1

IDM Suite

Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Administration and Governance of Identities, Entitlements and Credentials.

Agenda
Introductions. Hitachi ID corporate overview. IDM Suite overview. The user management lifecycle. Addressing identity management system deployment challenges. Advantages of the Hitachi ID solution.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

Hitachi ID Corporate Overview

Hitachi ID delivers access governance and identity administration solutions to organizations globally. Hitachi ID solutions are used by Fortune 500 companies to secure access to systems in the enterprise and in the cloud. Founded as M-Tech in 1992. A division of Hitachi, Ltd. since 2008. Over 1000 customers. More than 12M+ licensed users. Ofces in North America, Europe and APAC. Partners globally.

Representative Hitachi ID Customers

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

The User Lifecycle

At a high level, the user lifecycle is essentially the same in all organizations and across all platforms.

Business Challenges
More IT more users to manage. There are challenges throughout the user lifecycle. Support cost. User service. Security.
Slow: too much paper, too many people. Expensive: too many administrators doing redundant work. Role changes: add/remove rights. Policies: enforced? Audit: are privileges appropriate? Org. relationships: track and maintain.

Reliable: notication of terminations. Fast: response by sysadmins. Complete: deactivation of all IDs.

Passwords: too many, too weak, often forgotten. Access: Why cant I access that application / folder / etc.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

IAM in Silos

In most organizations, many processes affect many applications. This many-to-many relationship creates complexity:

Distributed IAM Is Complex

Managing each system and application separately is complex. Complexity is bad: Expensive: redundant updates to every system when hiring, moving or terminating users. Unfriendly: users have lots of different IDs and passwords, which they dont know how to manage. Insecure: mistakes are made and users get or retain excess entitlements. Orphan and dormant accounts. Stale privileges. Every system and application added makes things worse.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

Integrated IAM Processes

Business Processes
Hire Retire Resign Finish Contract New Application

IT Processes
Retire Application

Transfer

Fire

Start Contract

Password Expiry

Password Reset

Identity Management System

Users Passwords
Operating System Directory Application Database E-mail System ERP Legacy App Mainframe

Groups Attributes

Systems and Applications

10

IDM Suite

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

11

Onboarding New Users

Hitachi ID Identity Manager can accelerate the onboarding process and reduce the security administration burden: Automation: Detect new hires in HR and automatically create access on managed systems, such as AD, SAP and the mainframe. Self-service workow: Managers can request and approve access electronically, for example for contractors. Consolidated administration: Security administrators save time by using one tool to manage users across every system.

12

Change Management

Hitachi ID Identity Manager manages changes to user proles: Self-service updates to phone numbers, department codes, etc.

HiIM, Hitachi ID Group Manager and Hitachi ID Org Manager manage changes to user roles and responsibilities: Self-service requests for new entitlements. Distributed audit of user rights by managers and app owners. Distributed update of organizational relationships by managers.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

13

IT Support

Hitachi ID Password Manager for "I forgot/locked my password" calls: Synchronization: Users with fewer passwords have fewer problems. Reset: Users can resolve their own problems without calling the help desk. Assistance: A help desk interface reduces the duration and cost of remaining calls.

Hitachi ID Group Manager for "access denied" calls: Self-service: Users browse for resources and request access. Authorization workow: Group owners are asked to review and approve change requests.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

14

Deactivating Access

Retirement, resignation, end-of-contract: Hitachi ID Identity Manager detects changes in systems of record, such as HR, and deactivates all access. Managers can schedule deactivation with a workow form.

Dismissals: Security administrators use an HiIM form to terminate all of a users accounts immediately.

Asset retrieval HiIM inventory tracking assists in retrieval of PCs, cell phones, building access badges, etc.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

15

Closed Loop IAM

Hitachi ID Management Suite
List people
Auto discovery

Integrated Systems of Record

List accounts Updates

Integrated Target Systems

Detected changes
Auto-provisioning Identity synch.

Identity Cache

Automatic request

Updates

Create, delete, update accounts

Non-integrated Systems

Requesters

Manual request Invitations

Requests Web UI

- Validate requests - Route for approval - Invite authorizers - Send reminders - Escalate - Delegate
Request Queue

Autofulllment
Work Queue

Manual fulllment

Connectors

Authorizers

Approve, reject, delegate Invitations

Approvals Web UI

Transaction Manager

Create, delete, update accounts

Invitations

Certifiers

Review, certify, correct

Certification Web UI

Workflow Manager

Implementer Web UI

Accept, conrm

Implementers

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

16

Multi-Master Architecture
, nix , U 0, AD S/39 P, O DA 0 L S40 d e A tiv wor a s N as ge p han c g Tri ch yn S rd wo

ms ste Sy r ge t: en ag

, te d os s h ud app Clo aaS S

r IVR erve S

se ver Re eb y W rox P N r VP erve S or il TP Ma SM otes N r ad ce Lo alan B

ate lid Va

al s) loc er( ith RSA v r w s er Se ID em old hi on yst nix, ac licati t S i t U H pp SQL ge 0, A s DB Tar S/39 ce ss Pa

PW

SQL DB

TCP/IP + AES Various Protocols Secure Native Protocol HTTPS

ails Em nt ide Inc gmt em M yst S

L/ SQ racle O
Tic ts ke

t: en ag e t o rem c ork ith s, et O rvi w e tw e s ot S e m b N e lN We yst P, t S SA oca ge SQL, r L a T D, A ll a ew Fir

u ok Lo of m ste d Sy ecor R

er gg Tri & p

all ew Fir

er erv y S ded) x Pro f nee (i

ter en C ta Da e t mo Re

t ge ms Tar yste S

2013 Hitachi ID Systems, Inc.. All rights reserved.

10

Slide Presentation

17

Included Connectors

Many integrations to target systems included in the base price:

Directories: Any LDAP, AD, WinNT, NDS, eDirectory, NIS/NIS+.

Servers: Windows NT, 2000, 2003, 2008, 2008R2, Samba, Novell, SharePoint. Mainframes, Midrange: z/OS: RACF, ACF2, TopSecret. iSeries, OpenVMS. Collaboration: Lotus Notes, Exchange, GroupWise, BlackBerry ES.

Databases: Oracle, Sybase, SQL Server, DB2/UDB, Informix, ODBC, Oracle Hyperion EPM Shared Services, Cache. HDD Encryption: McAfee, CheckPoint, BitLocker, PGP. Tokens, Smart Cards: RSA SecurID, SafeWord, RADIUS, ActivIdentity, Schlumberger. Cloud/SaaS: WebEx, Google Apps, MS Ofce 365, Salesforce.com, SOAP (generic).

Unix: Linux, Solaris, AIX, HPUX, 24 more variants. ERP: JDE, Oracle eBiz, PeopleSoft, PeopleSoft HR, SAP R/3 and ECC 6, Siebel, Business Objects. WebSSO: CA Siteminder, IBM TAM, Oracle AM, RSA Access Manager.

Help Desk: ServiceNow, BMC Remedy, SDE, HP SM, CA Unicenter, Assyst, HEAT, Altiris, Clarify, RSA Envision, Track-It!, MS System Center Service Manager

18

Rapid Integration with Custom Apps

IDM Suite easily integrates with custom, vertical and hosted applications using exible agents . Each exible agent connects to a class of applications: API bindings (C, C++, Java, COM, ActiveX, MQ Series). Telnet / TN3270 / TN5250 / sessions with TLS or SSL. SSH sessions. HTTP(S) administrative interfaces. Web services. Win32 and Unix command-line administration programs. SQL scripts. Custom LDAP attributes.

Integration takes a few hours to a few days. Fixed cost service available from Hitachi ID.
2013 Hitachi ID Systems, Inc.. All rights reserved.

11

Slide Presentation

19

IAM Project Risk Management

IAM projects often take too long and cost too much. Why? Data quality: Nonstandard, disconnected IDs Incorrect, old identity data. Never-ending role engineering: Role based access control is a good objective, but... It can be slow and costly to develop and maintain roles. Some users just dont t. Too many workows: Dening too many forms, processes takes too long. One form, one process per change type? Per system? Implement a generic change management system. Custom forms for just the most popular requests. Start deployment with just a few roles. Add roles gradually, based on demand. Risk management Combine automation and self-service for clean up.

20

Hitachi ID Technology Advantages

More features and functionality for less money: Lower initial and ongoing investment (License scheme) Lower on-going administration costs Technology (not services) drives down deployment costs: Auto-discovery. Self-service login ID reconciliation. More pre-built connectors. Support for multi-tenant installation. Functional across customer rewalls. Avoids role engineering. Dynamic workow. Full functionality without client software. Easier to extend to custom applications/targets.

2013 Hitachi ID Systems, Inc.. All rights reserved.

12

Slide Presentation

21

IDM Suite Summary

A rich suite of identity and access management products, with over 12M licensed users, that can: Discover and connect user objects from every system. Streamline administration of users, entitlements and login credentials. Construct and maintain OrgChart data. Secure access to privileged accounts on thousands of systems.

Lock down security and comply with regulations requiring internal controls. Reduce operating costs and improve user productivity. Flexible, scalable, reliable, available.

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:pres Date: September 19, 2013

www.Hitachi-ID.com