1 Hitachi ID Password Manager. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications



Similar documents
1 Hitachi ID Suite. 2 Agenda. 3 Corporate. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

1 Hitachi ID Password Manager. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Hitachi ID Password Manager Frequently Asked Questions for Network Architects

Hitachi ID Password Manager Frequently Asked Questions for Help Desk Managers

Secure Management of Access to Privileged Accounts using Hitachi ID Privileged Access Manager

Self-Service, Anywhere

Integrating Hitachi ID Suite with WebSSO Systems

Hitachi ID Password Manager Telephony Integration

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Large Scale Password Management With Hitachi ID Password Manager

From Password Reset to Authentication Management: the Evolution of Password Management Technology

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Mobile Admin Architecture

Password Management Before User Provisioning

ProtectID. for Financial Services

IBM Tivoli Identity Manager

STRONGER AUTHENTICATION for CA SiteMinder

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc.

ManageEngine Password Manager Pro Vs Thycotic Secret Server

Password Self-Service for Novell edirectory. Brent McCormick Novell Corporate Technology Strategist

Hitachi ID Password Manager Deployment Best Practices

Data Replication in Privileged Credential Vaults

Mobile Admin Security

CA SiteMinder. Implementation Guide. r12.0 SP2

TFS ApplicationControl White Paper

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

1 The intersection of IAM and the cloud

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

CA SiteMinder SSO Agents for ERP Systems

Regulatory Compliance Using Identity Management

Centralized Self-service Password Reset: From the Web and Windows Desktop

When enterprise mobility strategies are discussed, security is usually one of the first topics

Oracle Desktop Virtualization

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Passlogix Sign-On Platform

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

RSA SecurID Two-factor Authentication

Access Management Analysis of some available solutions

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Securing your business

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

The Centrify Vision: Unified Access Management

Locking down a Hitachi ID Suite server

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

How To Manage A Plethora Of Identities In A Cloud System (Saas)

OracleAS Identity Management Solving Real World Problems

VoiceTrust Whitepaper. Employee Password Reset for the Enterprise IT Helpdesk

etoken TMS (Token Management System) Frequently Asked Questions

An Overview of Samsung KNOX Active Directory and Group Policy Features

Ondřej Výšek Sales Lead, Microsoft MVP.

Authentication: Password Madness

A Guide to New Features in Propalms OneGate 4.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Kaseya IT Automation Framework

Enterprise Governance and Planning

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

The Who, What, When, Where and Why of IAM Bob Bentley

Adaptive Authentication Integration Options. John Murray Manager, RSA Systems Engineering

Adding Stronger Authentication to your Portal and Cloud Apps

ADDING STRONGER AUTHENTICATION for VPN Access Control

Two-Factor Authentication

Leveraging SAML for Federated Single Sign-on:

Deriving a Trusted Mobile Identity from an Existing Credential

Clientless SSL VPN Users

Service Offering: Outsourced IdM Administrator Service

SAM Enterprise Identity Manager

FileCloud Security FAQ

How to Get to Single Sign-On

EndUser Protection. Peter Skondro. Sophos

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

IBM InfoSphere Guardium

Microsoft Enterprise Mobility Suite

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

How To Write An Ets Request For Proposal (Rfp)

BlackBerry Business Cloud Services. Administration Guide

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

IBM Security Identity Manager

ManageEngine (division of ZOHO Corporation) Infrastructure Management Solution (IMS)

Sophos Mobile Control SaaS startup guide. Product version: 6

WHITEPAPER. Identity Management ROI Calculation Case Study. T h i n k I D e n t i t y. March 2006

(A) User Convenience. Password Express Benefits. Increase user convenience and productivity

Onegini Token server / Web API Platform

Transcription:

1 Hitachi ID Password Manager Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Integrated Credential Management for Users: Passwords, encryption keys, tokens, smart cards and more. 2 Agenda Introducing Hitachi ID. Credential management challenges. Hitachi ID Password Manager: Features. Technology. Impact. 2015 Hitachi ID Systems, Inc. All rights reserved. 1

3 Hitachi ID Corporate Overview Hitachi ID delivers access governance and identity administration solutions to organizations globally. Hitachi ID solutions are used by Fortune 500 companies to secure access to systems in the enterprise and in the cloud. Founded as M-Tech in 1992. A division of Hitachi, Ltd. since 2008. Over 1200 customers. More than 14M+ licensed users. Offices in North America, Europe and APAC. Partners globally. 2015 Hitachi ID Systems, Inc. All rights reserved. 2

4 Representative Customers 5 Hitachi ID Suite 2015 Hitachi ID Systems, Inc. All rights reserved. 3

Slide Presentation 6 The Credentials Landscape PIN SaaS password Smart card PIN RS Secu A rid 159 The Cloud 759 OTP token Boot password OS password AD password Cached password Encryption key ERP password Laptop Mainframe pw App password Local password Cached password At office Phone ipad Local password Mobile Cached password Tablet At home 2015 Hitachi ID Systems, Inc. All rights reserved. 4

