Escolar Documentos
Profissional Documentos
Cultura Documentos
2 Agenda
Corporate
Hitachi ID Password Manager
Recorded Demos
Technology
Implementation
Differentiation
3 Corporate
Challenges Solutions
Users have too many passwords. Synchronize passwords.
Write them on sticky notes. Reduce to 1 or a few.
Forget and call the help desk. Easier to remember.
Pick trivial, insecure values. Less likely to write down.
Opportunity to mandate stronger
passwords.
Challenges Solutions
Users forget their passwords. Self-service password reset.
Lock themselves out. Clear intruder lockouts.
Highest volume incident type. PIN resets and emergency pass-codes for
Peak volume at start of week. tokens.
Challenges Solutions
Self service depends on non-password Identify users with incomplete profiles.
credentials: Invite them to sign up. Send reminders
with increasing urgency:
Security questions.
Mobile phone number. E-mail.
Personal e-mail address. Open browser at login time.
App on smart phone. Forced enrollment (full screen,
This data rarely exists prior to locked browser.)
deployment. Throttle invitations:
New hires must enroll too.
ROI depends on user adoption: Per user (e.g., once a week).
Overall (e.g., 500/day).
Users tend to ignore invitations.
Challenges Solutions
Users have trouble logging in: Pre-boot:
Forget their password. Smart phone app or voice call to
Trigger an intruder lockout. access service.
User context can complicate assistance: Mediate filesystem unlock.
Windows login screen:
Pre-boot? No OS yet!
Login screen? How to navigate to Credential Provider extends the
self-service? Windows login UI.
Off-site? Locally cached password. Smart phone app or voice call.
Secure kiosk account if client
software is a problem.
VPN integration:
Update locally cached password for
off-site users.
Challenges Solutions
Offer 2FA to all users:
Few apps natively support multi-factor PIN to phone/email.
logins. Smart phone app.
Mandate strong authentication before Existing OTP.
self-service password reset. Browser fingerprint (reduces the
nuisance of 2FA).
Built into Hitachi ID Password Manager
Leverage existing 2FA if available.
Introduce zero-cost 2FA otherwise.
Extend 2FA to other apps via federation:
HiPM includes a built-in SAML IdP
Challenges Solutions
Challenges Solutions
5 Recorded Demos
Animation: ../../pics/camtasia/v9/hipm-self-service-anywhere-nb/hipm-self-service-anywhere-nb.mp4
Animation: ../../pics/camtasia/v10/enable-mobile-device-1.mp4
Animation: ../../pics/camtasia/v10/mcafee-drive-encryption.mp4
Animation: ../../pics/camtasia/v9/add-contact-to-phone-1/add-contact-to-phone-1.mp4
6 Technology
Native password
change
Password synch
trigger systems SaaS apps
Hitachi ID
servers
Load
balancers
Reverse
web
proxy Managed endpoints
VPN server
with remote agent:
Replication AD, SQL, SAP, Notes, etc
IVR server MS SQL databases
B
Hitachi ID ter
Notifications servers c en r
t a te
and invitations
Da cen
E-mail Tickets data
ote
Firewalls
system m
System of Re
Ticketing record
TCP/IP + AES system
A
HR n ter Managed
Various protocols
ce endpoints
ta
Secure native protocol Da
Proxy server
HTTPS (if needed)
BYOD enabled
On premises and SaaS SaaS apps
d
lou
C
Replicated across data centers
Horizontal scaling
Load balanced
terB
en
t ac ter
Da cen
data
te
emo
R
TCP/IP + AES
A
n ter
Various protocols
ce
ta Reach across firewalls
Secure native protocol Da
HTTPS
Fault tolerant.
Secure - encrypted.
Reliable - queue and retry.
App nodes need and should not be co-located.
Native, 64-bit code:
&
(
"
'
!
Special type:
&
,
$
!
programmatically limit available chains.
&
(
'
!
Risk-analysis:
/
&
&
(
VPN? admin user?
)
&
)
6.5 User classes
User classes define sets of individual users User classes are a natural way to define
or types of relationships between users: security policy:
Sets of users: Route requests
(requester+recipient/authorizer).
By group membership Invite reviewers (user/certifier).
In an OU Escalate requests (old/new
Having certain attributes participants).
Types of relationships: Limit visibility (viewer/user profile).
Define what is requestable
Shared attributes (e.g., (requester/recipient).
department, location).
Group membership of participants
(e.g., security team).
Direct or indirect manager.
Internet
Cloud (3)
proxy Message passing system
Self-contained: Flexible:
Hitachi ID Phone Password Manager runs Fully scriptable and can implement any
on a Windows server with a Dialogic call logic.
phone card or with HMP software Dialogic Multi-lingual: just record more voice
solution. prompts.
No IVR software is required. The default call logic is powerful and easy
to customize.
Integrated with Hitachi ID Password Scalable:
Manager:
Manage user enrollment. Multiple load balanced HiTPM servers.
Map network login ID to digits. Multiple load balanced HiPM servers.
HiPM ties to target systems.
Languages are easy to add. Hitachi ID will do it for a nominal fee and customers can do it themselves.
7 Implementation
8 Differentiation
9 Summary
An integrated solution for managing credentials:
Immediate security benefit: password policy, help desk caller authentication.
Low deployment cost, minimal ongoing investment, significant IT support savings.
Always accessible:
Web browser on PC, phone or tablet.
Windows login prompt.
Pre-boot encryption password prompt.
Apps on iOS, Android.
Phone call / IVR.
Available at work and while off-site.
110+ connectors included.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com