1 Hitachi ID Suite

Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications

Administration and governance ofIdentities, entitlements and credentials.

2 Agenda

• Introductions.• Hitachi ID corporate overview.• Hitachi ID Suite overview.• The user management lifecycle.• Addressing identity management system deployment challenges.• Advantages of the Hitachi ID solution.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 1

Slide Presentation

3 Hitachi ID corporate overview

Hitachi ID delivers access governanceand identity administration solutionsto organizations globally.Hitachi ID IAM solutions are used by Fortune500companies to secure access to systemsin the enterprise and in the cloud.

• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 1200 customers.• More than 14M+ licensed users.• Offices in North America, Europe and

APAC.• Global partner network.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 2

Slide Presentation

4 Representative customers

© 2020 Hitachi ID Systems, Inc. All rights reserved. 3

Slide Presentation

5 The user lifecycle

At a high level, the userlifecycle is essentiallythe same in allorganizations andacross all platforms.

6 IAM challenges in the user lifecycle

• More IT → moreusers to manage.

• There arechallengesthroughout theuser lifecycle.

• Support cost.• User service.• Security.

Slow:

too much paper,

too many people.

Expensive:

too many administrators

doing redundant work.

Role changes:

add/remove rights.

Policies:

enforced?

Audit:

are privileges appropriate?

Org. relationships:

track and maintain.

Reliable:

notification of terminations.

Fast:

response by sysadmins.

Complete:

deactivation of all IDs.

Passwords:

too many, too weak,

often forgotten.

Access:

Why can’t I access that

application / folder / etc.

Slow:

paper,

eople.

nsive:

trators

work.

able:

tions.

Fast:

dmins.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 4

Slide Presentation

7 IAM in silos

In most organizations, many processes affect many applications.This many-to-many relationship creates complexity:

8 Distributed IAM is complex

• Managing each system and application separately is complex.• Complexity is bad:

– Expensive: redundant updates to every system when hiring, moving or terminating users.– Unfriendly: users have lots of different IDs and passwords, which they don’t know how to

manage.– Insecure: mistakes are made and users get or retain excess entitlements.

Orphan and dormant accounts.Stale privileges.

• Every system and application added makes things worse.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 5

Slide Presentation

9 Integrated IAM processes

Business processes

Systems and applications with users, passwords, groups, attributes

IT processes

Identity and Access Management System

Hire Retire Resign Finish contract

Transfer Fire Start contract

New application Retire application

Password resetPassword expiry

Operating

systems

Directory Application Database E-mail

system

ERP Legacy

app

Mainframe

© 2020 Hitachi ID Systems, Inc. All rights reserved. 6

Slide Presentation

10 Hitachi ID Suite

11 Onboarding new users

Hitachi ID Identity Manager can accelerate theonboarding process and reduce the securityadministration burden:

• Automation:Detect new hires in HR and automaticallycreate access on managed systems,such as AD, SAP and the mainframe.

• Self-service workflow:Managers can request and approveaccess electronically, for example forcontractors.

• Consolidated administration:Security administrators save time byusing one tool to manage users acrossevery system.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 7

Slide Presentation

12 Change management

Hitachi ID Identity Manager manageschanges to user profiles:

• Self-service updates to phonenumbers, department codes, etc.

Identity Manager, Hitachi ID Group Managerand Hitachi ID Org Manager managechanges to user roles and responsibilities:

• Self-service requests for newentitlements.

• Distributed audit of user rights bymanagers and app owners.

• Distributed update of organizationalrelationships by managers.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 8

Slide Presentation

13 IT support

Hitachi ID Password Manager for "Iforgot/locked my password" calls:

• Synchronization: Users with fewerpasswords have fewer problems.

• Reset: Users can resolve their ownproblems without calling the help desk.

• Assistance: A help desk interfacereduces the duration and cost ofremaining calls.

Hitachi ID Group Manager for "accessdenied" calls:

• Self-service: Users browse forresources and request access.

• Authorization workflow: Groupowners are asked to review andapprove change requests.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 9

Slide Presentation

14 Deactivating access

Retirement, resignation, end-of-contract:

• Hitachi ID Identity Manager detectschanges in systems of record, suchas HR, and deactivates all access.

• Managers can schedule deactivationwith a workflow form.

Dismissals:

• Security administrators use anIdentity Manager form to terminateall of a user’s accounts immediately.

Asset retrieval

• Identity Manager inventory trackingassists in retrieval of PCs, cellphones, building access badges, etc.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 10

Slide Presentation

15 Closed loop IAM

Integrated

Systems

of Record�� ��� �� � � � �

�� �� � � � �� � � � � � �� � � � � � � � � � � �� � � � � � � ��� � � Integrated

Target

Systems

Non-integrated

Systems

� � � � � �� �

List accounts

Create,

delete,

update

accountsUpdates

UpdatesDetected

changes

List

people

Approve,

reject,

delegate

Invitations � � �� � �� �� �Review,

certify,

correct

Invitations � � � � � �� � � � �� �� �

Manual

request

� � � � ��� �� � - Validate requests

- Route for approval

- Invite authorizers

- Send reminders

- Escalate

- DelegateManual

fulfillment

Auto-

fulfillment

Create,

delete,

update

accounts

Automatic

request

Accept,

confirm

Invitations�� � � � � � � � �� � � � �� � �

� � �� � �

© 2020 Hitachi ID Systems, Inc. All rights reserved. 11

Slide Presentation

16 Active-active architecture

“Cloud”

