1 ID Management Suite

Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications

Fully integrated identity and access management.

2 Agenda

• Introductions.• Hitachi ID corporate overview.• ID Management Suite overview.• The user management lifecycle.• Addressing identity management system deployment challenges.• Advantages of the Hitachi ID solution.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 1

Slide Presentation

3 Hitachi ID Corporate Overview

Hitachi ID is a leading provider of identityand access management solutions.

• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 900 customers.• More than 11M+ licensed users.• Offices in North America, Europe and

APAC.• Partners globally.

4 Representative Hitachi ID Customers

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 2

Slide Presentation

5 The User Lifecycle

At a high level, the userlifecycle is essentiallythe same in allorganizations andacross all platforms.

6 Business Challenges

• More IT→ moreusers to manage.

• There arechallengesthroughout theuser lifecycle.

• Support cost.• User service.• Security.

Slow:too much paper,

too many people.

Expensive:too many administrators

doing redundant work.

Role changes:add/remove rights.

Policies:enforced?

Audit:are privileges appropriate?

Org. relationships:track and maintain.

Reliable:notification of terminations.

Fast:response by sysadmins.

Complete:deactivation of all IDs.

Passwords:too many, too weak,often forgotten.

Access:Why can’t I access thatapplication / folder / etc.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 3

Slide Presentation

7 IAM in Silos

In most organizations, many processes affect many applications.This many-to-many relationship creates complexity:

8 Distributed IAM Is Complex

• Managing each system and application separately is complex.• Complexity is bad:

– Expensive: redundant updates to every system when hiring, moving or terminating users.– Unfriendly: users have lots of different IDs and passwords, which they don’t know how to

manage.– Insecure: mistakes are made and users get or retain excess entitlements.

Orphan and dormant accounts.Stale privileges.

• Every system and application added makes things worse.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 4

Slide Presentation

9 Integrated IAM Processes

Business Processes

Systems and Applications

Users

Passwords

Groups

Attributes

IT Processes

Hire Retire New Application Retire ApplicationResign Finish Contract

ApplicationOperatingSystem

DatabaseDirectory E-mailSystem

ERP LegacyApp

Mainframe

Transfer Fire Start Contract Password Expiry Password Reset

Identity Management System

10 ID Management Suite

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 5

Slide Presentation

11 Onboarding New Users

Hitachi ID Identity Manager can accelerate theonboarding process and reduce the securityadministration burden:

• Automation:Detect new hires in HR and automaticallycreate access on managed systems,such as AD, SAP and the mainframe.

• Self-service workflow:Managers can request and approveaccess electronically, for example forcontractors.

• Consolidated administration:Security administrators save time byusing one tool to manage users acrossevery system.

12 Change Management

Hitachi ID Identity Manager manageschanges to user profiles:

• Self-service updates to phonenumbers, department codes, etc.

HiIM, Hitachi ID Group Manager and HitachiID Org Manager manage changes to userroles and responsibilities:

• Self-service requests for newentitlements.

• Distributed audit of user rights bymanagers and app owners.

• Distributed update of organizationalrelationships by managers.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 6

Slide Presentation

13 IT Support

Hitachi ID Password Manager for "Iforgot/locked my password" calls:

• Synchronization: Users with fewerpasswords have fewer problems.

• Reset: Users can resolve their ownproblems without calling the help desk.

• Assistance: A help desk interfacereduces the duration and cost ofremaining calls.

Hitachi ID Group Manager for "accessdenied" calls:

• Self-service: Users browse forresources and request access.

• Authorization workflow: Groupowners are asked to review andapprove change requests.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 7

Slide Presentation

14 Deactivating Access

Retirement, resignation, end-of-contract:

• Hitachi ID Identity Manager detectschanges in systems of record, suchas HR, and deactivates all access.

• Managers can schedule deactivationwith a workflow form.

Dismissals:

• Security administrators use an HiIMform to terminate all of a user’saccounts immediately.

Asset retrieval

• HiIM inventory tracking assists inretrieval of PCs, cell phones, buildingaccess badges, etc.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 8

Slide Presentation

15 Closed Loop IAM

IntegratedSystems

of Record Autodiscovery

Auto-provisioningIdentity synch.

