Scribd Logo
Upload

Welcome to Scribd!

  • Hitachi ID Access Certifier

    Uploaded by

    HitachiID
    32 views7 pages
    Hitachi ID Access Certifier Overview. See more at: http://hitachi-id.com/documents/

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Hitachi ID Access Certifier Overview. See more at: http://hitachi-id.com/documents/

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views7 pages

    Hitachi ID Access Certifier

    Uploaded by

    HitachiID
    Hitachi ID Access Certifier Overview. See more at: http://hitachi-id.com/documents/

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    1 HiAC

    Managing the User Lifecycle


    Across On-Premises and
    Cloud-Hosted Applications

    Periodic review and cleanup of security entitlements.

    2 Agenda
    Hitachi ID corporate overview.
    Hitachi ID Suite overview.
    The regulatory environment.
    The HiAC solution.

    2016 Hitachi ID Systems, Inc. All rights reserved. 1


    Slide Presentation

    3 Hitachi ID corporate overview

    Hitachi ID delivers access governance


    and identity administration solutions
    to organizations globally.
    Hitachi ID solutions are used by Fortune 500
    companies to secure access to systems
    in the enterprise and in the cloud.
    Founded as M-Tech in 1992.
    A division of Hitachi, Ltd. since 2008.
    Over 1200 customers.
    More than 14M+ licensed users.
    Offices in North America, Europe and
    APAC.
    Global partner network.

    2016 Hitachi ID Systems, Inc. All rights reserved. 2


    Slide Presentation

    4 Representative customers

    5 Hitachi ID Suite

    2016 Hitachi ID Systems, Inc. All rights reserved. 3


    Slide Presentation

    6 Regulatory environment
    Legislation requiring effective corporate governance and privacy protection impacts organizations
    world-wide.

    Sarbanes-Oxley Requires that publicly traded companies comply with the proper reporting
    of financial information and control access to this information.
    SAS 70 Allows service organizations to disclose their control activities and
    processes to their customers and their customers auditors in a uniform
    reporting format.
    HIPAA The Health Insurance Portability and Accountability Act of 1996.
    21CFR11 Electronic signature and system protection regulations by the FDA.
    GLB Applies to financial institutions and securities firms, aimed at protecting the
    privacy of customer data.
    PIPEDA The Canadian Personal Information Protection and Electronics Document
    Act.
    2002/58/EC European Union Privacy Protection Directive.

    These regulations call for better internal controls and a policy of least-privilege.

    7 IAM is linked to regulations


    Many regulations, in many jurisdictions, call for internal controls:
    This implies effective AAA: Authentication, Authorization and Audit.
    Every system already has AAA.
    The weakness is bad user/access data.
    The missing link is business process:
    Appropriate access rights.
    Timely access termination.
    Effective authentication.
    Identity and access management process and technology are needed to bridge the gap between
    business requirements and AAA infrastructure.

    2016 Hitachi ID Systems, Inc. All rights reserved. 4


    Slide Presentation

    8 Compliance architecture
    Shared architecture to meet regulatory requirements:
    Externalize administration and governance of identities and entitlements.
    User-centric, not application-centric processes.

    Authentication Authorization Audit Infrastructure


    Password Automatic ID mapping. Perimeter
    management. deactivation. Access defense.
    Federation. SoD policy certification, Anti-malware.
    Multi-factor enforcement. remediation. DLP.
    login. Request forms, Analytics SIEM.
    Privileged approvals reports.
    access workflow.
    management.

    9 Users accumulate access rights


    Over time, users change With each transition, users accumulate
    roles/responsibilities: entitlements:
    Users change jobs, departments and From what? There is no record of every
    locations. right a user had before, so old rights are
    There are many users, each with access not removed.
    to many systems. To what? Without a role model, it is
    impossible to say which of a users old
    rights should stay and which should go.
    When? A reassigned user may back up
    his replacement for a while, so must retain
    old rights for an undefined period of time.

    2016 Hitachi ID Systems, Inc. All rights reserved. 5


    Slide Presentation

    10 Access certification
    HiAC automates periodic review and cleanup of entitlements:
    Leverages org-chart data.
    Delegates access review, cleanup and certification to managers.
    Automated e-mail reminders to managers and other stake-holders.
    Stake-holders review entitlements on a web form.
    Entitlements are either certified or flagged for removal.
    Stake-holders must sign off on completed reviews.

    11 HiAC features
    HiAC automates periodic review and cleanup of user entitlements:
    Capture:
    Auto-discovery creates a clear picture of the actual state of user entitlements across the
    enterprise.
    Leverage org-chart:
    Management relationships can be used to structure a certification round. Allows delegation
    of access review, cleanup and certification to managers.
    Notify:

    Automated e-mail reminders to managers, app owners and other stake-holders.


    Certify:
    Entitlements are either certified or flagged for removal.
    Sign off:

    Stake-holders must sign off on completed reviews.


    Action:
    Upon approval (if required), the offending entitlements are automatically removed and the
    user is brought back into compliance.
    Report:
    Full reports to satisfy audit requests are available.

    2016 Hitachi ID Systems, Inc. All rights reserved. 6


    Slide Presentation

    12 Accountability Up the Org Chart


    Managers cannot sign off until all subordinate managers have signed off.
    Creates a chain of accountability, flowing up the org-chart.
    Managers are blocked from sign-off until their subordinate managers finish their own reviews.
    Creates downward pressure throughout the organization to complete the review process.
    Effective, low cost manager motivation.

    13 Unique capabilities of HiAC

    Executive When the CEO or CFO signs off, they are assured that the process has been
    Assurance completed globally. They can then attest to this aspect of internal controls in a
    SOX compliance statement.
    Proactive Managers are automatically asked to review the rights of their subordinates.
    Non-response triggers reminders and escalation.
    Full coverage Management pressure down the org-chart ensures that the process is actually
    completed globally.
    Rapid The only requirement is org-chart data. No role definition or user classification.
    deployment

    14 Summary
    HiAC gives CFOs and CEOs assurance of compliance with privacy and governance regulations:
    Internal controls require clean data about users.
    Improve security by finding and removing orphan and dormant accounts.
    Eliminate unneeded login IDs and security rights left over after users changed jobs.
    Actively engage all managers in a periodic review process.
    Motivate managers to complete the process.
    This is accomplished quickly, without resorting to role engineering.
    Learn more at Hitachi-ID.com.
    ... or ... E-mail access-certifier@Hitachi-ID.com

    500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

    www.Hitachi-ID.com Date: July 20, 2016 File: PRCS:pres

    You might also like