idm suite
DESCRIPTION
TRANSCRIPT
1 ID Management Suite
Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications
Fully integrated identity and access management.
2 Agenda
• Introductions.• Hitachi ID corporate overview.• ID Management Suite overview.• The user management lifecycle.• Addressing identity management system deployment challenges.• Advantages of the Hitachi ID solution.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 1
Slide Presentation
3 Hitachi ID Corporate Overview
Hitachi ID is a leading provider of identityand access management solutions.
• Founded as M-Tech in 1992, a divisionof Hitachi, Ltd. as of 2008.
• Hitachi, Ltd.:
– Founded in 1910.– $105 billion revenue in FY2010.– 360,000 employees.
• Hitachi ID has 840+ customers with acombined 10.4M+ licensed users.
• Offices in North America and partnersoverseas.
• Approximately 140 employees.
Award: SC Magazine Best Buy for the IDManagement Suite.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 2
Slide Presentation
4 Representative Hitachi ID Customers
5 The User Lifecycle
At a high level, the userlifecycle is essentiallythe same in allorganizations andacross all platforms.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 3
Slide Presentation
6 User Lifecycle: Business Challenges
• More IT→ moreusers to manage.
• There arechallengesthroughout theuser lifecycle.
• Support cost.• User service.• Security.
Slow:too much paper,
too many people.
Expensive:too many administrators
doing redundant work.
Role changes:add/remove rights.
Policies:enforced?
Audit:are privileges appropriate?
Org. relationships:track and maintain.
Reliable:notification of terminations.
Fast:response by sysadmins.
Complete:deactivation of all IDs.
Passwords:too many, too weak,often forgotten.
Access:Why can’t I access thatapplication / folder / etc.
7 IAM in Silos
In most organizations, many processes affect many applications.This many-to-many relationship creates complexity:
© 2011 Hitachi ID Systems, Inc. All rights reserved. 4
Slide Presentation
8 Distributed IAM Is Complex
• Managing each system and application separately is complex.• Complexity is bad:
– Expensive: redundant updates to every system when hiring, moving or terminating users.– Unfriendly: users have lots of different IDs and passwords, which they don’t know how to
manage.– Insecure: mistakes are made and users get or retain excess entitlements.
Orphan and dormant accounts.Stale privileges.
• Every system and application added makes things worse.
9 Integrated IAM Processes
Business Processes
Systems and Applications
Users
Passwords
Groups
Attributes
IT Processes
Hire Retire New Application Retire ApplicationResign Finish Contract
ApplicationOperatingSystem
DatabaseDirectory E-mailSystem
ERP LegacyApp
Mainframe
Transfer Fire Start Contract Password Expiry Password Reset
Identity Management System
© 2011 Hitachi ID Systems, Inc. All rights reserved. 5
Slide Presentation
10 ID Management Suite
11 Onboarding New Users
Hitachi ID Identity Manager can accelerate theonboarding process and reduce the securityadministration burden:
• Automation:Detect new hires in HR and automaticallycreate access on managed systems,such as AD, SAP and the mainframe.
• Self-service workflow:Managers can request and approveaccess electronically, for example forcontractors.
• Consolidated administration:Security administrators save time byusing one tool to manage users acrossevery system.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 6
Slide Presentation
12 Change Management
Hitachi ID Identity Manager manageschanges to user profiles:
• Self-service updates to phonenumbers, department codes, etc.
Identity Manager, Hitachi ID Group Managerand Hitachi ID Org Manager managechanges to user roles and responsibilities:
• Self-service requests for newentitlements.
• Distributed audit of user rights bymanagers and app owners.
• Distributed update of organizationalrelationships by managers.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 7
Slide Presentation
13 IT Support
Hitachi ID Password Manager for "Iforgot/locked my password" calls:
• Synchronization: Users with fewerpasswords have fewer problems.
• Reset: Users can resolve their ownproblems without calling the help desk.
• Assistance: A help desk interfacereduces the duration and cost ofremaining calls.
Hitachi ID Group Manager for "accessdenied" calls:
• Self-service: Users browse forresources and request access.
• Authorization workflow: Groupowners are asked to review andapprove change requests.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 8
Slide Presentation
14 Deactivating Access
Retirement, resignation, end-of-contract:
• Hitachi ID Identity Manager detectschanges in systems of record, suchas HR, and deactivates all access.
• Managers can schedule deactivationwith a workflow form.
Dismissals:
• Security administrators use anIdentity Manager form to terminateall of a user’s accounts immediately.
Asset retrieval
• Identity Manager inventory trackingassists in retrieval of PCs, cellphones, building access badges, etc.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 9
Slide Presentation
15 Closed Loop IAM
IntegratedSystems
of Record Autodiscovery
Auto-provisioningIdentity synch.