7 Problems Due To Complexity Security / Internal Controls IT Support Cost Sticky notes. Guessable passwords. Social engineering the help desk. High call volume. #1 incident type. Staffing for peak load. Audit User Service Is authentication reliable? What users are triggering lockouts? Who can or did reset whose password? Too many passwords. Too many login prompts. Frequent login problems. 2015 Hitachi ID Systems, Inc. All rights reserved. 5

8 Too many passwords Hard to remember passwords Synchronize passwords High help desk call volume. Users write down passwords. Fewer, stronger passwords. Easy to remember, change. Lower help desk call volume. 9 Synchronization Features Transparent: Triggered from native password change. Available on AD, LDAP, RAC/F, etc. Web-based: Change passwords using web browser. Interactively show systems, policies. Expired password notification: E-mail. Web popup. Pre-empt native expiry. 2015 Hitachi ID Systems, Inc. All rights reserved. 6

Slide Presentation 10 Users forget their password or PIN Users forget or lock out their password/pin Self-service reset sel f ser vi ce Business interruption: can t login. Support cost: high call volume. Security: help desk fooled into improper password resets. Fewer, shorter business interruptions. Lower support cost. Available 24x7, everywhere. Secure and convenient. 11 Self-Service Password/PIN Reset Reset passwords and/or clear lockouts: Directory, OS, DB, application. On-premise and SaaS (cloud). Server-based and cached on the user s device. Reset PINs: One time password tokens (e.g., RSA SecurID). Smart cards. Always accessible: PC, tablet or phone web browser. PC login screen. On the corporate network and over public Internet/WiFi/VPN. Via telephone call. 2015 Hitachi ID Systems, Inc. All rights reserved. 7

12 Authentication prior to support Need to authenticate users without asking for their (forgotten) password or PIN Managed enrollment process Backup authentication factors are a pre-requisite to self-service. Automatically invite users to enroll. Forms for Q&A; phone number, etc. High user adoption leads to good ROI. 13 Managed Enrollment Prior enrollment is often a pre-requisite to self-service. Enrollment may include: Security questions. Mobile phone number (for SMS/PIN). Non-standard login IDs. Voice samples for biometric authentication. Hitachi ID Password Manager includes a robust, automated system to manage the enrollment process: Identify users who need to enroll. Send out e-mail invitations. Automated reminders. Launch browser to enrollment page at PC login time. Control pace of invitations (globally and per user). Mandatory enrollment is possible. Automated, managed enrollment significantly improves user adoption. 2015 Hitachi ID Systems, Inc. All rights reserved. 8

14 Users tired of typing many passwords Users enter too many passwords Copy credentials from Windows to application login screens Friction between users and apps. User frustration. Faster, simpler logins. Business happier with IT. 15 HiLM Operation Users log into their workstation as before, using their network login ID and password. Hitachi ID Login Manager installs a network provider, which picks up the user s primary ID and password. HiLM monitors the applications that a user launches, watching for instances where the user retypes the primary ID and password. HiLM stores the locations where the user reused his/her primary ID or password. When a familiar authentication prompt reappears, HiLM automatically fills in the ID and/or password. HiLM can read login ID aliases from an AD attribute at login time, eliminating the need to synchronize login IDs. 2015 Hitachi ID Systems, Inc. All rights reserved. 9

16 Mobile users have login problems Users may forget their primary or VPN password while off-site. Reset cached, VPN passwords over WiFi+VPN VPN Link WiFi Internet Laptop Cafe VPN Server HiPM Server Forgot cached Windows password: PC is a brick. Forgot VPN password: cannot communicate. Users can get back to work. Self-service from any device, at any location, any time. 17 Self-Service, Anywhere Self-service is complicated by connectivity and device options. User location Endpoint device Connectivity Reset/unlock Work. Home. Airport. Cafe. Partner office. Laptop. Tablet. Smart phone. Wired at work. Wired at home. WiFi at home. Public WiFi. Tethered phone. Cell modem. Network password. Cached password. Smart card PIN. Token PIN. Encrypted HDD. Example scenarios supported by Hitachi ID Password Manager: Reset forgotten, cached AD password at airport. Recover from forgotten full disk encryption password (via phone). 2015 Hitachi ID Systems, Inc. All rights reserved. 10

Slide Presentation 18 Off-site, Locked-out Password Reset Animation:../../pics/camtasia/v82/hipm-self-service-anywhere/hipm-self-service-anywhere.cam 19 Hitachi ID Mobile Access overview The challenge Hitachi ID Mobile Access Users want access to IAM from phone. Phone on the Internet, IAM on-prem. Don t want attackers probing IAM from Internet. 3 App for ios, Android. Device activation required (install key). Proxy service on DMZ or cloud. IAM, phone both call the proxy. No firewall changes required. IAM not visible on Internet. Messaging passing system: Exchange requests Outbound connections only Cloud Proxy 4G Firewall 70% 3:06 PM Firewall 1 Mon, 15 June 2015 Type to search... Personal Device 2 Public Internet DMZ Private Corporate Network IAM Server Worker thread: Give me an HTTP request HTTPS request: Includes userid, deviceid 20 Activate Mobile Access Animation:../../pics/camtasia/v9/enable-mobile-device-1/enable-mobile-device-1.mp4 2015 Hitachi ID Systems, Inc. All rights reserved. 11