IdentityCache

IntegratedTarget Systems

Non-integratedSystems

Transaction Manager

Connectors

List accounts

Create,delete,update

accountsUpdates

UpdatesDetectedchanges

Listpeople

Authorizers Approve,reject,delegate

Invitations

ApprovalsWeb UI

Certifiers Review,certify,correct

Invitations

CertificationWeb UI

Requesters Manualrequest

RequestsWeb UI

- Validate requests- Route for approval- Invite authorizers- Send reminders- Escalate- Delegate

Manualfulfillment

Auto-fulfillment

Create,delete,updateaccounts

Automaticrequest

ImplementersAccept,confirm

Invitations

ImplementerWeb UI

RequestQueue

WorkflowManager

Hitachi ID Management Suite

WorkQueue

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 9

Slide Presentation

16 Multi-Master Architecture

UserPasswordSynchTriggerSystems

Load Balancer

SMTP or Notes Mail

IncidentManagementSystem System of

Record

IVRServer

ReverseWeb Proxy

Target Systemswith local agent:OS/390, Unix, older RSA

Firewall

TCP/IP + AES

Various Protocols

Secure Native Protocol

HTTPS

Remote Data Center

Firewall

Local Network

Target Systemswith remote agent:AD, SQL, SAP, Notes, etc

Target SystemsEmails

Tickets

Lookup & Trigger

Native

password

change

AD, Unix,

OS/390,

LDAP,

AS400

Validate PW

Web Services

Proxy Server(if needed)

Hitachi IDApplicationServer(s)

SQL/Oracle

SQLDB

SQLDB

Cloud-hosted,

SaaS apps

VPNServer

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 10

Slide Presentation

17 Included Connectors

Many integrations to target systems included in the base price:

Directories:Any LDAP, AD, WinNT, NDS,eDirectory, NIS/NIS+.

Servers:Windows NT, 2000, 2003,2008, Samba, Novell,SharePoint.

Databases:Oracle, Sybase, SQL Server,DB2/UDB, Informix, ODBC.

Unix:Linux, Solaris, AIX, HPUX, 24more.

Mainframes, Midrange:z/OS: RACF, ACF2,TopSecret. iSeries,OpenVMS.

HDD Encryption:McAfee, CheckPoint.

ERP:JDE, Oracle eBiz, PeopleSoft,SAP R/3 and ECC 6, Siebel,Business Objects.

Collaboration:Lotus Notes, Exchange,GroupWise, BlackBerry ES.

Tokens, Smart Cards:RSA SecurID, SafeWord,RADIUS, ActivIdentity,Schlumberger.

WebSSO:CA Siteminder, IBM TAM,Oracle AM, RSA AccessManager.

Help Desk:BMC Remedy, SDE, HP SM,CA Unicenter, Assyst, HEAT,Altiris, Track-It!

Cloud/SaaS:WebEx, Google Apps,Salesforce.com, SOAP(generic).

18 Simple Integration with Custom Apps

• ID Management Suite easily integrates with custom, vertical and hosted applications using flexibleagents .

• Each flexible agent connects to a class of applications:

– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.

• Integration takes a few hours to a few days.• Fixed cost service available from Hitachi ID.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 11

Slide Presentation

19 IAM Project Risk Management

IAM projects often take too long and cost toomuch. Why?

Risk management

• Data quality:

– Nonstandard, disconnected IDs– Incorrect, old identity data.

• Combine automation and self-service forclean up.

• Never-ending role engineering:

– Role based access control is a goodobjective, but...

– It can be slow and costly to developand maintain roles.

– Some users just don’t fit.

• Start deployment with just a few roles.• Add roles gradually, based on demand.

• Too many workflows:

– Defining too many forms, processestakes too long.

– One form, one process per changetype? Per system?

• Implement a generic changemanagement system.

• Custom forms for just the most popularrequests.

20 Hitachi ID Technology Advantages

• More features and functionality for less money:

– Lower initial and ongoing investment (License scheme)– Lower on-going administration costs

• Technology (not services) drives down deployment costs:

– Auto-discovery.– Self-service login ID reconciliation.– More pre-built connectors.– Support for multi-tenant installation.– Functional across customer firewalls.– Avoids role engineering.– Dynamic workflow.– Full functionality without client software.– Easier to extend to custom applications/targets.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 12

Slide Presentation

21 ID Management Suite Summary

• A rich suite of identity and access management products, with over 11M licensed users, that can:

– Discover and connect user objects from every system.– Streamline administration of users, entitlements and login credentials.– Construct and maintain OrgChart data.– Secure access to privileged accounts on thousands of systems.

• Lock down security and comply with regulations requiring internal controls.• Reduce operating costs and improve user productivity.• Flexible, scalable, reliable, available.

www.Hitachi-ID.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

File: PRCS:presDate: March 1, 2012