Upload
hitachi-id-systems-inc
View
785
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Hitachi ID Management Suite: Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Fully integrated identity and access management. http://hitachi-id.com/
Citation preview
1 ID Management Suite
Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications
Fully integrated identity and access management.
2 Agenda
• Introductions.• Hitachi ID corporate overview.• ID Management Suite overview.• The user management lifecycle.• Addressing identity management system deployment challenges.• Advantages of the Hitachi ID solution.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
Slide Presentation
3 Hitachi ID Corporate Overview
Hitachi ID is a leading provider of identityand access management solutions.
• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 900 customers.• More than 11M+ licensed users.• Offices in North America, Europe and
APAC.• Partners globally.
4 Representative Hitachi ID Customers
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
Slide Presentation
5 The User Lifecycle
At a high level, the userlifecycle is essentiallythe same in allorganizations andacross all platforms.
6 Business Challenges
• More IT→ moreusers to manage.
• There arechallengesthroughout theuser lifecycle.
• Support cost.• User service.• Security.
Slow:too much paper,
too many people.
Expensive:too many administrators
doing redundant work.
Role changes:add/remove rights.
Policies:enforced?
Audit:are privileges appropriate?
Org. relationships:track and maintain.
Reliable:notification of terminations.
Fast:response by sysadmins.
Complete:deactivation of all IDs.
Passwords:too many, too weak,often forgotten.
Access:Why can’t I access thatapplication / folder / etc.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
Slide Presentation
7 IAM in Silos
In most organizations, many processes affect many applications.This many-to-many relationship creates complexity:
8 Distributed IAM Is Complex
• Managing each system and application separately is complex.• Complexity is bad:
– Expensive: redundant updates to every system when hiring, moving or terminating users.– Unfriendly: users have lots of different IDs and passwords, which they don’t know how to
manage.– Insecure: mistakes are made and users get or retain excess entitlements.
Orphan and dormant accounts.Stale privileges.
• Every system and application added makes things worse.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
Slide Presentation
9 Integrated IAM Processes
Business Processes
Systems and Applications
Users
Passwords
Groups
Attributes
IT Processes
Hire Retire New Application Retire ApplicationResign Finish Contract
ApplicationOperatingSystem
DatabaseDirectory E-mailSystem
ERP LegacyApp
Mainframe
Transfer Fire Start Contract Password Expiry Password Reset
Identity Management System
10 ID Management Suite
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
Slide Presentation
11 Onboarding New Users
Hitachi ID Identity Manager can accelerate theonboarding process and reduce the securityadministration burden:
• Automation:Detect new hires in HR and automaticallycreate access on managed systems,such as AD, SAP and the mainframe.
• Self-service workflow:Managers can request and approveaccess electronically, for example forcontractors.
• Consolidated administration:Security administrators save time byusing one tool to manage users acrossevery system.
12 Change Management
Hitachi ID Identity Manager manageschanges to user profiles:
• Self-service updates to phonenumbers, department codes, etc.
HiIM, Hitachi ID Group Manager and HitachiID Org Manager manage changes to userroles and responsibilities:
• Self-service requests for newentitlements.
• Distributed audit of user rights bymanagers and app owners.
• Distributed update of organizationalrelationships by managers.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 6
Slide Presentation
13 IT Support
Hitachi ID Password Manager for "Iforgot/locked my password" calls:
• Synchronization: Users with fewerpasswords have fewer problems.
• Reset: Users can resolve their ownproblems without calling the help desk.
• Assistance: A help desk interfacereduces the duration and cost ofremaining calls.
Hitachi ID Group Manager for "accessdenied" calls:
• Self-service: Users browse forresources and request access.
• Authorization workflow: Groupowners are asked to review andapprove change requests.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 7
Slide Presentation
14 Deactivating Access
Retirement, resignation, end-of-contract:
• Hitachi ID Identity Manager detectschanges in systems of record, suchas HR, and deactivates all access.
• Managers can schedule deactivationwith a workflow form.
Dismissals:
• Security administrators use an HiIMform to terminate all of a user’saccounts immediately.
Asset retrieval
• HiIM inventory tracking assists inretrieval of PCs, cell phones, buildingaccess badges, etc.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 8
Slide Presentation
15 Closed Loop IAM
IntegratedSystems
of Record Autodiscovery
Auto-provisioningIdentity synch.
