Idm suite


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Idm suite

  1. 1. 1 ID Management Suite Managing the User Lifecycle Across On-Premises and Cloud-Hosted ApplicationsFully integrated identity and access management.2 Agenda • Introductions. • Hitachi ID corporate overview. • ID Management Suite overview. • The user management lifecycle. • Addressing identity management system deployment challenges. • Advantages of the Hitachi ID solution. © 2011 Hitachi ID Systems, Inc. All rights reserved. 1
  2. 2. Slide Presentation3 Hitachi ID Corporate Overview Hitachi ID is a leading provider of identity and access management solutions. • Founded as M-Tech in 1992, a division of Hitachi, Ltd. as of 2008. • Hitachi, Ltd.: – Founded in 1910. – $105 billion revenue in FY2010. – 360,000 employees. • Hitachi ID has 840+ customers with a combined 10.4M+ licensed users. • Offices in North America and partners overseas. • Approximately 140 employees. Award: SC Magazine Best Buy for the ID Management Suite. © 2011 Hitachi ID Systems, Inc. All rights reserved. 2
  3. 3. Slide Presentation4 Representative Hitachi ID Customers5 The User Lifecycle At a high level, the user lifecycle is essentially the same in all organizations and across all platforms. © 2011 Hitachi ID Systems, Inc. All rights reserved. 3
  4. 4. Slide Presentation6 User Lifecycle: Business Challenges Slow: Role changes: • More IT → more too much paper, add/remove rights. too many people. users to manage. Expensive: Policies: enforced? • There are too many administrators Audit: doing redundant work. are privileges appropriate? challenges Org. relationships: throughout the track and maintain. user lifecycle. • Support cost. • User service. • Security. Reliable: Passwords: notification of terminations. too many, too weak, Fast: often forgotten. response by sysadmins. Access: Complete: Why can’t I access that deactivation of all IDs. application / folder / etc.7 IAM in SilosIn most organizations, many processes affect many applications.This many-to-many relationship creates complexity: © 2011 Hitachi ID Systems, Inc. All rights reserved. 4
  5. 5. Slide Presentation8 Distributed IAM Is Complex • Managing each system and application separately is complex. • Complexity is bad: – Expensive: redundant updates to every system when hiring, moving or terminating users. – Unfriendly: users have lots of different IDs and passwords, which they don’t know how to manage. – Insecure: mistakes are made and users get or retain excess entitlements. Orphan and dormant accounts. Stale privileges. • Every system and application added makes things worse.9 Integrated IAM Processes Business Processes IT Processes Hire Retire Resign Finish Contract New Application Retire Application Transfer Fire Start Contract Password Expiry Password Reset Identity Management System Users Passwords Operating Directory Application Database E-mail ERP Legacy Mainframe Groups System System App Attributes Systems and Applications © 2011 Hitachi ID Systems, Inc. All rights reserved. 5
  6. 6. Slide Presentation10 ID Management Suite11 Onboarding New Users Hitachi ID Identity Manager can accelerate the onboarding process and reduce the security administration burden: • Automation: Detect new hires in HR and automatically create access on managed systems, such as AD, SAP and the mainframe. • Self-service workflow: Managers can request and approve access electronically, for example for contractors. • Consolidated administration: Security administrators save time by using one tool to manage users across every system. © 2011 Hitachi ID Systems, Inc. All rights reserved. 6
  7. 7. Slide Presentation12 Change Management Hitachi ID Identity Manager manages changes to user profiles: • Self-service updates to phone numbers, department codes, etc. Identity Manager, Hitachi ID Group Manager and Hitachi ID Org Manager manage changes to user roles and responsibilities: • Self-service requests for new entitlements. • Distributed audit of user rights by managers and app owners. • Distributed update of organizational relationships by managers. © 2011 Hitachi ID Systems, Inc. All rights reserved. 7
  8. 8. Slide Presentation13 IT Support Hitachi ID Password Manager for "I forgot/locked my password" calls: • Synchronization: Users with fewer passwords have fewer problems. • Reset: Users can resolve their own problems without calling the help desk. • Assistance: A help desk interface reduces the duration and cost of remaining calls. Hitachi ID Group Manager for "access denied" calls: • Self-service: Users browse for resources and request access. • Authorization workflow: Group owners are asked to review and approve change requests. © 2011 Hitachi ID Systems, Inc. All rights reserved. 8
  9. 9. Slide Presentation14 Deactivating Access Retirement, resignation, end-of-contract: • Hitachi ID Identity Manager detects changes in systems of record, such as HR, and deactivates all access. • Managers can schedule deactivation with a workflow form. Dismissals: • Security administrators use an Identity Manager form to terminate all of a user’s accounts immediately. Asset retrieval • Identity Manager inventory tracking assists in retrieval of PCs, cell phones, building access badges, etc. © 2011 Hitachi ID Systems, Inc. All rights reserved. 9