Reverse

web

proxyVPN server

IVR server

Load

balancers

E-mail

system

Ticketing

system

HR

Hitachi ID

servers

Hitachi ID

servers

Firewalls

Proxy server

(if needed)

Mobile

proxy

SaaS apps

Managed

endpoints

Managed endpoints

with remote agent:

AD, SQL, SAP, Notes, etc

z/OS - local agent

MS SQL databases

Password synch

trigger systems

Native password

change

ManageMobile UI

AD, Unix, z/OS,

LDAP, iSeries

Validate pw

Replication

System of

record

Tickets

Notifications

and invitations

Data c

enter A

Data c

enter B

Remote

data

cente

r

TCP/IP + AES

Various protocols

Secure native protocol

HTTPS

© 2020 Hitachi ID Systems, Inc. All rights reserved. 12

Slide Presentation

17 Included connectors

Directories: Databases: Server OS – X86/IA64: Server OS – Unix: Server OS – Mainframe:

Active Directory and AzureAD; any LDAP; NIS/NIS+ andeDirectory.

Oracle; SAP ASE and HANA;SQL Server; DB2/UDB;Hyperion; Caché; MySQL;OLAP and ODBC.

Windows: NT thru 2016; Linuxand *BSD.

Solaris, AIX and HP-UX. RAC/F, ACF/2 and TopSecret.

Server OS – Midrange: ERP, CRM and other apps: Messaging & collaboration: Smart cards and 2FA: Access managers / SSO:

iSeries (OS400); OpenVMSand HPE/Tandem NonStop.

Oracle EBS; SAP ECC andR/3; JD Edwards; PeopleSoft;Salesforce.com; Concur;Business Objects and Epic.

Microsoft Exchange, Lync andOffice 365; LotusNotes/Domino; Google Apps;Cisco WebEx, Call Managerand Unity.

Any RADIUS service or SAMLIdP; Duo Security; RSASecurID; SafeWord; Vasco;ActivIdentity andSchlumberger.

CA SiteMinder; IBM SecurityAccess Manager; Oracle AM;RSA Access Manager andImprivata OneSign.

Help desk / ITSM: PC filesystem encryption: Server health monitoring: HR / HCM: Extensible / scriptable:

ServiceNow; BMC Remedy,RemedyForce and Footprints;JIRA; HPE Service Manager;CA Service Desk; AxiosAssyst; Ivanti HEAT;Symantec Altiris; Track-It!; MSSCS Manager and Cherwell.

Microsoft BitLocker; McAfee;Symantec EndpointEncryption and PGP;CheckPoint and SophosSafeGuard.

HP iLO, Dell DRAC and IBMRSA.

WorkDay; PeopleSoft HR;SAP HCM andSuccessFactors.

CSV files; SCIM; SSH;Telnet/TN3270/TN5250;HTTP(S); SQL; LDAP;PowerShell and Python.

Hypervisors and IaaS: Mobile management: Network devices: Filesystems and content: SIEM:

AWS; vSphere and ESXi. BlackBerry Enterprise Serverand MobileIron.

Cisco IOS PIX and ASA;Juniper JunOS andScreenOS; F5 BigIP; HPProcurve; Brocade Fabric OSand CheckPointSecurePlatform.

Windows/CIFS/DFS;SharePoint; Samba; HitachiContent Platform and HCPAnywhere; Box.com andTwitter.

Splunk; ArcSight; RSAEnvision and QRadar. AnySIEM supporting SYSLOG orWindows events.

Management & inventory:

Qualys; McAfee ePO andMVM; Cisco ACS;ServiceNow ITAM; HPUCMDB; Hitachi HiTrack.

18 Integration with custom apps

• Hitachi ID Suite easily integrates with custom, vertical and hosted applications using flexible agents.

• Each flexible agent connects to a class of applications:

– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.

• Integration takes a few hours to a few days.• Fixed cost service available from Hitachi ID.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 13

Slide Presentation

19 IAM project risk management

IAM projects often take too long and cost toomuch. Why?

Risk management

• Data quality:

– Nonstandard, disconnected IDs– Incorrect, old identity data.

• Combine automation and self-service forclean up.

• Never-ending role engineering:

– Role based access control is a goodobjective, but...

– It can be slow and costly to developand maintain roles.

– Some users just don’t fit.

• Start deployment with just a few roles.• Add roles gradually, based on demand.

• Too many workflows:

– Defining too many forms, processestakes too long.

– One form, one process per changetype? Per system?

• Implement a generic changemanagement system.

• Custom forms for just the most popularrequests.

20 Hitachi ID technology advantages

Industry-leading technology at the lowest TCO:

• More features and functionality for less money:

– Lower initial and ongoing investment (License scheme)– Lower on-going administration costs

• Technology (not services) drives down deployment costs:

– Reference implementations.– All features, connectors included.– Auto-discovery of systems, accounts, entitlements.– Automated and self-service ID mapping.– Policy-driven workflow easier to manage.– No need to engage in costly role engineering.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 14

Slide Presentation

21 Hitachi ID Suite summary

• Three integrated IAM products, licensed to over 14M users, that can:

– Discover and connect identities across systems and applications.– Securely and efficiently manage identities, groups, entitlements and credentials.– Secure and monitor access to privileged accounts.– Provide strong authentication and federated sign-on.

• Improve security to comply with regulations.• Reduce IT support cost and improve user productivity.• Consolidate management of on-premises and SaaS apps.

hitachi-id.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 E-Mail: sales@hitachi-id.com

Date: 2020-03-23 | 2020-03-23 File: PRCS:pres