1

Hitachi ID Password Manager

Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Integrated Credential Management for Users: Passwords, encryption keys, tokens, smart cards and more.

Agenda
Introducing Hitachi ID. Credential management challenges. Hitachi ID Password Manager: Features. Technology. Impact.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

Hitachi ID Corporate Overview

Hitachi ID delivers access governance and identity administration solutions to organizations globally. Hitachi ID solutions are used by Fortune 500 companies to secure access to systems in the enterprise and in the cloud. Founded as M-Tech in 1992. A division of Hitachi, Ltd. since 2008. Over 1000 customers. More than 12M+ licensed users. Ofces in North America, Europe and APAC. Partners globally.

Representative Hitachi ID Customers

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

IDM Suite

The Credentials Landscape

PIN SaaS password

Smart card
PIN
Secu A rID

RS

159

759

The Cloud

OTP token
Boot password OS password Cached password Encryption key AD password ERP password

Laptop

Mainframe pw App password

Local password Cached password

Phone

At office

iPad

Local password Cached password

Mobile Tablet

At home

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

Problems Due To Complexity

Security / Internal Controls

IT Support Cost

Sticky notes. Guessable passwords. Social engineering the help desk.

High call volume. #1 incident type. Stafng for peak load.

Audit

User Service

Is authentication reliable? What users are triggering lockouts? Who can or did reset whose password?

Too many passwords. Too many login prompts. Frequent login problems.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

Too many passwords

Hard to remember passwords Synchronize passwords

High help desk call volume. Users write down passwords.

Fewer, stronger passwords. Easy to remember, change. Lower help desk call volume.

Synchronization Features
Transparent: Triggered from native PW change. Available on AD, LDAP, RAC/F, etc. Web-based: Change passwords using web browser. Interactively show systems, policies. Expired password notication: E-mail. Web popup. Pre-empt native expiry.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

10

Users forget their password or PIN

Users forget or lock out their password/PIN Self-service reset

s e l f s e r v i c e

Business interruption: cant login. Support cost: high call volume. Security: help desk fooled into improper password resets.

Fewer, shorter business interruptions. Lower support cost. Available 24x7, everywhere. Secure and convenient.

11

Self-Service Reset Features

Reset passwords and/or clear lockouts: Directory, OS, DB, application. On-premise and SaaS (cloud). Server-based and cached on the users device. Reset PINs: One time password tokens (e.g., RSA SecurID). Smart cards. Always accessible: PC, tablet or phone web browser. PC login screen. On the corporate network and over public Internet/WiFi/VPN. Via telephone call.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

12

Authentication prior to support

Need to authenticate users without asking for their (forgotten) password or PIN Managed enrollment process

Backup authentication factors are a pre-requisite to self-service.

Automatically invite users to enroll. Forms for Q&A; phone number, etc. High user adoption leads to good ROI.

13

Managed Enrollment
Prior enrollment is often a pre-requisite to self-service. Enrollment may include: Security questions. Mobile phone number (for SMS/PIN). Non-standard login IDs. Voice samples for biometric authentication.

Hitachi ID Password Manager includes a robust, automated system to manage the enrollment process: Identify users who need to enroll. Send out e-mail invitations. Automated reminders. Launch browser to enrollment page at PC login time. Control pace of invitations (globally and per user). Mandatory enrollment is possible.

Automated, managed enrollment signicantly improves user adoption.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

14

Users tired of typing many passwords

Users enter too many passwords Copy credentials from Windows to application login screens

Friction between users and apps. User frustration.

Faster, simpler logins. Business happier with IT.

15

HiLM Operation
Users log into their workstation as before, using their network login ID and password. Hitachi ID Login Manager installs a network provider, which picks up the users primary ID and password. HiLM monitors the applications that a user launches, watching for instances where the user retypes the primary ID and password. HiLM stores the locations where the user reused his/her primary ID or password. When a familiar authentication prompt reappears, HiLM automatically lls in the ID and/or password. HiLM can read login ID aliases from an AD attribute at login time, eliminating the need to synchronize login IDs.

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

16

Mobile users have login problems

Users may forget their primary or VPN password while off-site. Reset cached, VPN passwords over WiFi+VPN

VPN Link WiFi

Internet Laptop Cafe VPN Server HiPM Server

Forgot cached Windows password: PC is a brick. Forgot VPN password: cannot communicate.

Users can get back to work. Self-service from any device, at any location, any time.

17

Self-Service, Anywhere

Self-service is complicated by connectivity and device options.

User location Work. Home. Airport. Cafe. Partner ofce.

Endpoint device Laptop. Tablet. Smart phone.

Connectivity Wired at work. Wired at home. WiFi at home. Public WiFi. Tethered phone. Cell modem.

Reset/unlock Network password. Cached password. Smart card PIN. Token PIN. Encrypted HDD.

Example scenarios supported by Hitachi ID Password Manager: Reset forgotten, cached AD password at airport. Recover from forgotten full disk encryption password (via phone).

2013 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

18

Off-site, Locked-out Password Reset

Animation: ../pics/camtasia/hipam-71/6-self-service-anywhere.cam

19

Forgotten encryption passwords

Users with a cryptographically secured PC forget their pre-boot password Self-service key recovery over telephone/IVR
Phone System

Laptop

User

Phone

HiTPM

Key Recovery Server

PC is a brick until unlocked. Support calls are long and costly.

