1 Hitachi ID Password Manager (B2C)

Managing The User Lifecycle

With The Hitachi IDManagement Suite

Password synchronization and self-service reset.

2 Agenda

• Hitachi ID corporate overview.• Hitachi IDMS overview.• Extranet password problems.• The Hitachi ID Password Manager solution.• Project TCO and ROI.• Buy vs Build.

© 2010 Hitachi ID Systems, Inc. All rights reserved. 1

Slide Presentation

3 Hitachi ID Corporate Overview

Hitachi ID is a leading provider of identityand access management solutions.

• Founded as M-Tech in 1992, acquiredby Hitachi, Ltd. in 2008.

• 840+ customers with a combined10.4M+ licensed users.

• Offices in North America and partnersoverseas.

• Approximately 140 employees.

Award: SC Magazine Best Buy for theHitachi IDMS.

4 Representative Hitachi ID Customers

© 2010 Hitachi ID Systems, Inc. All rights reserved. 2

Slide Presentation

5 Hitachi IDMS

6 Costly Customer Support

Customers log into web applications and ISPs/BSPs with an ID and password, but sometimesforget their password. When this happens:

• The customer has trouble logging in.• A call to the user support line follows.• Both the user and support organization spend time resolving the problem.

This support process is costly, especially for large numbers of users. The process also frustrates users,impacting customer retention.

© 2010 Hitachi ID Systems, Inc. All rights reserved. 3

Slide Presentation

7 Safeguarding Privacy

National and EU regulations mandate strong measures to protect user privacy, including on B2Capplications.

• In most B2C applications, confidential customer data is protected by one password per user.• Passwords may be: easily guessed, written down or shared .• Users who forget their password must prove their identity to the customer support organization

before being allowed a password reset, but this process may be weak and vulnerable to attack.

8 Hitachi ID Password Manager Reduces Password Cost of Owner-ship

Password Manager reduces the TCO of customer password systems:

• Users can reset their own forgotten passwords, using a web browser or an automated telephonecall.

• Support staff use a simple, secure and accountable web interface to quickly resolve customerpassword problems.

• The solution is available: 24x365 from anywhere.

9 Password Manager Strengthens Security

Aging: Users can be prompted to change their password regularly.

Composition: New passwords must meet rules, designed to make them hard to guess.

Authentication: Users must reliably identify themselves before they can reset their forgottenpasswords.

Accountability: All transactions are logged.

© 2010 Hitachi ID Systems, Inc. All rights reserved. 4

Slide Presentation

10 Password Manager Features

• Synchronization:Reduce the number of passwords per user.

• Self service:Enable users to resolve lockout and forgotten-password problems without calling the help desk.

• Assisted reset:Shorten help desk password calls.

• Policy enforcement:Ensure consistently strong, frequently changing passwords.Close social-engineering weaknesses at the help desk.

• Other authentication factors:PIN resets for smart cards and one-time-password tokens.Enrollment for security questions and voice biometrics.Unlock encrypted hard disks with lost/forgotten keys.

11 Network Architecture

InternetUser

InternalUser

PasswordSynchTriggerSystems

Load Balancer

SMTP or Notes Mail

IVR Server

HelpdeskTicketingSystem Authoritative

System ofRecord

Target Systemswith local agent:OS/390, Unix, older RSA

Firewall

Firewall

Firewall

TCP/IP + AES

Various Protocols

Secure Native Protocol

Remote Network

Firewall

Local Network

DMZ

Target Systemswith remote agent:AD, SQL, SAP, Notes, etc

Target SystemsEmails

Tickets

Lookup & Trigger

Native

password

change

AD, Unix,

OS/390,

LDAP,

AS400

Web

Web

Validate PW

HTTPS Private Channel

HTTPS

Phone

Hitachi IDProxy Server(s)(optional)

ReverseWeb Proxy

Hitachi IDApplicationServer(s)

© 2010 Hitachi ID Systems, Inc. All rights reserved. 5

Slide Presentation

12 Hitachi ID Password Manager Works Across Firewalls

User

Local Network

Remote Network

Firewall

Firewall

Target SystemsLoadBalancer

Firewall

TCP/IP + AES

Various Protocols

Secure Native Protocol

Hitachi IDProxy Servers

Hitachi IDManagement Suite

13 The Hitachi ID Solution is Flexible

Customize: Every aspect of the user interface

Integrate with: 113+ target system typesCall tracking systemsHR systemsAuthentication hardwareMeta directoriesIVR servers

Enforce: Password policyAuthentication rules

© 2010 Hitachi ID Systems, Inc. All rights reserved. 6

Slide Presentation

14 Supported Target Systems

Many connectors included in the base price:

Directories:Any LDAP, AD, WinNT, NDS,eDirectory, NIS/NIS+.

