Beruflich Dokumente
Kultur Dokumente
Integrated Credential Management for Users: Passwords, encryption keys, tokens, smart cards and more.
Agenda
Introducing Hitachi ID. Credential management challenges. Hitachi ID Password Manager: Features. Technology. Impact.
Slide Presentation
Hitachi ID delivers access governance and identity administration solutions to organizations globally. Hitachi ID solutions are used by Fortune 500 companies to secure access to systems in the enterprise and in the cloud. Founded as M-Tech in 1992. A division of Hitachi, Ltd. since 2008. Over 1000 customers. More than 12M+ licensed users. Ofces in North America, Europe and APAC. Partners globally.
Slide Presentation
IDM Suite
Smart card
PIN
Secu A rID
RS
159
759
The Cloud
OTP token
Boot password OS password Cached password Encryption key AD password ERP password
Laptop
Phone
At office
iPad
Mobile Tablet
At home
Slide Presentation
IT Support Cost
Audit
User Service
Is authentication reliable? What users are triggering lockouts? Who can or did reset whose password?
Too many passwords. Too many login prompts. Frequent login problems.
Slide Presentation
Fewer, stronger passwords. Easy to remember, change. Lower help desk call volume.
Synchronization Features
Transparent: Triggered from native PW change. Available on AD, LDAP, RAC/F, etc. Web-based: Change passwords using web browser. Interactively show systems, policies. Expired password notication: E-mail. Web popup. Pre-empt native expiry.
Slide Presentation
10
s e l f s e r v i c e
Business interruption: cant login. Support cost: high call volume. Security: help desk fooled into improper password resets.
Fewer, shorter business interruptions. Lower support cost. Available 24x7, everywhere. Secure and convenient.
11
Slide Presentation
12
Automatically invite users to enroll. Forms for Q&A; phone number, etc. High user adoption leads to good ROI.
13
Managed Enrollment
Prior enrollment is often a pre-requisite to self-service. Enrollment may include: Security questions. Mobile phone number (for SMS/PIN). Non-standard login IDs. Voice samples for biometric authentication.
Hitachi ID Password Manager includes a robust, automated system to manage the enrollment process: Identify users who need to enroll. Send out e-mail invitations. Automated reminders. Launch browser to enrollment page at PC login time. Control pace of invitations (globally and per user). Mandatory enrollment is possible.
Slide Presentation
14
15
HiLM Operation
Users log into their workstation as before, using their network login ID and password. Hitachi ID Login Manager installs a network provider, which picks up the users primary ID and password. HiLM monitors the applications that a user launches, watching for instances where the user retypes the primary ID and password. HiLM stores the locations where the user reused his/her primary ID or password. When a familiar authentication prompt reappears, HiLM automatically lls in the ID and/or password. HiLM can read login ID aliases from an AD attribute at login time, eliminating the need to synchronize login IDs.
Slide Presentation
16
Forgot cached Windows password: PC is a brick. Forgot VPN password: cannot communicate.
Users can get back to work. Self-service from any device, at any location, any time.
17
Self-Service, Anywhere
Connectivity Wired at work. Wired at home. WiFi at home. Public WiFi. Tethered phone. Cell modem.
Reset/unlock Network password. Cached password. Smart card PIN. Token PIN. Encrypted HDD.
Example scenarios supported by Hitachi ID Password Manager: Reset forgotten, cached AD password at airport. Recover from forgotten full disk encryption password (via phone).
Slide Presentation
18
Animation: ../pics/camtasia/hipam-71/6-self-service-anywhere.cam
19
Laptop
User
Phone
HiTPM
Users get back to work quickly. No costly help desk support call.
10
Slide Presentation
20
40
80% of problems Combine problem reduced by simplied reduction with password management self-service adoption 20 20 20
Synch only
Both
21
Multi-Master Architecture
, nix , U 0, AD S/39 P, O DA 0 L S40 d e A tiv wor a N ass ge p han c g Tri ch yn S rd wo
ms ste Sy r ge
r IVR erve S
ate lid Va
PW
ID hi on ac licati t i H pp SQL A DB
ss Pa
) r(s rve Se
SQL DB
L/ SQ racle O
Tic ts ke
t: en ag al c lo ith RSA s w lder t: m e en ,o st ag Sy Unix e t t o ge 0, s rk rem c Tar S/39 ce ith s, et O rvi wo w e t e t s S e o m b ste AP, N al N We Sy c et QL, S g r Lo Ta D, S A all ew Fir
u ok Lo of m e d st Sy ecor R
er gg Tri & p
all ew Fir
ter en C ta Da e t mo Re
t ge ms Tar yste S
11
Slide Presentation
22
Included Connectors
Servers: Windows NT, 2000, 2003, 2008, 2008R2, Samba, Novell, SharePoint. Mainframes, Midrange: z/OS: RACF, ACF2, TopSecret. iSeries, OpenVMS. Collaboration: Lotus Notes, Exchange, GroupWise, BlackBerry ES.
Databases: Oracle, Sybase, SQL Server, DB2/UDB, Informix, ODBC, Oracle Hyperion EPM Shared Services, Cache. HDD Encryption: McAfee, CheckPoint, BitLocker, PGP. Tokens, Smart Cards: RSA SecurID, SafeWord, RADIUS, ActivIdentity, Schlumberger. Cloud/SaaS: WebEx, Google Apps, MS Ofce 365, Salesforce.com, SOAP (generic).
Unix: Linux, Solaris, AIX, HPUX, 24 more variants. ERP: JDE, Oracle eBiz, PeopleSoft, PeopleSoft HR, SAP R/3 and ECC 6, Siebel, Business Objects. WebSSO: CA Siteminder, IBM TAM, Oracle AM, RSA Access Manager.
Help Desk: ServiceNow, BMC Remedy, SDE, HP SM, CA Unicenter, Assyst, HEAT, Altiris, Clarify, RSA Envision, Track-It!, MS System Center Service Manager
12
Slide Presentation
23
Integration takes a few hours to a few days. Fixed cost service available from Hitachi ID.
24
Competitive Differentiation
Consistency Manage all credentials: OS, app passwords. Pre-boot passwords. On-premise and SaaS. Smart cards. OTP tokens. Availability Full or mini browser. Phone call. PC login screen. Pre-boot password prompt. At work and remote.
110+ connectors included. Scalability Multi-master architecture. Load balanced, replicated. Deploy across data centers. Multi-lingual. Cost savings Reduce problem frequency. Divert resolution to self-service. Managed invitations to maximize user adoption. Quick, low-cost deployment. Minimal effort to maintain.
13
Slide Presentation
25
26
Summary
An integrated solution for managing credentials: Immediate security benet: password policy, help desk caller authentication. Low deployment cost, minimal ongoing investment, signicant IT support savings. Always accessible: Web browser on PC, phone or tablet. Windows login prompt. Pre-boot encryption password prompt. Phone call / IVR. Available at work and while off-site.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:pres Date: September 19, 2013
www.Hitachi-ID.com