Introduction to Identity Management

1 Introduction to Identity Management Managing the User Lifecycle Across On-Premises and Cloud-Hosted ApplicationsAn overview of business drivers and technology solutions.2 Identity and Access Needs are Ever-ChangingDigital identities require frequent updates to Complexity creates delay and reliabilityreflect business changes: problems:• Who? (Types of users): • Productivity: Employees, contractors, vendors, Slow onboarding, change fulfillment. partners, customers. • Cost:• Why? (Business events): Many FTEs needed to implement security Hire, move, change job function, changes. terminate. • Security:• What? (Change types:) Unreliable access termination, Create/move/disable/delete user, update inappropriate user entitlements. Enforce identity data and entitlements, reset SoD policies. passwords. • Accountability:• Where? (Applications:) Who has access to what? How/when did AD, Exchange, Notes, ERP, Linux/Unix, they get it? database, mainframe, physical assets. © 2015 Hitachi ID Systems, Inc. All rights reserved. 1

Slide Presentation3 IAM in Silos In most organizations, many processes affect many applications. This many-to-many relationship creates complexity:4 Identity and Access ProblemsFor users For IT support • How to request a change? • Onboarding, deactivation across many • Who must approve the change? apps is challenging. • When will the change be completed? • Too many passwords. • More apps all the time! • Too many login prompts. • What data is trustworthy and what is obsolete? • Not notified of new-hires/terminations on time. • Hard to interpret end user requests. • Who can request, who should authorize changes? • What entitlements are appropriate for each user? • The problems increase as scope grows from internal to external. © 2015 Hitachi ID Systems, Inc. All rights reserved. 2

Slide Presentation5 Identity and Access Problems (continued)For Security / risk / audit For Developers • Orphan, dormant accounts. • Need temporary access (e.g., prod • Too many people with privileged access. migration). • Static admin, service passwords a • Half the code in every new app is the security risk. same: • Weak password, password-reset – Identify. processes. – Authenticate. • Inappropriate, outdated entitlements. – Authorize. • Who owns ID X on system Y? – Audit. • Who approved entitlement W on system – Manage the above. Z? • Mistakes in this infrastructure create • Limited/unreliable audit logs in apps. security holes.6 Externalize IAM From Application Silos • The problem with IAM is complexity, due to silos. • The obvious solution is to extract IAM functions from system and application silos. • A shared infrastructure for managing users, their authentication factors and their security entitlements is the answer.© 2015 Hitachi ID Systems, Inc. All rights reserved. 3

Slide Presentation7 Integrated IAM ProcessesBusiness Processes IT ProcessesHire Retire Resign Finish Contract New Application Retire Application Password Expiry Password ResetTransfer Fire Start Contract Identity and Access Management SystemOperating Directory Application Database E-mail ERP Legacy Users System System App Passwords Mainframe Groups AttributesSystems and Applications8 Business Drivers for IAMSecurity / controls. • Reliable deactivation. • Strong authentication.Regulatory • Appropriate security entitlements.compliance.IT support costs. • PCI-DSS, SOX, HIPAA, EU Privacy Directive, etc. • Audit user access rights.Service / SLA. • Help desk call volume. • Time/effort to manage access rights. • Faster onboarding. • Simpler request / approvals process. • Reduce burden of too many login prompts and passwords. © 2015 Hitachi ID Systems, Inc. All rights reserved. 4

Slide Presentation9 IAM Strengthens Security • Reliable and prompt global access termination. • Reliable, global answers to \"Who has What?\" • Access change audit trails. • Sound authentication prior to password resets. • Security policy enforcement: strong passwords, regular password changes, change authorization processes, SoD enforcement, new user standards, etc. • Regulatory compliance: HIPAA, Sarbanes-Oxley, 21CFR11, etc.10 Cost SavingsCost Item Before After SavingsHelp desk cost of 10,000 x 3 x $25 10,000 x .6 x $13 = $672,000 / yearpassword resets: = $750,000 / year = $78,000 / yearNew hire lost 10,000 x 10% x 10 x 10,000 x 10% x 1 x = $1.8M / yearproductivity $400 x 50% $400 x 50% = $2M / year = $200,000 / yearAccess changelost productivity 10,000 x 2 x 2 x 10,000 x 2 x 1 x = $800,000 / year $400 x 10% $400 x 10% = $1.6M / year = $800,000 / year © 2015 Hitachi ID Systems, Inc. All rights reserved. 5

Slide Presentation11 Elements of IAMIdentity and accessmanagement solutionsmay incorporate manycomponents, frommultiple vendors: Privileged Telephone Access User Identity Password Management Provisioning SynchronizationEnterprise Reset Role ManagementSingle ResourceSignon Access Password RequestsManagement ID AccessReconciliation Certification Web Virtual System ofSingle Directory RecordSignon Directory Federation Strong Authentication Hitachi ID Systems Partners12 Summary • The problem with managing identities, security entitlements, passwords and related data is a business, not a technology problem: – Too many business events, which impact – Too many systems and applications. • Technology solutions are available to address these problems: – Password synchronization and reset – Automated user provisioning and deactivation. – Identity synchronization. – Enforcement of policies using segregation-of-duties and roles. – Periodic access review and cleanup (certification). – Various kinds of single signon.500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected] w.Hitachi-ID.com Date: May 22, 2015 File: PRCS:pres