Skip to main content

LinkedIn Twitter Facebook YouTube
Hitachi ID certification

Product Sites

White Papers

arrowPrivileged Access Management
  • Best Practices for Securing Privileged Access:
    Describes the business problems which privileged access management systems are intended to address. Goes on to describe best practices for processes, policies and technology used to secure access to privileged accounts and other elevated privileges.
  • Hitachi ID Privileged Access Manager Features at a Glance:
    A brief overview of Hitachi ID Privileged Access Manager features.
  • Securing Privileged Access with Hitachi ID Privileged Access Manager:
    Hitachi ID Privileged Access Manager enables organizations to secure privileged accounts. It periodically randomizes privileged passwords. Users must sign into it when they need to access a sensitive account. The password change and access disclosure process creates strong, personal authentication authorization over which passwords are visible to whom and audit of access attempts (AAA).
  • Securing Embedded Passwords with Hitachi ID Privileged Access Manager:
    Applications often need to connect to other applications or services on the network to function. For example, a web application may have to connect to one or more databases to retrieve or update data, to web services to initiate transactions, to a directory to create or update user objects, etc.
  • Data Replication in Privileged Credential Vaults:
    Privileged passwords must be protected more vigorously than any other data in an organization. This document describes why and how.
  • Design and Implementation of Administrator Session Monitoring:
    This document introduces the business case for implementing a session monitoring system to record login sessions to privileged accounts. It examines a series of technological design decisions that must be considered when developing a session monitoring system and offers guidance about how such a system might be best deployed and managed in practice.
arrowIdentity and Access Management
  • Best Practices for Identity and Access Management:
    This document lays out best practices for identity and access management systems. These systems may be deployed in a variety of contexts – corporate, customer-facing, partner-facing, etc.
  • Hitachi ID Identity Manager Features at a Glance:
    A brief overview of Hitachi ID Identity Manager features.
  • Enterprise-Scale IAM with Hitachi ID Identity Manager:
    This document introduces the business challenges of managing the lifecycle of identities and entitlements at scale: slow and complex onboarding; redundant administration effort; slow and unreliable deactivation; users with entitlements that exceed their business need and invalid or inconsistent data about users. It then describes how Hitachi ID Identity Manager addresses these problems with a combination of automated and self-service processes.
  • Building a Business Case for Identity Administration and Access Governance:
    This document is designed to assist in the preparation of a business case for the deployment of an identity administration and access governance (IAM) system. The benefits of an IAM system: namely cost savings, improved user service and strengthened security are justified in terms of concrete metrics, which compare current to desired state.
  • Identity Management Project Roadmap:
    A guide to the entire life of a successful identity management project, including: a needs analysis, who to involve in the project, how to select the best product, technical design decisions, how to effectively roll out the system and how to monitor and assure sound ROI.
  • Defining Identity Management:
    This document defines the components of identity management, starting with the underlying business challenges of managing user identities and entitlements across multiple systems and applications. Identity management functions are defined in the context of these challenges.
  • Identity Management Terminology:
    This document introduces key identity management terminology and offers clear, unambiguous definitions. The intent is to help the reader focus on solving real problems, rather than waste energy on the language of identity management.
  • Defining Enterprise Identity Management:
    Identity management is a much used term that refers to a set of technologies intended to manage a basic problem: information about the identity of employees, contractors, customers, partners, customers and vendors is distributed among too many systems, and is consequently difficult to manage. This document defines the components of enterprise identity management technologies. It describes the underlying business problem of managing user identity information on a variety of systems. It then defines identity management in the context of this problem, and describes technologies used to manage user identities effectively in the enterprise.
  • Role Based Access Control: What is it, why bother and how to implement it:
    This document is intended to introduce readers to role based access control (RBAC), as applied to large numbers of users and multiple IT systems.
  • Access Governance Using the Hitachi ID Identity and Access Management Suite:
    This document introduces the concept of access governance. This concept is linked to corporate business drivers around risk management and audit and explains how the Hitachi ID Identity and Access Management Suite meets access governance requirements.