Servers:Windows NT, 2000, 2003,2008, Samba, Novell,SharePoint.

Databases:Oracle, Sybase, SQL Server,DB2/UDB, ODBC.

Unix:Linux, Solaris, AIX, HPUX, 24more.

Mainframes, Midrange:z/OS: RAC/F, ACF/2,TopSecret. iSeries / OS400.

HDD Encryption:McAfee, CheckPoint.

ERP:JDE, Oracle eBiz,PeopleSoft, SAP R/3, Siebel,Business Objects.

Collaboration:Lotus Notes, Exchange,GroupWise, BlackBerry ES.

Tokens, Smart Cards:RSA SecurID, SafeWord,RADIUS, ActivIdentity,Schlumberger.

WebSSO:CA Siteminder, IBM TAM,Oracle AM, RSA AccessManager.

Help Desk:BMC Remedy, BMC SDE, HPService Manager, CAUnicenter, Assyst, HEAT,Altiris, Track-It!, etc.

Cloud/SaaS:WebEx, Google Apps, SOAP.

15 Rapid Target System Integration

• Hitachi ID Password Manager easily integrates with custom, vertical and hosted applications usingflexible agents .

• Each flexible agent represents a standard process for connecting to a whole class of target systems,including:

– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.

• Typically a few hours to a few days to add an integration.• Hitachi ID can build these at fixed-cost.

© 2010 Hitachi ID Systems, Inc. All rights reserved. 7

Slide Presentation

16 Rapid Deployment and Low TCO

Optimized to minimize effort: Using Hitachi ID Password Managertechnology:

• Password management with PasswordManager:

– Initial deployment:4 to 8 weeks of effort.

– Ongoing maintenance:0.25 to 0.5 FTE.

• Built-in nightly auto-discovery of IDs,entitlements.

• Both attribute-based and self-service IDmapping.

• Automatically managed user enrollment• No requirement for client software.• 113 connectors out of the box.• Rapid integration with custom, vertical

apps.• Easy customization of GUI, business

logic.

17 User Enrollment / Roll-out Process

• If no new data is needed from users, there will be no enrollment.• Hitachi ID Password Manager automatically identifies users who need to enroll. It limits the total

number of registration requests per day and the frequency of requests per user.• Users are notified by e-mail or a popup Web browser launched during their network login script and

asked to register.• Users enroll by filling in the blanks on a handful of sequential Web forms on the Password Manager

server.

18 Deployment Services

Turn-key deployments are recommended, to ensure a rapid return on investment:

• A typical B2C Hitachi ID Password Manager deployment takes just 2 weeks.• Deployments can be carried out remotely, using VPN and remote control software.• Deployments do not interrupt service.

© 2010 Hitachi ID Systems, Inc. All rights reserved. 8

Slide Presentation

19 Project TCO and ROI

Hitachi ID Password Manager deployment normally pays for itself in 2-3 months:

• Cost of the problem: $10 - $20 per user annually.• Password Manager deployment cost: - Hardware: $6,000

- Software license: less than $1/user- Professional services (turnkey): $18,000- Ongoing software support: less than 1/4 FTE- Software maintenance: 20% of license/year

20 Buy vs. Build

Purchasing Hitachi ID Password Manager is more cost effective than developing a home-grownsolution:

• Benefits can be realized immediately – ROI in less time than completing development.• No ongoing software maintenance work.• Password Manager is a high-quality, commercial-grade, robust and secure product. This degree of

quality control is costly to reproduce and maintain.

21 Summary

• Password management is a costly problem.• Hitachi ID Password Manager is a simple, targetted and secure solution to the password

management problems of support cost, customer satisfaction and privacy .• Deployment can be completed in 2-3 weeks, and return on investment can be realized in 2-3 months.

Find out more at Password-Manager.Hitachi-ID.com.

www.Hitachi-ID.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

File: PRCS:presDate: June 16, 2010