hitachi id password manager: lower cost, improve service and strengthen security with password...
DESCRIPTION
Integrated Credential Management for Users:Passwords, encryption keys, tokens, smart cards and more.See more at: http://hitachi-id.com/docs/pres.htmlTRANSCRIPT
1 Hitachi ID Password Manager
Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications
Integrated Credential Management for Users:Passwords, encryption keys, tokens, smart cards and more.
2 Agenda
• Introducing Hitachi ID.• Credential management challenges.• Hitachi ID Password Manager:
– Features.– Technology.– Impact.
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 1
Slide Presentation
3 Hitachi ID Corporate Overview
Hitachi ID delivers access governanceand identity administration solutionsto organizations globally.Hitachi ID solutions are used by Fortune 500companies to secure access to systemsin the enterprise and in the cloud.
• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 1000 customers.• More than 12M+ licensed users.• Offices in North America, Europe and
APAC.• Partners globally.
4 Representative Hitachi ID Customers
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 2
Slide Presentation
5 IDM Suite
6 The Credentials Landscape
Laptop
Phone At office
At home
Mobile
Cached password
App password
SaaS password
AD password
ERP password
Mainframe pw
PIN
PIN
Boot password
OS password
Encryption key
Local password
Cached password
Cached password
Local password
R S ASecurID 159 759 The Cloud
Smart card
OTP token
iPad
Tablet
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 3
Slide Presentation
7 Problems Due To Complexity
Security / Internal Controls
• Sticky notes.• Guessable passwords.• Social engineering the
help desk.
IT Support Cost
• High call volume.• #1 incident type.• Staffing for peak load.
Audit
• Is authenticationreliable?
• What users aretriggering lockouts?
• Who can or didreset whosepassword?
User Service
• Too manypasswords.
• Too many loginprompts.
• Frequent loginproblems.
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 4
Slide Presentation
8 Too many passwords
Hard to remember passwords Synchronize passwords
• High help desk call volume.• Users write down passwords.
• Fewer, stronger passwords.• Easy to remember, change.• Lower help desk call volume.
9 Synchronization Features
• Transparent:
– Triggered from native PW change.– Available on AD, LDAP, RAC/F, etc.
• Web-based:
– Change passwords using web browser.– Interactively show systems, policies.
• Expired password notification:
– E-mail.– Web popup.– Pre-empt native expiry.
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 5
Slide Presentation
10 Users forget their password or PIN
Users forget or lock out their password/PIN Self-service reset
self-service
• Business interruption: can’t login.• Support cost: high call volume.• Security: help desk fooled into
improper password resets.
• Fewer, shorter business interruptions.• Lower support cost.• Available 24x7, everywhere.• Secure and convenient.
11 Self-Service Reset Features
• Reset passwords and/or clear lockouts:
– Directory, OS, DB, application.– On-premise and SaaS (cloud).– Server-based and cached on the user’s device.
• Reset PINs:
– One time password tokens (e.g., RSA SecurID).– Smart cards.
• Always accessible:
– PC, tablet or phone web browser.– PC login screen.– On the corporate network and over public Internet/WiFi/VPN.– Via telephone call.
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 6
Slide Presentation
12 Authentication prior to support
Need to authenticate users without askingfor their (forgotten) password or PIN
Managed enrollment process
• Backup authentication factors are apre-requisite to self-service.
• Automatically invite users to enroll.• Forms for Q&A; phone number, etc.• High user adoption leads to good ROI.
13 Managed Enrollment
• Prior enrollment is often a pre-requisite to self-service.• Enrollment may include:
– Security questions.– Mobile phone number (for SMS/PIN).– Non-standard login IDs.– Voice samples for biometric authentication.
• Hitachi ID Password Manager includes a robust, automated system to manage the enrollmentprocess:
– Identify users who need to enroll.– Send out e-mail invitations.– Automated reminders.– Launch browser to enrollment page at PC login time.– Control pace of invitations (globally and per user).– Mandatory enrollment is possible.
• Automated, managed enrollment significantly improves user adoption.
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 7
Slide Presentation
14 Users tired of typing many passwords
Users enter too many passwords Copy credentials from Windows toapplication login screens
• Friction between users and apps.• User frustration.
• Faster, simpler logins.• Business happier with IT.
15 HiLM Operation
• Users log into their workstation as before, using their network login ID and password.• Hitachi ID Login Manager installs a network provider, which picks up the user’s primary ID and
password.• HiLM monitors the applications that a user launches, watching for instances where the user retypes
the primary ID and password.• HiLM stores the locations where the user reused his/her primary ID or password.• When a familiar authentication prompt reappears, HiLM automatically fills in the ID and/or password.• HiLM can read login ID aliases from an AD attribute at login time, eliminating the need to synchronize
login IDs.
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 8
Slide Presentation
16 Mobile users have login problems
Users may forget their primary or VPNpassword while off-site.
Reset cached, VPN passwords overWiFi+VPN
Laptop
WiFi
VPN Server
Internet
Cafe HiPM Server
VPN Link
• Forgot cached Windows password: PCis a brick.
• Forgot VPN password: cannotcommunicate.
• Users can get back to work.• Self-service from any device, at any
location, any time.
17 Self-Service, Anywhere
Self-service is complicated by connectivity and device options.
User location Endpoint device Connectivity Reset/unlock
• Work.• Home.• Airport.• Cafe.• Partner office.
• Laptop.• Tablet.• Smart phone.
• Wired at work.• Wired at home.• WiFi at home.• Public WiFi.• Tethered
phone.• Cell modem.