  • Standard IAM Business Processes: Corporate / Intranet Deployment:
    Best practices for managing users, identity attributes and entitlements in a typical "corporate" environment.
  • Standard IAM Business Processes: B2B / Partner Portal:
    Best practices for managing users, identity attributes and entitlements in a typical Extranet-facing partner portal.
  • Standard IAM Business Processes: B2C / Customer Portal:
    Best practices for managing users, identity attributes and entitlements in a typical Extranet-facing customer portal.
  • Best Practices for Identity Management Projects:
    Presents best practices for deploying and operating an identity management infrastructure. Builds on Hitachi ID Systems' years of experience in deploying password management and user provisioning into some of the largest and most complex organizations in the world.
  • Addressing Excess Privileges using Hitachi ID Access Certifier:
    Describes how access certification can be used to address the problem of privilege accumulation in a manner consistent with regulations such as Sarbanes-Oxley, HIPAA, 21CFR11 and GLB.
  • Self-Service Active Directory Group Management:
    Hitachi ID Group Manager is a self-service group membership request portal. It allows users to request access to resources such as shares and folders, rather than initially specifying groups. Group Manager automatically maps requests to the appropriate security groups and invites group owners to approve or reject the proposed change.
  • Extranet Identity Management: Process and Architecture:
    An overview of the identity management requirements that arise in an Extranet portal, where a corporation provides services to a large number of external users -- typically consumers and in some cases partners.
  • Addressing Deployment Challenges in Enterprise Identity Management:
    This Hitachi ID Systems white paper describes the major challenges in deploying an enterprise identity management (IdM) system, including data cleansing, role engineering and workflow definition and maintenance. The information presented here is derived from hundreds of deployments performed over many years.
  • Beyond Roles: A Practical Approach to Enterprise User Provisioning:
    This document introduces a strategy for large-scale enterprise user administration. A traditional pre-defined role-based approach can practically be applied only to standard, static roles. The strategy offered in this document offers a complementing approach to automated privileges management for unique and/or dynamic roles. It is based on user-issued access requests combined with periodic audits.
  • Best Practices for Managing User Identifiers:
    This document presents best practices for assigning and managing unique identifiers to the users of computer systems in medium to large organizations. It begins with definitions and background information, then proceeds to explain scope, uniqueness, business processes, challenges and best practices.
arrowCredential Management
  • Password Management Best Practices:
    Best practices for enterprise password management. Classifies security threats and discusses practical strategies to counter password guessers, packet sniffers, sticky notes and more.
  • Hitachi ID Password Manager Features at a Glance:
    A brief overview of Hitachi ID Password Manager features.
  • From Password Reset to Credential Management:
    The evolution of password management -- from simple password reset to enterprise-scale management of all credentials.
  • Large Scale Password Management with Hitachi ID Password Manager:
    Password Manager provides automation and self-service, to help users better manage their corporate credentials. With Password Manager, users can more conveniently and securely manage their credentials, which lowers IT support cost, improves user productivity and strengthens corporate security. The core concept is to help users manage all of their credentials -- network and local passwords, filesystem encryption passwords, one time password tokens, smart cards, certificates, biometrics and more -- using a single system.
  • Building a Business Case for Password Manager Purchase and Deployment:
    Sample business case for justifying purchase and deployment of Password Manager.
  • Self-Service, Anywhere™:
    This document explains how Hitachi ID Password Manager addresses the login problems experienced by mobile users with full disk encryption, cached credentials, smart phones, smart cards and tokens.
  • Password Manager Deployment Best Practices:
    Outlines best practices for designing, installing and rolling out Password Manager to an enterprise-scale user population.
  • Password Management Project Roadmap:
    A roadmap for password management projects, starting with a needs analysis, through requirements and product selection, and including deployment and ongoing management of the system.
  • Choosing Good Passwords:
    A plain-language guide, suitable for sharing with end users, to security threats posed by password cracking software and how to apply good password rules to prevent security compromises.
