1 Hitachi ID Collaboration

Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications

Introduction to Hitachi ID solutions, existing integrations and roadmap.

| 2014-03-10

2 Hitachi ID overview

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 1

Slide Presentation

2.1 Hitachi ID Corporate Overview

Hitachi ID delivers access governanceand identity administration solutionsto organizations globally.Hitachi ID solutions are used by Fortune 500companies to secure access to systemsin the enterprise and in the cloud.

• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 1100 customers.• More than 14M+ licensed users.• Offices in North America, Europe and

APAC.• Partners globally.

2.2 Representative Customers

3 Customer business drivers

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 2

Slide Presentation

3.1 The User Lifecycle

At a high level, the userlifecycle is essentiallythe same in allorganizations andacross all platforms.

3.2 IAM in Silos

In most organizations, many processes affect many applications.This many-to-many relationship creates complexity:

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 3

Slide Presentation

3.3 Identity and Access Problems

For users For IT support

• How to request a change?• Who must approve the change?• When will the change be completed?• Too many passwords.• Too many login prompts.

• Onboarding, deactivation across manyapps is challenging.

• More apps all the time!• What data is trustworthy and what is

obsolete?• Not notified of new-hires/terminations on

time.• Hard to interpret end user requests.• Who can request, who should authorize

changes?• What entitlements are appropriate for

each user?• The problems increase as scope grows

from internal to external.

3.4 Identity and Access Problems (continued)

For Security / risk / audit For Developers

• Orphan, dormant accounts.• Too many people with privileged access.• Static admin, service passwords a

security risk.• Weak password, password-reset

processes.• Inappropriate, outdated entitlements.• Who owns ID X on system Y?• Who approved entitlement W on system

Z?• Limited/unreliable audit logs in apps.

• Need temporary access (e.g., prodmigration).

• Half the code in every new app is thesame:

– Identify.– Authenticate.– Authorize.– Audit.– Manage the above.

• Mistakes in this infrastructure createsecurity holes.

3.5 Business Drivers for IAM

Security / controls. • Reliable deactivation.• Strong authentication.• Appropriate security entitlements.

Regulatorycompliance.

• PCI-DSS, SOX, HIPAA, EU Privacy Directive, etc.• Audit user access rights.

IT support costs. • Help desk call volume.• Time/effort to manage access rights.

Service / SLA. • Faster onboarding.• Simpler request / approvals process.

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 4

Slide Presentation

3.6 IAM is Linked to Regulations

• Many regulations, in many jurisdictions, call for internal controls:

– This implies effective AAA: Authentication, Authorization and Audit.

• Every system already has AAA.

– The weakness is bad user/access data.

• The missing link is business process:

– Appropriate access rights.– Timely access termination.– Effective authentication.

• Identity and access management process and technology are needed to bridge the gap betweenbusiness requirements and AAA infrastructure.

4 Hitachi ID value proposition

4.1 Integrated IAM Processes

Business Processes IT Processes

Hire Retire New Application Retire ApplicationResign Finish Contract

Systems and Applications

Users

Passwords

Groups

Attributes

OperatingSystem

Directory Application Database E-mailSystem

ERP LegacyApp

Mainframe

Transfer Fire Start Contract Password Expiry Password Reset

Identity Management System

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 5

Slide Presentation

4.2 IDM Suite

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 6

Slide Presentation

4.3 HiIM Features

Automation:

• Provision joiners, deactivate leavers.• Multiple HR feeds.

Requests portal:

• Self-service profile updates.• Delegated security change requests.

Security controls:

• Access certification.• RBAC and SoD.• Reports on current entitlements, history.

Workflow process:

• Authorizers.• Implementers.• Certifiers.

Integrations:

• 110+ bidirectional connectors, included.• Incident management, SIEM, e-mail interfaces.• Manage building access, physical assets.

Identity synchronization:

• Consistent data among apps.

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 7

Slide Presentation

4.4 HiPM Features

Password synch:

• Reduce the number of passwords per user.

Self service:

• Password reset.• Clear lockout.• Smart card PIN reset.• Token PIN reset.• HDD key recovery.

Access from:

• PC browser or login screen.• At the office or remote.• Smart phone or voice call.

