SlideShare a Scribd company logo

Hitachi ID Privileged Access Manager: Randomize and control disclosure of privileged passwords

Hitachi ID Systems, Inc.
Hitachi ID Systems, Inc.

Hitachi ID Privileged Access Manager: Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications. Securing access to administrator, embedded and service accounts. http://hitachi-id.com/

TechnologyBusiness
1 of 14
Download to read offline
1 Hitachi ID Privileged Access Manager Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Securing access to administrator, embedded and service accounts. 2 Agenda • Hitachi ID corporate overview. • ID Management Suite overview. • Securing administrative passwords with Hitachi ID Privileged Access Manager. • Animated demonstration. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
Slide Presentation 3 Hitachi ID Corporate Overview Hitachi ID is a leading provider of identity and access management solutions. • Founded as M-Tech in 1992. • A division of Hitachi, Ltd. since 2008. • Over 900 customers. • More than 11M+ licensed users. • Offices in North America, Europe and APAC. • Partners globally. 4 Representative Hitachi ID Customers © 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
Slide Presentation 5 ID Management Suite 6 Securing Privileged Accounts Thousands of IT assets: Who has the keys to the kingdom? • Servers, network devices, databases and • Every IT asset has sensitive passwords: applications: – Administrator passwords: – Numerous. Used to manage each system. – High value. – Service passwords: – Heterogeneous. Provide security context to service • Workstations: programs. – Application: – Mobile – dynamic IPs. Allows one application to connect to – Powered on or off. another. – Direct-attached or firewalled. • Do these passwords ever change? • Who knows these passwords? (ex-staff?) • Audit: who did what? © 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
Slide Presentation 7 Project Drivers Organizations need to secure their most sensitive passwords: Compliance: • Pass regulatory audits. • Compliance should be sustainable. Security: • Eliminate static passwords on sensitive accounts. • Create accountability for admin work. Cost: • Efficient process to regularly change privileged passwords. • Simple and effective deactivation for former administrators. Flexibility: • Grant temporary admin access. • Emergencies, production migrations, workload peaks, etc. 8 Participants in PAM Hitachi ID Privileged Access Manager works by randomizing privileged passwords and connecting people and programs to privileged accounts as needed: Privileged Get new, random passwords daily or at the desired frequency. accounts IT Users Must sign into HiPAM when they need to sign into administrator accounts. Services Are automatically updated with new passwords values. Applications Use the HiPAM API instead of embedded passwords. Security Define policies regarding who can connect to which privileged account. officers Auditors Monitor access requests and privileged login sessions. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
Slide Presentation 9 HiPAM Impact Feature Impact Benefit Randomize passwords daily Eliminate static, shared Disconnect former IT staff. passwords. Controlled disclosure Control who can see The right users and programs passwords. can access privileged accounts, others cannot. Logging & Reporting Monitor password disclosure. Accountability. Faster troubleshooting. Encryption Secure passwords in storage Physical compromise does not and transit. expose passwords. Replication Passwords stored on multiple Survive server crashes and site servers, in different sites. disasters. 10 Understand and Manage the Risks A privileged access management (PAM) system becomes the sole repository of the most important credentials. Risk Description Mitigation Disclosure • Compromised vault • Encrypted vault. → security disaster. • Strong authentication. • Flexible authorization. Data Loss • Destroyed vault • Replicate the vault. → IT disaster. Non-availability • Offline vault • One vault in each of 2+ sites. → IT service interruption. Customers must test failure conditions before purchase! © 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