21 Forgotten encryption passwords Users with a cryptographically secured PC forget their pre-boot password Self-service key recovery over telephone/ivr Phone System Laptop User Phone HiTPM Key Recovery Server PC is a brick until unlocked. Support calls are long and costly. Users get back to work quickly. No costly help desk support call. 2015 Hitachi ID Systems, Inc. All rights reserved. 12

22 Impact of Synchronization and SSPR calls problems 2015 Hitachi ID Systems, Inc. All rights reserved. 13

23 Multi-Master Architecture IVR server VPN server TCP/IP + AES Various Protocols Secure Native Protocol HTTPS Reverse web proxy E-mail system Load balancer Notifications and invitations Incident mgmt system Validate pw Tickets HR SQL DB Hitachi ID server System of record Native password change AD, Unix, OS/390, LDAP, AS400 Load balancer Password synch trigger systems SQL DB Replication Firewall Hitachi ID server Firewall Target systems with local agent: OS/390, unix, older RSA Proxy server (if needed) Data center A Data center B Web services Target systems with remote agent: AD, SQL, SAP, Notes, etc Target Systems Cloud-hosted, SaaS apps Remote Remote data data center center 2015 Hitachi ID Systems, Inc. All rights reserved. 14

24 Included Connectors Many integrations to target systems included in the base price: Directories: Any LDAP, AD, WinNT, NDS, edirectory, NIS/NIS+. Unix: Linux, Solaris, AIX, HPUX, 24 more variants. ERP: JDE, Oracle ebiz, PeopleSoft, PeopleSoft HR, SAP R/3 and ECC 6, Siebel, Business Objects. WebSSO: CA Siteminder, IBM TAM, Oracle AM, RSA Access Manager. Servers: Windows NT, 2000, 2003, 2008[R2], 2012, Samba, Novell, SharePoint. Mainframes, Midrange: z/os: RACF, ACF2, TopSecret. iseries, OpenVMS. Collaboration: Lotus Notes, inotes, Exchange, GroupWise, BlackBerry ES. Help Desk: ServiceNow, BMC Remedy, SDE, HP SM, CA Unicenter, Assyst, HEAT, Altiris, Clarify, RSA Envision, Track-It!, MS System Center Service Manager Databases: Oracle, Sybase, SQL Server, DB2/UDB, Informix, Progress, ODBC, Oracle Hyperion EPM Shared Services, Cache. HDD Encryption: McAfee, CheckPoint, BitLocker, PGP. Tokens, Smart Cards: RSA SecurID, SafeWord, RADIUS, ActivIdentity, Schlumberger. Cloud/SaaS: WebEx, Google Apps, MS Office 365, Success Factors, Salesforce.com, SOAP (generic). 2015 Hitachi ID Systems, Inc. All rights reserved. 15

25 Rapid Integration with Custom Apps Hitachi ID Password Manager easily integrates with custom, vertical and hosted applications using flexible agents. Each flexible agent connects to a class of applications: API bindings (C, C++, Java, COM, ActiveX, MQ Series). Telnet / TN3270 / TN5250 / sessions with TLS or SSL. SSH sessions. HTTP(S) administrative interfaces. Web services. Win32 and Unix command-line administration programs. SQL scripts. Custom LDAP attributes. Integration takes a few hours to a few days. Fixed cost service available from Hitachi ID. 26 Competitive Differentiation Integrated solution Always available Manage all credentials: OS, app passwords. Pre-boot passwords. On-premise and SaaS. Smart cards. OTP tokens. 110+ connectors included. Full or phone browser. Voice call. PC login screen. Pre-boot (encrypted HDD). At work and off-site. Scalability Cost savings Multi-master architecture. Load balanced, replicated. Deploy across data centers. Multi-lingual. Reduce problem frequency (not just self-service). Managed enrollment to maximize adoption. Easy to deploy, maintain. 2015 Hitachi ID Systems, Inc. All rights reserved. 16

27 The Leading Vendor Innovation Ongoing support Low cost Self-Service, Anywhere. Crypto key recovery. SSO without a password wallet. Responsive and skilled customer support. Unattended operation: Auto-discovery. Managed enrollment. Metrics and trend analysis. SIEM, help desk integration. Lost cost deployments. Minimal need for ongoing maintenance. Fixed-price engagements. 28 Summary An integrated solution for managing credentials: Immediate security benefit: password policy, help desk caller authentication. Low deployment cost, minimal ongoing investment, significant IT support savings. Always accessible: Web browser on PC, phone or tablet. Windows login prompt. Pre-boot encryption password prompt. Phone call / IVR. Available at work and while off-site. 110+ connectors included. Learn more at Hitachi-ID.com/Password-Manager 500, 1401-1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@hitachi-id.com www.hitachi-id.com Date: May 22, 2015 File: PRCS:pres

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information