1

Introduction to Identity Management

Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

An overview of business drivers and technology solutions.

Identity and Access Needs are Ever-Changing

Digital identities require constant administration to reect business changes: Who? (Types of users): Employees, contractors, vendors, partners, customers. Why? (Business events): Hire, move, change job function, terminate. What? (Change types:) Create/move/disable/delete user, update identity data and entitlements, reset passwords. Where? (Applications:) AD, Exchange, Notes, ERP, Linux/Unix, database, mainframe, physical assets. Complexity creates delay and reliability problems: Productivity: Slow onboarding, change fulllment. Cost: Many FTEs needed to implement security changes. Security: Unreliable access termination, inappropriate user entitlements. Enforce SoD policies. Accountability: Who has access to what? How/when did they get it?

2012 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

IAM in Silos

In most organizations, many processes affect many applications. This many-to-many relationship creates complexity:

Identity and Access Problems

For users How to request a change? Who must approve the change? When will the change be completed? Too many passwords. Too many login prompts. For IT support Onboarding, deactivation across many apps is challenging. More apps all the time! What data is trustworthy and what is obsolete? Not notied of new-hires/terminations on time. Hard to interpret end user requests. Who can request, who should authorize changes? What entitlements are appropriate for each user? The problems increase as scope grows from internal to external.

2012 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

Identity and Access Problems (continued)

For Security / risk / audit Orphan, dormant accounts. Too many people with privileged access. Static admin, service passwords a security risk. Weak password, password-reset processes. Inappropriate, outdated entitlements. Who owns ID X on system Y? Who approved entitlement W on system Z? Limited/unreliable audit logs in apps. For Developers Need temporary access (e.g., prod migration). Half the code in every new app is the same: Identify. Authenticate. Authorize. Audit. Manage the above.

Mistakes in this infrastructure create security holes.

Externalize IAM From Application Silos

The problem with IAM is complexity, due to silos. The obvious solution is to extract IAM functions from system and application silos. A shared infrastructure for managing users, their authentication factors and their security entitlements is the answer.

2012 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

Integrated IAM Processes

Business Processes
Hire Retire Resign Finish Contract New Application

IT Processes
Retire Application

Transfer

Fire

Start Contract

Password Expiry

Password Reset

Identity Management System

Users Passwords
Operating System Directory Application Database E-mail System ERP Legacy App Mainframe

Groups Attributes

Systems and Applications

Business Drivers for IAM

Security / controls. Reliable deactivation. Strong authentication. Appropriate security entitlements. PCI-DSS, SOX, HIPAA, EU Privacy Directive, etc. Audit user access rights. Help desk call volume. Time/effort to manage access rights. Faster onboarding. Simpler request / approvals process.

Regulatory compliance. IT support costs.

Service / SLA.

2012 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

IAM Strengthens Security

Reliable and prompt global access termination. Reliable, global answers to "Who has What?" Access change audit trails. Sound authentication prior to password resets. Security policy enforcement: strong passwords, regular password changes, change authorization processes, SoD enforcement, new user standards, etc. Regulatory compliance: HIPAA, Sarbanes-Oxley, 21CFR11, etc.

10

Cost Savings
Cost Item
Help desk cost of password resets:

Before
10,000 x 3 x $25 = $750,000 / year

After
10,000 x .6 x $13 = $78,000 / year

Savings
= $672,000 / year

New hire lost productivity

10,000 x 10% x 10 x $400 x 50% = $2M / year 10,000 x 2 x 2 x $400 x 10% = $1.6M / year

10,000 x 10% x 1 x $400 x 50% = $200,000 / year 10,000 x 2 x 1 x $400 x 10% = $800,000 / year

= $1.8M / year

Access change lost productivity

= $800,000 / year

2012 Hitachi ID Systems, Inc.. All rights reserved.

Slide Presentation

11

Elements of IAM

Identity and access management solutions may incorporate many components, from multiple vendors:
Enterprise Single Signon Password Management Privileged Access User Telephone Password Management Provisioning Reset Identity Synchronization Role Management Resource Access Requests Access Certication

ID Reconciliation Web Single Signon

System of Record Federation Strong Authentication Virtual Directory Directory

Hitachi ID Systems Partners

12

Summary
The problem with managing identities, security entitlements, passwords and related data is a business, not a technology problem: Too many business events, which impact Too many systems and applications. Technology solutions are available to address these problems: Password synchronization and reset Automated user provisioning and deactivation. Identity synchronization. Enforcement of policies using segregation-of-duties and roles. Periodic access review and cleanup (certication). Various kinds of single signon.

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:pres Date: October 2, 2012

www.Hitachi-ID.com