  • Password Reset for Locked Out Users:
    An objective comparison of alternate strategies to addressing the problem of helping users that forgot their initial network login password.
  • Best Practices for Challenge/Response Authentication:
    Constructing secure, usable policies for authenticating users who forgot their password by asking them to answer a series of security questions.
  • Integrating Password Management with Enterprise Single Sign-On:
    Learn about where password synchronization, password reset and single sign-on interact and how/why they should be integrated.
  • Managing Passwords for Mobile Users:
    Managing passwords for mobile users is more challenging than managing passwords to network-attached users. Challenges include managing local passwords on thousands of workstations, coping with cached credentials and supporting mobile users who forgot their initial workstation sign-on password.
  • Using Hitachi ID Password Manager to Reduce Password Reset Calls at an Internet Service Provider:
    As ISPs scale to hundreds of thousands and millions of end customers, the cost to support repetitive problems such as password resets rises to significant levels, reaching millions of dollars annually. This document describes password management specifically for ISPs.
  • Password Manager Security Analysis:
    Password Manager impacts authentication processes and standards. Describes this impact, and how to ensure that it is a positive change. Password Manager is also a sensitive part of an organizations I.T. infrastructure, and consequently must be defended by strong security measures. The technology used by Password Manager to protect against intrusions, as well as best practices to deploy that technology, are described here.
  • Password Manager Telephony Integration:
    Outlines how Password Manager can be integrated with an interactive voice response (IVR) system, to enable self-service password reset from a telephone, self-service token management from a telephone and active enrollment of biometric voice print samples.
arrowIT Infrastructure, Cloud and BYOD
  • Secure Architecture for Mobile Device Access to On-Premise Applications:
    This document introduces a technical architecture that enables applications installed on mobile phones and similar devices to access security-sensitive applications deployed inside a private corporate network perimeter. The mobile devices may be personal (i.e., "BYOD") or corporate owned/managed, but it is assumed that they are neither wirelessly attached to the corporate network nor necessarily able to establish a virtual private network (VPN) link.
  • Identity Management as a Service: Deploying IAM in a SaaS Model:
    This document discusses strategies for deploying an identity and access management system (IAM) using a software as a service (SaaS) provider. It identifies business and technical challenges that arise when an IAM system is moved outside of an organization's private network perimeter and offers solutions to address them.
  • Intersection of Identity Management and Cloud Computing:
    This document is a comprehensive analysis of all the ways that Identity and Access Management (IAM) solutions can be run in and integrate with cloud computing systems. Both cloud computing and IAM are relatively new, so the first part of this document defines key concepts and terminology. Next, assumptions that clarify the scope of this document in terms of network topology and functionality are presented and finally a comprehensive list of architectural scenarios are presented, along with an analysis of the costs, risks and benefits of each scenario.
  • Appliances vs. Traditional Servers: Pros and Cons:
    This document is intended to help organizations decide whether an appliance or a traditional server is an appropriate platform for hosting enterprise software applications.
  • Migrating application users and passwords with Password Manager:
    Describes a number of ways in which Password Manager can be used to ease migrations from one system or directory to another.
  • Locking Down a Hitachi ID Suite Server:
    It is important to protect both the Hitachi ID Systems product server and the data it stores. This document describes how.
arrowProduct Evaluation and Differentiation
  • Selecting a User Provisioning Product:
    Considerations for selecting a user provisioning product which will help an organization successfully replace manual security administration with automation and self-service.
  • Selecting a Password Management Product:
    Advice to prospective buyers of a password management system as to what features, services and vendor characteristics to look for, in order to maximize the chances for a successful project outcome.
  • Password Reset for Locked Out Users:
    An objective comparison of alternate strategies to addressing the problem of helping users that forgot their initial network login password.
  • Password Manager Competitive Advantages:
    There are many password management products on the market. Password Manager is the market leader because of superior technology, lower TCO and higher ROI.
  • