Summary • Three integrated IAM products, used by over 14M users, that can: – Discover and connect identities across systems and applications. – Securely and efficiently manage entitlements and credentials. – Secure and monitor access to privileged accounts. • Improve security to comply with regulations. • Reduce IT support cost and improve user productivity. • Consolidate management of on-premise and SaaS apps.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
www.Hitachi-ID.com
Date: May 22, 2015
File: PRCS:pres