Assisted service:

• Password, token PIN, intruder lockout.

Policy enforcement:

• Password complexity, expiry, history.• Non-password authentication.

Managed enrollment:

• Security questions.• Login IDs.• Mobile phone numbers.

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 8

Slide Presentation

4.5 HiPAM Features

Auto-discovery:

• Find systems, accounts.• Attach policy.

Random passwords:

• Default is daily.

Secure storage:

• Replicated (with fault tolerance/queue).• Encrypted.• Geographically distributed.

Access controls:

• Policy: who can sign into which account?

Workflow controls:

• One time request/approval/login.

Single sign-on:

• Launch SSH, RDP, vSphere, SQL, etc.• Alternately: display password, temporary group membership,

temporary SSH trust/SUDO rights.

Application passwords:

• Notify SCM, IIS, Scheduler, DCOM of new passwords.• API to eliminate embedded passwords.

Logging:

• Requests, approvals, logins to privileged accounts.

Session monitoring:

• Screen, keyboard, webcam, process ID, window title, etc.

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 9

Slide Presentation

4.6 Competitive Advantages

Unique features Rapid deployment

• "Provisioning" and "governance" in oneproduct.

• Access, authorization built aroundrelationships.

• Self-service from any device, anylocation.

• Users can request resources, not groups.• SoD engine detects "effective" violations.

• Key features built-in, not custom:

– Request forms.– Authorization workflow.– Access certification.– Auto-discovery.– Reports.

• A product, not a devel. environment.

Scalable platform Integrations

• Real-time data replication.• Multi-master architecture.• Proxy server to cross firewalls.• Stored procedures, native code for speed.

• 110+ included connectors.• Flexible connectors.• Built-in implementers workflow.• Incident management, SIEM, etc.

5 Technology

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 10

Slide Presentation

5.1 Included Connectors

Many integrations to target systems included in the base price:

Directories:Any LDAP, AD, WinNT, NDS,eDirectory, NIS/NIS+.

Servers:Windows NT, 2000, 2003,2008, 2008R2, 2012, Samba,Novell, SharePoint.

Databases:Oracle, Sybase, SQL Server,DB2/UDB, Informix, ODBC,Oracle Hyperion EPM SharedServices, Cache.

Unix:Linux, Solaris, AIX, HPUX, 24more variants.

Mainframes, Midrange:z/OS: RACF, ACF2,TopSecret. iSeries,OpenVMS.

HDD Encryption:McAfee, CheckPoint,BitLocker, PGP.

ERP:JDE, Oracle eBiz,PeopleSoft, PeopleSoft HR,SAP R/3 and ECC 6, Siebel,Business Objects.

Collaboration:Lotus Notes, iNotes,Exchange, GroupWise,BlackBerry ES.

Tokens, Smart Cards:RSA SecurID, SafeWord,RADIUS, ActivIdentity,Schlumberger.

WebSSO:CA Siteminder, IBM TAM,Oracle AM, RSA AccessManager.

Help Desk:ServiceNow, BMC Remedy,SDE, HP SM, CA Unicenter,Assyst, HEAT, Altiris, Clarify,RSA Envision, Track-It!, MSSystem Center ServiceManager

Cloud/SaaS:WebEx, Google Apps, MSOffice 365, Success Factors,Salesforce.com, SOAP(generic).

5.2 Rapid Integration with Custom Apps

• IDM Suite easily integrates with custom, vertical and hosted applications using flexible agents .• Each flexible agent connects to a class of applications:

– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.

• Integration takes a few hours to a few days.• Fixed cost service available from Hitachi ID.