Slide Presentation 11 Randomizing Passwords Push • Periodically (e.g., between 3AM and 4AM). random passwords to • When users check passwords back in. systems: • When users want a specific password. • On urgent termination. • Suitable for servers and PCs on the corporate network. Pull • Periodically. initiated by user devices: • Random time-of-day. • Opportunistically, when connectivity is available. • Suitable for home PCs and on-the-road laptops. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 6
Slide Presentation 12 Authorizing Access to Privileged Accounts Two models: permanent and one-time. Permanent ACL One-time request Concurrency control • Pre-authorized users • Request access for any • Coordinate admin can launch an admin user to connect to any changes by limiting session any time. account. number of people • Access control model: • Approvals workflow connected to the same with: account: – Users ... belong to – User groups ... are – Dynamic routing. – Can be >1. assigned ACLs to – Parallel approvals. – Notify each admin – Managed system – N of M authorizers. of the others. policies ... which – Auto-reminders. • Ensure accountability of contain – Escalation. who had access to an – Devices and – Delegation. account at a given time. applications • Also used for API clients. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 7
Slide Presentation 13 Fault-Tolerant Architecture Hitachi ID Site A Privileged Access Manager Crypto keys in registry 010101 Password 101001 Vault 100101 LDAP/S, Windows User NTLM server or DC HTTPS Admin Load Workstation Balancer SSH, TCP/IP+AES Replication TCP/IP + AES Unix, Linux TCP/IP +AES Various Target Password 010101 Firewall Systems Vault 101001 100101 Proxy Crypto keys in registry Hitachi ID Privileged Access Manager Site B Site C © 2012 Hitachi ID Systems, Inc.. All rights reserved. 8
Slide Presentation 14 Included Connectors Many integrations to target systems included in the base price: Directories: Servers: Databases: Any LDAP, AD, WinNT, NDS, Windows NT, 2000, 2003, Oracle, Sybase, SQL Server, eDirectory, NIS/NIS+. 2008, Samba, Novell, DB2/UDB, Informix, ODBC. SharePoint. Unix: Mainframes, Midrange: HDD Encryption: Linux, Solaris, AIX, HPUX, 24 z/OS: RACF, ACF2, McAfee, CheckPoint. more. TopSecret. iSeries, OpenVMS. ERP: Collaboration: Tokens, Smart Cards: JDE, Oracle eBiz, PeopleSoft, Lotus Notes, Exchange, RSA SecurID, SafeWord, SAP R/3 and ECC 6, Siebel, GroupWise, BlackBerry ES. RADIUS, ActivIdentity, Business Objects. Schlumberger. WebSSO: Help Desk: Cloud/SaaS: CA Siteminder, IBM TAM, BMC Remedy, SDE, HP SM, WebEx, Google Apps, Oracle AM, RSA Access CA Unicenter, Assyst, HEAT, Salesforce.com, SOAP Manager. Altiris, Track-It! (generic). 15 Application and Service Accounts Unattended • Services, programs Scheduled Tasks, on Windows IIS Anonymous Access, etc. • Run in the context of a named user. • Are started with that user’s ID and password. • Hitachi ID Privileged Access Manager updates the appropriate OS component after every password change. Applications • Eliminate embedded passwords via secure API to the vault. • API authentication using one time passcode + client IP. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 9
Slide Presentation 16 Infrastructure Auto-Discovery Find and classify systems, services, groups, accounts: List systems Evaluate import rules Probe systems • From AD, LDAP • Manage this system? • Local accounts. (computers). • Attach system to this • Security groups. • From text file policy? • Group memberships. (IT inventory). • Choose initial • Services. • Extensible: ID/password. • Local svc accounts. DNS, IP port scan. • Manage this account? • Domain svc accounts. • Un manage this system? • Hitachi ID Privileged Access Manager can find, probe, classify and load 10,000 systems/hour. • Normally executed every 24 hours. • 100% policy driven - no scripts. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 10
