Académique Documents
Professionnel Documents
Culture Documents
2 Agenda
Corporate.
IAM problems / Hitachi ID solutions.
Technology.
Privileged Access
Example deployments.
Discussion.
3 Corporate
4 Products
Automation:
Monitor one or more systems of record (SoR).
Generate requests to grant, revoke access.
Request portal:
Users can request for themselves or others.
Access control model limits visibility, requestability.
Certification:
Initiated by the system (event, schedule).
Stake-holders review identities, entitlements.
Generates deprovisioning requests.
Workflow:
Invite authorizers, implementers, certifiers to act.
Built-in reminders, escalation, delegation and more.
Selects participants via policy, not flow-charts.
Policies, controls:
RBAC.
SoD.
Risk scores.
Approvals.
Entitlement analytics.
Integrations:
110+ bidirectional connectors, included.
Incident management, SIEM, e-mail interfaces.
Manage building access, physical assets.
Password synch:
Reduce the number of passwords per user.
Self-service:
Password reset.
Clear lockout.
Smart card PIN reset.
Token PIN reset.
Encrypted filesystem unlock.
Value-add:
Federated access replace other apps login screens.
Password vault users can store unmanaged passwords.
Access from:
PC browser or login screen.
At the office or remote.
Smart phone or voice call.
Assisted service:
Password, token PIN, intruder lockout.
Policy enforcement:
Two-factor authentication for all users.
Password complexity, expiry, history.
Non-password authentication.
Managed enrollment:
Security questions.
Login IDs.
Mobile phone numbers.
5 Technology
Native password
change
Password synch
trigger systems SaaS apps
Hitachi ID
servers
Load
balancers
Reverse
web
proxy Managed endpoints
VPN server
with remote agent:
Replication AD, SQL, SAP, Notes, etc
IVR server MS SQL databases
B
Hitachi ID ter
Notifications servers c en r
t a te
and invitations
Da cen
E-mail Tickets data
ote
Firewalls
system m
System of Re
Ticketing record
TCP/IP + AES system
A
HR n ter Managed
Various protocols
ce endpoints
ta
Secure native protocol Da
Proxy server
HTTPS (if needed)
BYOD enabled
On premise and SaaS SaaS apps
lo ud
C
Replicated across data centers
Horizontal scaling
Load balanced
B
ter
c en r
t a te
Da cen
data
m ote
Re
TCP/IP + AES
A
nter
Various protocols
ce
ta Reach across firewalls
Secure native protocol Da
HTTPS
6 Privileged Access
Auto-discovery:
Find systems, accounts.
Attach policy.
Random passwords:
Default is daily.
Secure storage:
Replicated (with fault tolerance/queue).
Encrypted.
Geographically distributed.
Access controls:
Policy: who can sign into which account?
Workflow controls:
One time request/approval/login.
Single sign-on:
Launch SSH, RDP, vSphere, SQL, etc.
Alternately: display password, temporary group membership,
temporary SSH trust/SUDO rights.
Application passwords:
Notify SCM, IIS, Scheduler, DCOM of new passwords.
API to eliminate embedded passwords.
Logging:
Requests, approvals, logins to privileged accounts.
Session monitoring:
Screen, keyboard, webcam, process ID, window title, etc.
7 Example Deployments
Industry: Finance
Target systems: Windows, Unix/Linux, MSSQL.
Functionality: Randomize passwords weekly on 122,000 systems around the world.
Deployed 12 servers in 4 data centers globally for super-high
availability and fault tolerance.
Main business driver: Eliminate static, shared, administrative passwords to comply with
audit, regulatory requirements.
Business impact: Control, audit administrator logins to privileged accounts on 122,000
systems globally. Pass audits.
8 Differentiation
HiIM Others
Hitachi ID Identity Express Pre-configured with most Every deployment is
common scenarios. custom, new.
Built-in features: Request portal. Custom forms.
Access certification. Custom workflows.
Approval workflow
User friendly requests: Windows Shell extension. Users must know what
SharePoint integration. entitlements to request.
Compare users.
Robust policy enforcement: SoD with deep inspection. SoD easily bypassed.
Policy-driven approvals. Hard-coded approvals.
Privacy protection. No privacy protection.
Architecture: Scalable: multi-master, DB is choke point, single
load-balanced. point of failure.
Fault tolerant: Only hot standby.
active-active.
HiPM Others
2FA, Federation included for all users. Extra products required.
Access from Windows login screen, even Come back to the office or ship laptop to
when off-site. dept
Managed enrollment, max. adoption. Write scripts extra cost, lower ROI.
2FA for everyone, no extra cost. Either purchase a separate 2FA system
or rely on AD passwords.
BYOD access, including approvals Fire up your laptop, sign into the VPN.
Run any admin tool, with any protocol. Can only launch RDP, SSH.
9 Discussion
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com