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 11

Slide Presentation

5.3 Multi-Master Architecture

Hitachi ID

Application Server(s)

TCP/IP + AES

Various Protocols

Secure Native Protocol

HTTPS

Remote Data Center

Remote Data CenterLocal Network

Emails

Tickets

Lookup & Trigger

Native

password

change

AD, Unix,

OS/390,

LDAP,

AS400

Validate PW

Web Services

SQLDB

SQLDB

Cloud-hosted,

SaaS apps

IVRServer

VPNServer

Reverse

Web

ProxyPassword Synch Trigger S

ystems

Firewall

Firewall

SMTP or

Notes Mail

Incident

Mgmt

System

System of

Record

Target

Systems

Proxy Server

(if needed)

SQL/

Oracle

Load

BalancerTarget Systems with local agent:

OS/390, Unix, older RSA

Target Systems with remote agent:

AD, SQL, SAP, Notes, etc

5.4 Corporate reference build: details

• Integrations:

– SQL-based HR SoR.– AD domain– Exchange domain (mailboxes)– Windows filesystem (homedirs)

• Entitlements:

– Login IDs.– Group memberships.– Roles.

• User communities:

– Employees.– Contractors/other.

• Configuration:

– Based on user classes, rules tablesand lookup tables.

– Near-zero script logic.

• Automation:

– Onboard/deactivate based on SoR.– Identity attribute propagation.

• Self-service:

– Password, security questionmanagement.

– Update to contact info.– Request for application, share, folder

access.

• Delegated admin:

– Same as self-service, plus recert.

• Approval workflows:

– IT security (global rights).– HR/managers (approve for

each-other).

• Recertification:

– Scheduled.– Ad-hoc.

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 12

Slide Presentation

6 HDS integrations

6.1 Existing

• Hitachi ID Privileged Access Manager can secure and mediate access to:

– HiCommand.– HiTrack.– Storage Navigator Modular.

• HiPAM can store captured video from administrator login sessions on HCP.• Systems such as HCP/Anywhere authenticate users to an Active Directory domain:

– Hitachi ID Password Manager and Hitachi ID Identity Manager can help organizations manageusers, entitlements and passwords on AD.

– Enrollment, deactivation, password reset, etc.

6.2 Proposed

HDS and Hitachi ID are collaborating on a number of new integrations.

• General (apply to multiple HDS products):

– Hitachi ID Password Manager to provide strong authentication for HDS product logins.– Examples: smart card, token, SMS/PIN.

• HCP Anywhere:

– Hitachi ID Privileged Access Manager to manage encryption keys for endpoints.– Hitachi ID Group Manager to enable one user to request access to another’s documents.

• UCP Pro:

– HiPAM to suspend/resume managed VMs.– Improve operating efficiency of UCP Pro (fewer VMs running at a time).– Better vSphere management than EMC can offer.

7 Collaboration

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 13

Slide Presentation

7.1 Stronger customer relationship

Engage customers in a broader, deeper conversation:

• Before: Storage .• Now: Platform :

– Storage.– + Cloud and mobile (HCP/Anywhere).– + Compute and network (UCP Pro).– + Security and access control (Hitachi ID).

• Better positioned to compete with EMC, IBM who have platform solutions and IAG.• Improve HDS status as a trusted advisor across the data center.

7.2 Pre-sales

• Hitachi ID will help HDS reps identify opportunities:

– IAM project?– Retiring Sun/Waveset, BMC/Control-SA, Novell?– Audit findings around authentication, access governance, privileged accounts?– High help desk call volume?– Portal project (customers/partners need IDs)?

• Invite Hitachi ID sales team to help qualify and close the deal:

– HDS not expected to be IAM experts.– The HDS AM owns the account.– Delegate detailed work to Hitachi ID:

* Presentations.* RFx responses.* Demos and POCs.

7.3 Pre-sales process

• Register the lead.• Hitachi ID overlay team drives the entirety of the sales cycle.• Lots of material at hitachi-id.com.

7.4 Pricing, quotas, contracts

• HDS reps will be fully compensated on every deal.• We are working on getting Hitachi ID solutions into the HDS price list with some form of quota relief.• EULA will be between Hitachi ID and the end customer.

7.5 Post-sales process

• Customers call Hitachi ID for support, services.• Maintenance contracts entitle customers to unlimited incidents and version upgrades.• Hitachi ID offers services directly and increasingly through a network of integrator partners.• Hitachi ID customer support is industry leading!

– Customers love the depth of expertise they can access with a simple phone call.

© 2014 Hitachi ID Systems, Inc.. All rights reserved. 14

Slide Presentation

8 Discussion

www.Hitachi-ID.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

File: PRCS:presDate: March 24, 2014