Slide Presentation 17 Alternatives to Displaying Passwords Launch session (SSO) • Launch RDP, SSH, etc. • Password not disclosed at from Hitachi ID Privileged all. Access Manager web UI. • User is connected directly • Plug-ins for additional without further proxy. programs/protocols. Temporary ACL change • Place user’s AD account in • No password involved. a local security group • Native logging references (Windows). the user’s own account. • Place user’s public SSH key in .ssh/authorized_keys file (Unix). • Manipulate /etc/sudoers files (Unix). Copy • Place password in user’s • Allows user to paste the OS copy buffer. password into an e-mail, • Clear buffer after N text, file, etc. seconds. • Password not directly disclosed. Display • Reveal the cleartext value • Appropriate for managing of password on screen. off-line, console login • Clear display after N devices. seconds. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 11
Slide Presentation 18 Test Safety Features To prevent a security or an IT operations disaster, a privileged password management system must be built for safety first: Unauthorized • Passwords must be encrypted, both in storage and disclosure transmissions. • Access controls should determine who can see which passwords. • Workflow should allow for one-off disclosure. • Audit logs should record everything. Data loss, • Replicate all data – a server crash should be harmless. Service Disruption • Replication must be real time, just like password changes. • Replication must span physical locations, to allow for site disasters (fire, flood, wire cut). • These features are mandatory. • Evaluate products on multiple, replicated • Failure is not an option. servers. • Ask Hitachi ID for an evaluation guide. • Turn off one server in mid-operation. • Inspect database contents and sniff network traffic. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 12
Slide Presentation 19 HiPAM Unique Technology Multi-master • Built-in replication easy to setup and no extra cost. • Geographically distributed for maximum safety. • All nodes active: efficient and scalable. Connectors • Over 110 connectors, out of the box. • Also supports mobile devices. Workflow • Dynamic routing to multiple authorizers. • Built-in reminders, escalation, delegation. AD/LDAP • Manage groups that authorize access. groups • Requests, approvals, SoD policy, certification, reports. Session • Record keystrokes, video, webcam, more. monitor • Workflow controls search, playback. SSO • Launch RDP, SSH, SQL, vSphere and more. • Temporary trust: Windows groups, SSH keys. 20 Request one-time access Animation: ../pics/camtasia/hipam-71/1-request-access.cam4 21 Approve one-time access Animation: ../pics/camtasia/hipam-71/2-approve-request.cam4 22 Launch one-time session using a privileged account Animation: ../pics/camtasia/hipam-71/3-privileged-login-session.cam4 © 2012 Hitachi ID Systems, Inc.. All rights reserved. 13
Slide Presentation 23 Request, approve, play recording Animation: ../pics/camtasia/hipam-71/7-view-playback.cam4 24 Report on requests for privileged access Animation: ../pics/camtasia/hipam-71/hipam-06-admin-reports.cam4 25 Summary Hitachi ID Privileged Access Manager secures privileged accounts: • Eliminate static, shared passwords to privileged accounts. • Built-in encryption, replication, geo-diversity for the credential vault. • Authorized users can launch sessions without knowing or typing a password. • Infrequent users can request, be authorized for one-time access. • Strong authentication, authorization and audit throughout the process. Learn more at Hitachi-ID.com/Privileged-Access-Manager 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: PRCS:pres www.Hitachi-ID.com Date: March 1, 2012

Recommended

Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Systems, Inc.
 
Defining Enterprise Identity Management
Defining Enterprise Identity ManagementDefining Enterprise Identity Management
Defining Enterprise Identity ManagementHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentationHitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentationHitachi ID Systems, Inc.
 
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Systems, Inc.
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access ManagementHitachi ID Systems, Inc.
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Systems, Inc.
 

Recommended

Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Systems, Inc.
 
Defining Enterprise Identity Management
Defining Enterprise Identity ManagementDefining Enterprise Identity Management
Defining Enterprise Identity ManagementHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentationHitachi ID Identity Manager: Detailed presentation
Hitachi ID Identity Manager: Detailed presentationHitachi ID Systems, Inc.
 
Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Password Manager: Enrollment, password reset and password synchron...
Hitachi ID Password Manager: Enrollment, password reset and password synchron...Hitachi ID Systems, Inc.
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access ManagementHitachi ID Systems, Inc.
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Systems, Inc.
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threatsNetwork Intelligence India
 
Cidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 FullCidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 Fulllfilliat
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guardsNetwork Intelligence India
 
Hitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Systems, Inc.
 
RightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4OracleIDM
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Systems, Inc.
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Systems, Inc.
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Systems, Inc.
 
Declarative security-oes
Declarative security-oesDeclarative security-oes
Declarative security-oesOracleIDM
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Systems, Inc.
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalOracleIDM
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidatedOracleIDM
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
Gartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalOracleIDM
 
Ioug webcast entitlements in check
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in checkOracleIDM
 
Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentationHitachi ID Systems, Inc.
 
Intro to Identity Management
Intro to Identity ManagementIntro to Identity Management
Intro to Identity ManagementHitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 

More Related Content

What's hot

Cidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 FullCidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 Fulllfilliat
 
Hitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Systems, Inc.
 
RightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4OracleIDM
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Systems, Inc.
 
Declarative security-oes
Declarative security-oesDeclarative security-oes
Declarative security-oesOracleIDM
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Systems, Inc.
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalOracleIDM
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidatedOracleIDM
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
Gartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalOracleIDM
 
Ioug webcast entitlements in check
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in checkOracleIDM
 

What's hot (19)

Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Cidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 FullCidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 Full
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 
Hitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB ComplianceHitachi ID Solutions Support GLB Compliance
Hitachi ID Solutions Support GLB Compliance
 
RightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the CloudRightScale Webinar: Compliance in the Cloud
RightScale Webinar: Compliance in the Cloud
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1
 
Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4Cso oow12-summit-sonny-sing hv4
Cso oow12-summit-sonny-sing hv4
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager Brochure
 
Hitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA ComplianceHitachi ID Solutions Supporting HIPAA Compliance
Hitachi ID Solutions Supporting HIPAA Compliance
 
Declarative security-oes
Declarative security-oesDeclarative security-oes
Declarative security-oes
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
 
Platform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-finalPlatform approach-series-the oracleplatform-final
Platform approach-series-the oracleplatform-final
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidated
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authentication
 
Gartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-finalGartner iam 2011-analytics-aj-orig-recordednp-final
Gartner iam 2011-analytics-aj-orig-recordednp-final
 
Ioug webcast entitlements in check
Ioug webcast entitlements in checkIoug webcast entitlements in check
Ioug webcast entitlements in check
 

Similar to Hitachi ID Privileged Access Manager: Randomize and control disclosure of privileged passwords

Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentationguestf018d88
 
Troubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxTroubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxYury Leonychev
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 
Monitoreo y análisis de aplicaciones "Multi-Tier"
Monitoreo y análisis de aplicaciones "Multi-Tier"Monitoreo y análisis de aplicaciones "Multi-Tier"
Monitoreo y análisis de aplicaciones "Multi-Tier"GeneXus
 
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingAndris Soroka
 
CyberArk Interview.pdf
CyberArk Interview.pdfCyberArk Interview.pdf
CyberArk Interview.pdfInfosec Train
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business CaseHitachi ID Systems, Inc.
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCloudIDSummit
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at ScaleCloudIDSummit
 

Similar to Hitachi ID Privileged Access Manager: Randomize and control disclosure of privileged passwords (20)

Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentation
 
Intro to Identity Management
Intro to Identity ManagementIntro to Identity Management
Intro to Identity Management
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle Automation
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentation
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentation
 
Troubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptxTroubles with Large Identity Providers.pptx
Troubles with Large Identity Providers.pptx
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity Management
 
Introducing Salesforce Identity
Introducing Salesforce IdentityIntroducing Salesforce Identity
Introducing Salesforce Identity
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and Technology
 
Monitoreo y análisis de aplicaciones "Multi-Tier"
Monitoreo y análisis de aplicaciones "Multi-Tier"Monitoreo y análisis de aplicaciones "Multi-Tier"
Monitoreo y análisis de aplicaciones "Multi-Tier"
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&A
 
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
 
CyberArk Interview.pdf
CyberArk Interview.pdfCyberArk Interview.pdf
CyberArk Interview.pdf
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the Enterprise
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 

More from Hitachi ID Systems, Inc.

How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?Hitachi ID Systems, Inc.
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Systems, Inc.
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication ManagementHitachi ID Systems, Inc.
 

More from Hitachi ID Systems, Inc. (15)

Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Maximizing Value
Maximizing ValueMaximizing Value
Maximizing Value
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
 
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
 
Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Privileged Access Manager
Hitachi ID Privileged Access Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Hitachi ID Management Suite
Hitachi ID Management SuiteHitachi ID Management Suite
Hitachi ID Management Suite
 
Hitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate EditionHitachi ID Identity Express™ - Corporate Edition
Hitachi ID Identity Express™ - Corporate Edition
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 
Managing Passwords for Mobile Users
Managing Passwords for Mobile UsersManaging Passwords for Mobile Users
Managing Passwords for Mobile Users
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication Management
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Hitachi ID Privileged Access Manager: Randomize and control disclosure of privileged passwords

  • 1. 1 Hitachi ID Privileged Access Manager Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Securing access to administrator, embedded and service accounts. 2 Agenda • Hitachi ID corporate overview. • ID Management Suite overview. • Securing administrative passwords with Hitachi ID Privileged Access Manager. • Animated demonstration. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
  • 2. Slide Presentation 3 Hitachi ID Corporate Overview Hitachi ID is a leading provider of identity and access management solutions. • Founded as M-Tech in 1992. • A division of Hitachi, Ltd. since 2008. • Over 900 customers. • More than 11M+ licensed users. • Offices in North America, Europe and APAC. • Partners globally. 4 Representative Hitachi ID Customers © 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
  • 3. Slide Presentation 5 ID Management Suite 6 Securing Privileged Accounts Thousands of IT assets: Who has the keys to the kingdom? • Servers, network devices, databases and • Every IT asset has sensitive passwords: applications: – Administrator passwords: – Numerous. Used to manage each system. – High value. – Service passwords: – Heterogeneous. Provide security context to service • Workstations: programs. – Application: – Mobile – dynamic IPs. Allows one application to connect to – Powered on or off. another. – Direct-attached or firewalled. • Do these passwords ever change? • Who knows these passwords? (ex-staff?) • Audit: who did what? © 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
  • 4. Slide Presentation 7 Project Drivers Organizations need to secure their most sensitive passwords: Compliance: • Pass regulatory audits. • Compliance should be sustainable. Security: • Eliminate static passwords on sensitive accounts. • Create accountability for admin work. Cost: • Efficient process to regularly change privileged passwords. • Simple and effective deactivation for former administrators. Flexibility: • Grant temporary admin access. • Emergencies, production migrations, workload peaks, etc. 8 Participants in PAM Hitachi ID Privileged Access Manager works by randomizing privileged passwords and connecting people and programs to privileged accounts as needed: Privileged Get new, random passwords daily or at the desired frequency. accounts IT Users Must sign into HiPAM when they need to sign into administrator accounts. Services Are automatically updated with new passwords values. Applications Use the HiPAM API instead of embedded passwords. Security Define policies regarding who can connect to which privileged account. officers Auditors Monitor access requests and privileged login sessions. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
  • 5. Slide Presentation 9 HiPAM Impact Feature Impact Benefit Randomize passwords daily Eliminate static, shared Disconnect former IT staff. passwords. Controlled disclosure Control who can see The right users and programs passwords. can access privileged accounts, others cannot. Logging & Reporting Monitor password disclosure. Accountability. Faster troubleshooting. Encryption Secure passwords in storage Physical compromise does not and transit. expose passwords. Replication Passwords stored on multiple Survive server crashes and site servers, in different sites. disasters. 10 Understand and Manage the Risks A privileged access management (PAM) system becomes the sole repository of the most important credentials. Risk Description Mitigation Disclosure • Compromised vault • Encrypted vault. → security disaster. • Strong authentication. • Flexible authorization. Data Loss • Destroyed vault • Replicate the vault. → IT disaster. Non-availability • Offline vault • One vault in each of 2+ sites. → IT service interruption. Customers must test failure conditions before purchase! © 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
  • 6. Slide Presentation 11 Randomizing Passwords Push • Periodically (e.g., between 3AM and 4AM). random passwords to • When users check passwords back in. systems: • When users want a specific password. • On urgent termination. • Suitable for servers and PCs on the corporate network. Pull • Periodically. initiated by user devices: • Random time-of-day. • Opportunistically, when connectivity is available. • Suitable for home PCs and on-the-road laptops. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 6
  • 7. Slide Presentation 12 Authorizing Access to Privileged Accounts Two models: permanent and one-time. Permanent ACL One-time request Concurrency control • Pre-authorized users • Request access for any • Coordinate admin can launch an admin user to connect to any changes by limiting session any time. account. number of people • Access control model: • Approvals workflow connected to the same with: account: – Users ... belong to – User groups ... are – Dynamic routing. – Can be >1. assigned ACLs to – Parallel approvals. – Notify each admin – Managed system – N of M authorizers. of the others. policies ... which – Auto-reminders. • Ensure accountability of contain – Escalation. who had access to an – Devices and – Delegation. account at a given time. applications • Also used for API clients. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 7
  • 8. Slide Presentation 13 Fault-Tolerant Architecture Hitachi ID Site A Privileged Access Manager Crypto keys in registry 010101 Password 101001 Vault 100101 LDAP/S, Windows User NTLM server or DC HTTPS Admin Load Workstation Balancer SSH, TCP/IP+AES Replication TCP/IP + AES Unix, Linux TCP/IP +AES Various Target Password 010101 Firewall Systems Vault 101001 100101 Proxy Crypto keys in registry Hitachi ID Privileged Access Manager Site B Site C © 2012 Hitachi ID Systems, Inc.. All rights reserved. 8
  • 9. Slide Presentation 14 Included Connectors Many integrations to target systems included in the base price: Directories: Servers: Databases: Any LDAP, AD, WinNT, NDS, Windows NT, 2000, 2003, Oracle, Sybase, SQL Server, eDirectory, NIS/NIS+. 2008, Samba, Novell, DB2/UDB, Informix, ODBC. SharePoint. Unix: Mainframes, Midrange: HDD Encryption: Linux, Solaris, AIX, HPUX, 24 z/OS: RACF, ACF2, McAfee, CheckPoint. more. TopSecret. iSeries, OpenVMS. ERP: Collaboration: Tokens, Smart Cards: JDE, Oracle eBiz, PeopleSoft, Lotus Notes, Exchange, RSA SecurID, SafeWord, SAP R/3 and ECC 6, Siebel, GroupWise, BlackBerry ES. RADIUS, ActivIdentity, Business Objects. Schlumberger. WebSSO: Help Desk: Cloud/SaaS: CA Siteminder, IBM TAM, BMC Remedy, SDE, HP SM, WebEx, Google Apps, Oracle AM, RSA Access CA Unicenter, Assyst, HEAT, Salesforce.com, SOAP Manager. Altiris, Track-It! (generic). 15 Application and Service Accounts Unattended • Services, programs Scheduled Tasks, on Windows IIS Anonymous Access, etc. • Run in the context of a named user. • Are started with that user’s ID and password. • Hitachi ID Privileged Access Manager updates the appropriate OS component after every password change. Applications • Eliminate embedded passwords via secure API to the vault. • API authentication using one time passcode + client IP. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 9
  • 10. Slide Presentation 16 Infrastructure Auto-Discovery Find and classify systems, services, groups, accounts: List systems Evaluate import rules Probe systems • From AD, LDAP • Manage this system? • Local accounts. (computers). • Attach system to this • Security groups. • From text file policy? • Group memberships. (IT inventory). • Choose initial • Services. • Extensible: ID/password. • Local svc accounts. DNS, IP port scan. • Manage this account? • Domain svc accounts. • Un manage this system? • Hitachi ID Privileged Access Manager can find, probe, classify and load 10,000 systems/hour. • Normally executed every 24 hours. • 100% policy driven - no scripts. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 10
  • 11. Slide Presentation 17 Alternatives to Displaying Passwords Launch session (SSO) • Launch RDP, SSH, etc. • Password not disclosed at from Hitachi ID Privileged all. Access Manager web UI. • User is connected directly • Plug-ins for additional without further proxy. programs/protocols. Temporary ACL change • Place user’s AD account in • No password involved. a local security group • Native logging references (Windows). the user’s own account. • Place user’s public SSH key in .ssh/authorized_keys file (Unix). • Manipulate /etc/sudoers files (Unix). Copy • Place password in user’s • Allows user to paste the OS copy buffer. password into an e-mail, • Clear buffer after N text, file, etc. seconds. • Password not directly disclosed. Display • Reveal the cleartext value • Appropriate for managing of password on screen. off-line, console login • Clear display after N devices. seconds. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 11
  • 12. Slide Presentation 18 Test Safety Features To prevent a security or an IT operations disaster, a privileged password management system must be built for safety first: Unauthorized • Passwords must be encrypted, both in storage and disclosure transmissions. • Access controls should determine who can see which passwords. • Workflow should allow for one-off disclosure. • Audit logs should record everything. Data loss, • Replicate all data – a server crash should be harmless. Service Disruption • Replication must be real time, just like password changes. • Replication must span physical locations, to allow for site disasters (fire, flood, wire cut). • These features are mandatory. • Evaluate products on multiple, replicated • Failure is not an option. servers. • Ask Hitachi ID for an evaluation guide. • Turn off one server in mid-operation. • Inspect database contents and sniff network traffic. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 12
  • 13. Slide Presentation 19 HiPAM Unique Technology Multi-master • Built-in replication easy to setup and no extra cost. • Geographically distributed for maximum safety. • All nodes active: efficient and scalable. Connectors • Over 110 connectors, out of the box. • Also supports mobile devices. Workflow • Dynamic routing to multiple authorizers. • Built-in reminders, escalation, delegation. AD/LDAP • Manage groups that authorize access. groups • Requests, approvals, SoD policy, certification, reports. Session • Record keystrokes, video, webcam, more. monitor • Workflow controls search, playback. SSO • Launch RDP, SSH, SQL, vSphere and more. • Temporary trust: Windows groups, SSH keys. 20 Request one-time access Animation: ../pics/camtasia/hipam-71/1-request-access.cam4 21 Approve one-time access Animation: ../pics/camtasia/hipam-71/2-approve-request.cam4 22 Launch one-time session using a privileged account Animation: ../pics/camtasia/hipam-71/3-privileged-login-session.cam4 © 2012 Hitachi ID Systems, Inc.. All rights reserved. 13
  • 14. Slide Presentation 23 Request, approve, play recording Animation: ../pics/camtasia/hipam-71/7-view-playback.cam4 24 Report on requests for privileged access Animation: ../pics/camtasia/hipam-71/hipam-06-admin-reports.cam4 25 Summary Hitachi ID Privileged Access Manager secures privileged accounts: • Eliminate static, shared passwords to privileged accounts. • Built-in encryption, replication, geo-diversity for the credential vault. • Authorized users can launch sessions without knowing or typing a password. • Infrequent users can request, be authorized for one-time access. • Strong authentication, authorization and audit throughout the process. Learn more at Hitachi-ID.com/Privileged-Access-Manager 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: PRCS:pres www.Hitachi-ID.com Date: March 1, 2012