  10. 10. Slide Presentation15 Closed Loop IAMIntegrated Hitachi ID Management Suite Integrated Systems List accounts Target List of Record people Auto Systems discovery Updates Detected changes Create, Non-integrated Auto-provisioning Identity delete, Systems Identity synch. Cache update Updates accounts Automatic request - Validate requests Auto- Manual Requests - Route for approval Requesters fulfillment request Web UI - Invite authorizers Work - Send reminders Queue Create, - Escalate delete, Invitations - Delegate Manual update Connectors accounts fulfillment Request Transaction Approvals Queue Manager Authorizers Approve, reject, Web UI delegate Invitations Invitations Workflow Certification Manager Implementer Certifiers Review, Accept, Implementers certify, Web UI Web UI confirm correct © 2011 Hitachi ID Systems, Inc. All rights reserved. 10
  11. 11. Slide Presentation16 Network Architecture ix, Un , D, /390 A S P, d O DA 0 e tiv or L S40 d, Na assw ge A st e p han Password -ho pps User c Synch ud a Trigger Target Systems Clo aaS Systems S with local agent: OS/390, Unix, PW Reverse ate Hitachi ID older RSA lid Web Proxy Va Application VPN s Target Systems Server(s) ice Server erv with remote agent: IVR bS SQL Server DB We AD, SQL, SAP, Notes, etc ork Load SQL etw Balancer DB lN ca ails Lo Target Systems Em SQL/Oracle ter en Firewall SMTP or ets Notes Mail Tic k ge r t aC &T r ig Da Incident up te TCP/IP + AES Management Lo ok mo Various Protocols System System of Firewall Re Record Proxy Server Secure Native Protocol (if needed) HTTPS © 2011 Hitachi ID Systems, Inc. All rights reserved. 11
  12. 12. Slide Presentation17 Included ConnectorsMany integrations to target systems included in the base price: Directories: Servers: Databases: Any LDAP, AD, WinNT, NDS, Windows NT, 2000, 2003, Oracle, Sybase, SQL Server, eDirectory, NIS/NIS+. 2008, Samba, Novell, DB2/UDB, ODBC. SharePoint. Unix: Mainframes, Midrange: HDD Encryption: Linux, Solaris, AIX, HPUX, 24 z/OS: RACF, ACF2, McAfee, CheckPoint. more. TopSecret. iSeries / OS400. ERP: Collaboration: Tokens, Smart Cards: JDE, Oracle eBiz, Lotus Notes, Exchange, RSA SecurID, SafeWord, PeopleSoft, SAP R/3, Siebel, GroupWise, BlackBerry ES. RADIUS, ActivIdentity, Business Objects. Schlumberger. WebSSO: Help Desk: Cloud/SaaS: CA Siteminder, IBM TAM, BMC Remedy, BMC SDE, HP WebEx, Google Apps, Oracle AM, RSA Access Service Manager, CA Salesforce, SOAP (generic). Manager. Unicenter, Assyst, HEAT, Altiris, Track-It!, etc.18 Scriptable Integrations • ID Management Suite easily integrates with custom, vertical and hosted applications using flexible agents . • Each flexible agent represents a standard process for connecting to a whole class of target systems, including: – API bindings (C, C++, Java, COM, ActiveX, MQ Series). – Telnet / TN3270 / TN5250 / sessions with TLS or SSL. – SSH sessions. – HTTP(S) administrative interfaces. – Web services. – Win32 and Unix command-line administration programs. – SQL scripts. – Custom LDAP attributes. • Typically a few hours to a few days to add an integration. • Hitachi ID can build these at fixed-cost. © 2011 Hitachi ID Systems, Inc. All rights reserved. 12
  13. 13. Slide Presentation19 IAM Project Risk Management IAM projects often take too long and cost too Risk management much. Why? • Data quality: • Combine automation and self-service for clean up. – Nonstandard, disconnected IDs – Incorrect, old identity data. • Never-ending role engineering: • Start deployment with just a few roles. • Add roles gradually, based on demand. – Role based access control is a good objective, but... – It can be slow and costly to develop and maintain roles. – Some users just don’t fit. • Too many workflows: • Implement a generic change management system. • Custom forms for just the most popular – Defining too many forms, processes requests. takes too long. – One form, one process per change type? Per system?20 Hitachi ID Technology Advantages • More features and functionality for less money: – Lower initial and ongoing investment (License scheme) – Lower on-going administration costs • Technology (not services) drives down deployment costs: – Auto-discovery. – Self-service login ID reconciliation. – More pre-built connectors. – Support for multi-tenant installation. – Functional across customer firewalls. – Avoids role engineering. – Dynamic workflow. – Full functionality without client software. – Easier to extend to custom applications/targets. © 2011 Hitachi ID Systems, Inc. All rights reserved. 13
  14. 14. Slide Presentation 21 ID Management Suite Summary • A rich suite of identity and access management products, with over 10.4M licensed users, that can: – Discover and connect user objects from every system. – Streamline administration of users, entitlements and authentication factors. – Construct and maintain OrgChart data. – Secure access to privileged accounts on thousands of systems. • Lock down security and comply with regulations requiring internal controls. • Reduce operating costs and improve user productivity. • Flexible, scalable, reliable, available.500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: File: Date: March 22, 2011