• Networkpassword.
• Cachedpassword.
• Smart card PIN.• Token PIN.• Encrypted
HDD.
Example scenarios supported by Hitachi ID Password Manager:
• Reset forgotten, cached AD password at airport.• Recover from forgotten full disk encryption password (via phone).
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 9
Slide Presentation
18 Off-site, Locked-out Password Reset
Animation: ../pics/camtasia/hipam-71/6-self-service-anywhere.cam
19 Forgotten encryption passwords
Users with a cryptographically secured PCforget their pre-boot password
Self-service key recovery overtelephone/IVR
Key Recovery Server
UserLaptop
PhoneSystem
Phone HiTPM
• PC is a brick until unlocked.• Support calls are long and costly.
• Users get back to work quickly.• No costly help desk support call.
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 10
Slide Presentation
20 Password Management Savings
0
10
20
30
40
50
60
70
80
90
100
Baseline Self Reset only Synch only Both
60% user adoptionof self-servicepassword reset
User problems
Help desk calls
80% of problemsreduced by simplifiedpassword management
Combine problem reduction with self-service adoption
100 100 100
40
20 20 208
21 Multi-Master Architecture
Hitachi ID
Application Server(s)
TCP/IP + AES
Various Protocols
Secure Native Protocol
HTTPS
Remote Data Center
Remote Data CenterLocal Network
Emails
Tickets
Lookup & Trigger
Native
password
change
AD, Unix,
OS/390,
LDAP,
AS400
Validate PW
Web Services
SQLDB
SQLDB
Cloud-hosted,
SaaS apps
IVRServer
VPNServer
Reverse
Web
ProxyPassword Synch Trigger S
ystems
Firewall
Firewall
SMTP or
Notes Mail
Incident
Mgmt
System
System of
Record
Target
Systems
Proxy Server
(if needed)
SQL/
Oracle
Load
BalancerTarget Systems with local agent:
OS/390, Unix, older RSA
Target Systems with remote agent:
AD, SQL, SAP, Notes, etc
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 11
Slide Presentation
22 Included Connectors
Many integrations to target systems included in the base price:
Directories:Any LDAP, AD, WinNT, NDS,eDirectory, NIS/NIS+.
Servers:Windows NT, 2000, 2003,2008, 2008R2, Samba,Novell, SharePoint.
Databases:Oracle, Sybase, SQL Server,DB2/UDB, Informix, ODBC,Oracle Hyperion EPM SharedServices, Cache.
Unix:Linux, Solaris, AIX, HPUX, 24more variants.
Mainframes, Midrange:z/OS: RACF, ACF2,TopSecret. iSeries,OpenVMS.
HDD Encryption:McAfee, CheckPoint,BitLocker, PGP.
ERP:JDE, Oracle eBiz,PeopleSoft, PeopleSoft HR,SAP R/3 and ECC 6, Siebel,Business Objects.
Collaboration:Lotus Notes, Exchange,GroupWise, BlackBerry ES.
Tokens, Smart Cards:RSA SecurID, SafeWord,RADIUS, ActivIdentity,Schlumberger.
WebSSO:CA Siteminder, IBM TAM,Oracle AM, RSA AccessManager.
Help Desk:ServiceNow, BMC Remedy,SDE, HP SM, CA Unicenter,Assyst, HEAT, Altiris, Clarify,RSA Envision, Track-It!, MSSystem Center ServiceManager
Cloud/SaaS:WebEx, Google Apps, MSOffice 365, Salesforce.com,SOAP (generic).
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 12
Slide Presentation
23 Rapid Integration with Custom Apps
• Hitachi ID Password Manager easily integrates with custom, vertical and hosted applications usingflexible agents .
• Each flexible agent connects to a class of applications:
– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.
• Integration takes a few hours to a few days.• Fixed cost service available from Hitachi ID.
24 Competitive Differentiation
Consistency
• Manage all credentials:
– OS, app passwords.– Pre-boot passwords.– On-premise and SaaS.– Smart cards.– OTP tokens.
• 110+ connectors included.
Availability
• Full or mini browser.• Phone call.• PC login screen.• Pre-boot password prompt.• At work and remote.
Scalability
• Multi-master architecture.• Load balanced, replicated.• Deploy across data centers.• Multi-lingual.
Cost savings
• Reduce problem frequency.• Divert resolution to self-service.• Managed invitations to maximize user
adoption.• Quick, low-cost deployment.• Minimal effort to maintain.
© 2013 Hitachi ID Systems, Inc.. All rights reserved. 13
Slide Presentation
25 The Leading Vendor
Innovation Ongoing support Low cost
• Self-Service, Anywhere.• Crypto key recovery.• SSO without a password
wallet.
• Responsive and skilledcustomer support.
• Unattended operation:
– Auto-discovery.– Managed
enrollment.– Metrics and trend
analysis.– SIEM, help desk
integration.
• Lost cost deployments.• Minimal need for
ongoing maintenance.• Fixed-price
engagements.
26 Summary
An integrated solution for managing credentials:
• Immediate security benefit: password policy, help desk caller authentication.• Low deployment cost, minimal ongoing investment, significant IT support savings.• Always accessible:
– Web browser on PC, phone or tablet.– Windows login prompt.– Pre-boot encryption password prompt.– Phone call / IVR.– Available at work and while off-site.
• 110+ connectors included.
Learn more at Hitachi-ID.com/Password-Manager
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]
File: PRCS:presDate: September 19, 2013