Users get back to work quickly. No costly help desk support call.

2013 Hitachi ID Systems, Inc.. All rights reserved.

10

Slide Presentation

20

Password Management Savings

User problems Help desk calls

100 90 80 70 60 50 40 30 20 10 0 Baseline Self Reset only

100 100 100 60% user adoption of self-service password reset

40

80% of problems Combine problem reduced by simplied reduction with password management self-service adoption 20 20 20

Synch only

Both

21

Multi-Master Architecture
, nix , U 0, AD S/39 P, O DA 0 L S40 d e A tiv wor a N ass ge p han c g Tri ch yn S rd wo

ms ste Sy r ge

r IVR erve S

se ver Re eb y W rox P N r VP erve S or il TP Ma SM otes N r ad ce Lo alan B

ate lid Va

PW

ID hi on ac licati t i H pp SQL A DB

ss Pa

) r(s rve Se

SQL DB

TCP/IP + AES Various Protocols Secure Native Protocol HTTPS

ails Em nt ide Inc gmt em M yst S

L/ SQ racle O
Tic ts ke

t: en ag al c lo ith RSA s w lder t: m e en ,o st ag Sy Unix e t t o ge 0, s rk rem c Tar S/39 ce ith s, et O rvi wo w e t e t s S e o m b ste AP, N al N We Sy c et QL, S g r Lo Ta D, S A all ew Fir

d, ste o h s ud app Clo aaS S

u ok Lo of m e d st Sy ecor R

er gg Tri & p

all ew Fir

er erv y S ded) x Pro f nee (i

ter en C ta Da e t mo Re

t ge ms Tar yste S

2013 Hitachi ID Systems, Inc.. All rights reserved.

11

Slide Presentation

22

Included Connectors

Many integrations to target systems included in the base price:

Directories: Any LDAP, AD, WinNT, NDS, eDirectory, NIS/NIS+.

Servers: Windows NT, 2000, 2003, 2008, 2008R2, Samba, Novell, SharePoint. Mainframes, Midrange: z/OS: RACF, ACF2, TopSecret. iSeries, OpenVMS. Collaboration: Lotus Notes, Exchange, GroupWise, BlackBerry ES.

Databases: Oracle, Sybase, SQL Server, DB2/UDB, Informix, ODBC, Oracle Hyperion EPM Shared Services, Cache. HDD Encryption: McAfee, CheckPoint, BitLocker, PGP. Tokens, Smart Cards: RSA SecurID, SafeWord, RADIUS, ActivIdentity, Schlumberger. Cloud/SaaS: WebEx, Google Apps, MS Ofce 365, Salesforce.com, SOAP (generic).

Unix: Linux, Solaris, AIX, HPUX, 24 more variants. ERP: JDE, Oracle eBiz, PeopleSoft, PeopleSoft HR, SAP R/3 and ECC 6, Siebel, Business Objects. WebSSO: CA Siteminder, IBM TAM, Oracle AM, RSA Access Manager.

Help Desk: ServiceNow, BMC Remedy, SDE, HP SM, CA Unicenter, Assyst, HEAT, Altiris, Clarify, RSA Envision, Track-It!, MS System Center Service Manager

2013 Hitachi ID Systems, Inc.. All rights reserved.

12

Slide Presentation

23

Rapid Integration with Custom Apps

Hitachi ID Password Manager easily integrates with custom, vertical and hosted applications using exible agents . Each exible agent connects to a class of applications: API bindings (C, C++, Java, COM, ActiveX, MQ Series). Telnet / TN3270 / TN5250 / sessions with TLS or SSL. SSH sessions. HTTP(S) administrative interfaces. Web services. Win32 and Unix command-line administration programs. SQL scripts. Custom LDAP attributes.

Integration takes a few hours to a few days. Fixed cost service available from Hitachi ID.

24

Competitive Differentiation
Consistency Manage all credentials: OS, app passwords. Pre-boot passwords. On-premise and SaaS. Smart cards. OTP tokens. Availability Full or mini browser. Phone call. PC login screen. Pre-boot password prompt. At work and remote.

110+ connectors included. Scalability Multi-master architecture. Load balanced, replicated. Deploy across data centers. Multi-lingual. Cost savings Reduce problem frequency. Divert resolution to self-service. Managed invitations to maximize user adoption. Quick, low-cost deployment. Minimal effort to maintain.

2013 Hitachi ID Systems, Inc.. All rights reserved.

13

Slide Presentation

25

The Leading Vendor

Innovation Self-Service, Anywhere. Crypto key recovery. SSO without a password wallet. Ongoing support Responsive and skilled customer support. Unattended operation: Auto-discovery. Managed enrollment. Metrics and trend analysis. SIEM, help desk integration. Low cost Lost cost deployments. Minimal need for ongoing maintenance. Fixed-price engagements.

26

Summary

An integrated solution for managing credentials: Immediate security benet: password policy, help desk caller authentication. Low deployment cost, minimal ongoing investment, signicant IT support savings. Always accessible: Web browser on PC, phone or tablet. Windows login prompt. Pre-boot encryption password prompt. Phone call / IVR. Available at work and while off-site.

110+ connectors included.

Learn more at Hitachi-ID.com/Password-Manager

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:pres Date: September 19, 2013

www.Hitachi-ID.com