1 Service Desk Express and Hitachi ID Password Manager (P-Synch)

Managing The User Lifecycle

With The Hitachi IDManagement Suite

MANAGEprofiles and rights

MANAGEprofiles and rights

SUP

PO

RT

acc

ess

pro

ble

ms

SUP

PO

RT

acc

ess

pro

ble

ms

TERMINATEaccess rights

TERMINATEaccess rights

HIR

Ee

mp

loy

ee

s co

ntr

act

ors

HIR

Ee

mp

loy

ee

s co

ntr

act

ors

User Lifecycle

Increasing the value proposition for help desk organizations.

Colin Duffy, Account Manager | Pierre Plante, NA Sales Manager | Scott Delaney, ManagerProfessional Services | 2009-07-22

2 Hitachi ID / BMC Partnership

© 2009 Hitachi ID Systems, Inc. All rights reserved. 1

Slide Presentation

2.1 Hitachi ID Corporate Overview

Hitachi ID is a leading provider of identitymanagement solutions.

• Founded in 1992, acquired by Hitachi,Ltd. in 2008.

• 780+ customers with a combined9.8M+ licensed users.

• Offices in North America and partnersoverseas.

• Approximately 140 employees.

Award: SC Magazine Best Buy for theHitachi IDMS.

2.2 Hitachi ID Value Proposition

© 2009 Hitachi ID Systems, Inc. All rights reserved. 2

Slide Presentation

2.3 Hitachi ID Advantages

2.4 Representative Hitachi ID Customers

3 Value Proposition

© 2009 Hitachi ID Systems, Inc. All rights reserved. 3

Slide Presentation

3.1 Help Desk Stats: Passwords

Problem Solution

• Gartner estimates that 30% of typical ITsupport call volume is password resets.(G00158133 2008-06-02).

• Typical direct costs are $3 to $18/incident,plus lost user productivity.

• Password Manager eliminates most ofthis cost:

• Synchronization:Eliminates 60% to 90% of incidents.

• Self service:Resolve 60% of help desk calls.

• Assisted reset:Reduce call duration to about 1minute/call.

3.2 Problem: Too Many Passwords

Every login account has its own: Password complexity creates businessproblems:

• Password value.• User interface.• Strength rules.• Expiration date.

• High call volume :Users forget or lock out their passwords.This can be 30% of help desk workload.

• Sticky notes :Users write down their passwords andmay leave them in public view.

• Bad passwords :Users choose simple, easily guessedpasswords.

3.3 Password Management: Functional Overview

Problem:

Users have too manypasswords.

Users still forget theirpasswords.

Users don’t want tochange passwords.

Users prefer to reusesimple passwords.

Global password policy,history.

Q&A has the right pricepoint - but we don’t have any data.

Manage a Q&A enrollmentprogram.

Password expiry,early warnings.

Need to authenticateusers with out a password.

Tokens, voice prints,personal Q&A data.

Self-service passwordreset.

Users are locked out ofWindows.

GINA Service,Secure Kiosk Account,Telephony access.

Synchronize them. Users still have to typetheir password intoevery app.

Auto-populate thesynchronized password.

START

Solution: Problem: Solution:

Problem: Solution: Problem: Solution:

Problem: Solution: Problem: Solution:

Problem: Solution: Problem: Solution:

© 2009 Hitachi ID Systems, Inc. All rights reserved. 4

Slide Presentation

3.4 Password Manager Benefits

Feature Impact Benefit

Password synchronization Solve the problem at itssource:Fewer passwords toremember.

Cost, Service:Fewer help desk calls.Improved user service.

Self-serve password reset Divert problem resolution:Self-service fix for loginproblems.

Cost:Fewer help desk calls.

Assisted password reset Shorten time to resolve issues:Help desk interface to helpusers over the phone.

Cost:Shorten help desk calls.

Policy enforcement Users must choose strongpasswords.

Security:Prevent password guessingattacks.

Password expiration All passwords changeregularly.

Security:Short time window forintruders.

3.5 The 50/50/50 Rule

A simple rule that illustrates cost savings from each Password Manager feature:

Feature ImpactNet help deskworkload reduction

Password synch: Eliminates 50% of problems. 50%

Self-service reset: Reduces call volume by 50%. 75%

Assisted reset: Shortens call duration by50%.

87.5%

Scenario ImpactNet workloadreduction

Conservative estimate: 50/50/50 87.5%

Optimized deployment: 80/60/60 96%

SSPR only, no synch.: 0/60/60 80%

4 Technology Details

© 2009 Hitachi ID Systems, Inc. All rights reserved. 5

Slide Presentation

4.1 Supported Target Systems

Password Manager ships with many built-in connectors, including:

Directories:LDAP (any), NT domain, AD,NDS, eDirectory, NIS(+).

Individual servers:WinNT, Win2K, Win2K3,OS/2, Samba, NetWare.

Databases:Oracle, Sybase, SQL Server,DB2/UDB, Informix, Cache,Essbase, ODBC.

Unix:Compaq, DG, FreeBSD, HP,IBM, Linux, NCR, SCO, SGI,Sun, Unisys.

Mainframes:VM/ESA, MVS, OS/390,z/OS, BS2000.

Midrange:OS/400, OpenVMS.

Applications:JD Edwards, OracleApplications, PeopleSoft,SAP R/3, Siebel, BusinessObjects.

Collaboration:Lotus Notes, MS Exchange,GroupWise, BlackBerry,OpenMail.

Networking:RSA SecurID, SafeWord,RADIUS.

4.2 Access from Login Prompt

Problem Solution

Users who forget their network passwordcannot launch a Web browser to access the selfservice password reset application.

• Secure Kiosk Account (SKA): access toSSPR without client software ("guest"account).

• GINA service: access to SSPR from UIextension – no GINA DLL.

• Hitachi ID Phone Password Manager(ID-Telephony): turn-key telephoneaccess to SSPR.

• Temporary VPN: access to SSPR fromoutside the corporate network.

© 2009 Hitachi ID Systems, Inc. All rights reserved. 6

Slide Presentation

4.3 Integration with SDE

Password Manager ships with a pre-built integrations to SDE:

• Automatically create, update and close SDE incidents, in response to events that happen on thePassword Manager server.

• Flexible scripting language specifies when to write incidents and how to populate them.• Automatically updated incidents support a single point for reporting on key metrics such as:

– Successful/failed password resets.– Authentication problems, lockouts.– Self-service vs. assisted service.

• SDE can be extended with a button that launches a UI into Password Manager and pre-populates:

– The identity of the help desk analyst.– The identity of the caller.– The incident number.

• Password Manager can manage users and their passwords on SDE.

5 Market Differentiators

© 2009 Hitachi ID Systems, Inc. All rights reserved. 7

Slide Presentation

5.1 Why Hitachi ID?

Password Manager is not the only password management product on the market. Here are somereasons to choose it over competitors:

Lower Cost • Competitive license fees.• Deployment in 1–2 weeks.• Maintenance: about 1/4 FTE.

Lower Risk • Hitachi ID offers fixed-pricedeployments.

• Experience with 780 deploymentsmeans we’ve seen every weird problembefore.

Foundation for IDM • Customers get their feet wet beforediving into full IDM.

• Early ROI, early confidence.• Shared connectors, user profile

database.

Embedded in SDE • SSO and Password Managementembedded in SDE.

• Simple upgrade for existing customers.• Add-on solution for prospective

customers.• Bundled pricing with SDE.

© 2009 Hitachi ID Systems, Inc. All rights reserved. 8

Slide Presentation

5.2 Password Manager Cool Features

Problem Feature Why it’s cool

Cached credentials ActiveX control to refreshcache

Do not trigger intruder lockoutsafter a routine PW change.

Locked out users GINA Service Access SSPR from WindowsXP login screen withoutinstalling a (fragile, dangerous)GINA DLL.

Locked out users Secure Kiosk Account Access SSPR from WindowsXP login screen withoutinstalling any client software atall.

Off-site, locked out users GINA Service + TemporaryVPN

Access SSPR from loginscreen over a temporary VPN– addresses lowfrequency/high cost incidents.

Users forget their passwordanyways

Scheduled password expiry Avoid PW changes on Fridays,afternoons.

There is no pre-existingQ&A data

Managed enrollment Personalized invitations.Limited daily volume,frequency per user.

5.3 Password Manager "Hard" Target Systems

Problem Feature Why it’s cool

PIN resets Reset PINs on smart cards,tokens

Much more complextechnology than passwords.

Notes, PKI passwords Reset passwords used toencrypt cryptographiccertificates

How do you reset a passwordthat was used to encrypt 3copies of a cryptographiccertificate, stored on 2 PCsand a USB flash drive?

HDD key recovery Recovery forgotten HDDencryption keys

Users who cannot decrypttheir HDD cannot work.

5.4 Other Offerings

• BMC is currently sourcing Password Manager and Hitachi ID Login Manager (P-Synch/SSO) fromHitachi ID.

– Password Manager: synchronize, reset passwords.– Login Manager: automatically sign users into their apps.

• Other products that IT support or data center managers may be interested in:

– Hitachi ID Privileged Password Manager (ID-Archive): secure administrator passwords.– Hitachi ID Group Manager (ID-Access): self-service management of AD groups.

© 2009 Hitachi ID Systems, Inc. All rights reserved. 9

Slide Presentation

6 Animated Demo6.1 SSPR Integrated with BMC SDE

Animation: ../pics/camtasia/bmc-psynch-demo-sde/psynch-ad-sspr-sde-ticket.cam

7 Discussion

www.Hitachi-ID.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

File: PRCS:presDate: July 14, 2009