IdentityCache
IntegratedTarget Systems
Non-integratedSystems
Transaction Manager
Connectors
List accounts
Create,delete,update
accountsUpdates
UpdatesDetectedchanges
Listpeople
Authorizers Approve,reject,delegate
Invitations
ApprovalsWeb UI
Certifiers Review,certify,correct
Invitations
CertificationWeb UI
Requesters Manualrequest
RequestsWeb UI
- Validate requests- Route for approval- Invite authorizers- Send reminders- Escalate- Delegate
Manualfulfillment
Auto-fulfillment
Create,delete,updateaccounts
Automaticrequest
ImplementersAccept,confirm
Invitations
ImplementerWeb UI
RequestQueue
WorkflowManager
Hitachi ID Management Suite
WorkQueue
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 9
Slide Presentation
16 Multi-Master Architecture
UserPasswordSynchTriggerSystems
Load Balancer
SMTP or Notes Mail
IncidentManagementSystem System of
Record
IVRServer
ReverseWeb Proxy
Target Systemswith local agent:OS/390, Unix, older RSA
Firewall
TCP/IP + AES
Various Protocols
Secure Native Protocol
HTTPS
Remote Data Center
Firewall
Local Network
Target Systemswith remote agent:AD, SQL, SAP, Notes, etc
Target SystemsEmails
Tickets
Lookup & Trigger
Native
password
change
AD, Unix,
OS/390,
LDAP,
AS400
Validate PW
Web Services
Proxy Server(if needed)
Hitachi IDApplicationServer(s)
SQL/Oracle
SQLDB
SQLDB
Cloud-hosted,
SaaS apps
VPNServer
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 10
Slide Presentation
17 Included Connectors
Many integrations to target systems included in the base price:
Directories:Any LDAP, AD, WinNT, NDS,eDirectory, NIS/NIS+.
Servers:Windows NT, 2000, 2003,2008, Samba, Novell,SharePoint.
Databases:Oracle, Sybase, SQL Server,DB2/UDB, Informix, ODBC.
Unix:Linux, Solaris, AIX, HPUX, 24more.
Mainframes, Midrange:z/OS: RACF, ACF2,TopSecret. iSeries,OpenVMS.
HDD Encryption:McAfee, CheckPoint.
ERP:JDE, Oracle eBiz, PeopleSoft,SAP R/3 and ECC 6, Siebel,Business Objects.
Collaboration:Lotus Notes, Exchange,GroupWise, BlackBerry ES.
Tokens, Smart Cards:RSA SecurID, SafeWord,RADIUS, ActivIdentity,Schlumberger.
WebSSO:CA Siteminder, IBM TAM,Oracle AM, RSA AccessManager.
Help Desk:BMC Remedy, SDE, HP SM,CA Unicenter, Assyst, HEAT,Altiris, Track-It!
Cloud/SaaS:WebEx, Google Apps,Salesforce.com, SOAP(generic).
18 Simple Integration with Custom Apps
• ID Management Suite easily integrates with custom, vertical and hosted applications using flexibleagents .
• Each flexible agent connects to a class of applications:
– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.
• Integration takes a few hours to a few days.• Fixed cost service available from Hitachi ID.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 11
Slide Presentation
19 IAM Project Risk Management
IAM projects often take too long and cost toomuch. Why?
Risk management
• Data quality:
– Nonstandard, disconnected IDs– Incorrect, old identity data.
• Combine automation and self-service forclean up.
• Never-ending role engineering:
– Role based access control is a goodobjective, but...
– It can be slow and costly to developand maintain roles.
– Some users just don’t fit.
• Start deployment with just a few roles.• Add roles gradually, based on demand.
• Too many workflows:
– Defining too many forms, processestakes too long.
– One form, one process per changetype? Per system?
• Implement a generic changemanagement system.
• Custom forms for just the most popularrequests.
20 Hitachi ID Technology Advantages
• More features and functionality for less money:
– Lower initial and ongoing investment (License scheme)– Lower on-going administration costs
• Technology (not services) drives down deployment costs:
– Auto-discovery.– Self-service login ID reconciliation.– More pre-built connectors.– Support for multi-tenant installation.– Functional across customer firewalls.– Avoids role engineering.– Dynamic workflow.– Full functionality without client software.– Easier to extend to custom applications/targets.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 12
Slide Presentation
21 ID Management Suite Summary
• A rich suite of identity and access management products, with over 11M licensed users, that can:
– Discover and connect user objects from every system.– Streamline administration of users, entitlements and login credentials.– Construct and maintain OrgChart data.– Secure access to privileged accounts on thousands of systems.
• Lock down security and comply with regulations requiring internal controls.• Reduce operating costs and improve user productivity.• Flexible, scalable, reliable, available.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]
File: PRCS:presDate: March 1, 2012