IdentityCache
IntegratedTarget Systems
Non-integratedSystems
Transaction Manager
Connectors
List accounts
Create,delete,update
accountsUpdates
Updates
Detectedchanges
Listpeople
Authorizers Approve,reject,delegate
Invitations
ApprovalsWeb UI
Certifiers Review,certify,correct
Invitations
CertificationWeb UI
Requesters Manualrequest
RequestsWeb UI
- Validate requests- Route for approval- Invite authorizers- Send reminders- Escalate- Delegate
Manualfulfillment
Auto-fulfillment
Create,delete,updateaccounts
Automaticrequest
ImplementersAccept,confirm
Invitations
ImplementerWeb UI
RequestQueue
WorkflowManager
Hitachi ID Management Suite
WorkQueue
© 2011 Hitachi ID Systems, Inc. All rights reserved. 10
Slide Presentation
16 Network Architecture
UserPasswordSynchTriggerSystems
Load Balancer
SMTP or Notes Mail
IncidentManagementSystem System of
Record
IVRServer
ReverseWeb Proxy
Target Systemswith local agent:OS/390, Unix, older RSA
Firewall
TCP/IP + AES
Various Protocols
Secure Native Protocol
HTTPS
Remote Data Center
Firewall
Local Network
Target Systemswith remote agent:AD, SQL, SAP, Notes, etc
Target SystemsEmails
Tickets
Lookup & Trigger
Native
password
change
AD, Unix,
OS/390,
LDAP,
AS400
Validate PW
Web Services
Proxy Server(if needed)
Hitachi IDApplicationServer(s)
SQL/Oracle
SQLDB
SQLDB
Cloud-hosted,
SaaS apps
VPNServer
© 2011 Hitachi ID Systems, Inc. All rights reserved. 11
Slide Presentation
17 Included Connectors
Many integrations to target systems included in the base price:
Directories:Any LDAP, AD, WinNT, NDS,eDirectory, NIS/NIS+.
Servers:Windows NT, 2000, 2003,2008, Samba, Novell,SharePoint.
Databases:Oracle, Sybase, SQL Server,DB2/UDB, ODBC.
Unix:Linux, Solaris, AIX, HPUX, 24more.
Mainframes, Midrange:z/OS: RACF, ACF2,TopSecret. iSeries / OS400.
HDD Encryption:McAfee, CheckPoint.
ERP:JDE, Oracle eBiz,PeopleSoft, SAP R/3, Siebel,Business Objects.
Collaboration:Lotus Notes, Exchange,GroupWise, BlackBerry ES.
Tokens, Smart Cards:RSA SecurID, SafeWord,RADIUS, ActivIdentity,Schlumberger.
WebSSO:CA Siteminder, IBM TAM,Oracle AM, RSA AccessManager.
Help Desk:BMC Remedy, BMC SDE, HPService Manager, CAUnicenter, Assyst, HEAT,Altiris, Track-It!, etc.
Cloud/SaaS:WebEx, Google Apps,Salesforce, SOAP (generic).
18 Scriptable Integrations
• ID Management Suite easily integrates with custom, vertical and hosted applications using flexibleagents .
• Each flexible agent represents a standard process for connecting to a whole class of target systems,including:
– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.
• Typically a few hours to a few days to add an integration.• Hitachi ID can build these at fixed-cost.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 12
Slide Presentation
19 IAM Project Risk Management
IAM projects often take too long and cost toomuch. Why?
Risk management
• Data quality:
– Nonstandard, disconnected IDs– Incorrect, old identity data.
• Combine automation and self-service forclean up.
• Never-ending role engineering:
– Role based access control is a goodobjective, but...
– It can be slow and costly to developand maintain roles.
– Some users just don’t fit.
• Start deployment with just a few roles.• Add roles gradually, based on demand.
• Too many workflows:
– Defining too many forms, processestakes too long.
– One form, one process per changetype? Per system?
• Implement a generic changemanagement system.
• Custom forms for just the most popularrequests.
20 Hitachi ID Technology Advantages
• More features and functionality for less money:
– Lower initial and ongoing investment (License scheme)– Lower on-going administration costs
• Technology (not services) drives down deployment costs:
– Auto-discovery.– Self-service login ID reconciliation.– More pre-built connectors.– Support for multi-tenant installation.– Functional across customer firewalls.– Avoids role engineering.– Dynamic workflow.– Full functionality without client software.– Easier to extend to custom applications/targets.
© 2011 Hitachi ID Systems, Inc. All rights reserved. 13
Slide Presentation
21 ID Management Suite Summary
• A rich suite of identity and access management products, with over 10.4M licensed users, that can:
– Discover and connect user objects from every system.– Streamline administration of users, entitlements and authentication factors.– Construct and maintain OrgChart data.– Secure access to privileged accounts on thousands of systems.
• Lock down security and comply with regulations requiring internal controls.• Reduce operating costs and improve user productivity.• Flexible, scalable, reliable, available.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]
File: PRCS:presDate: March 22, 2011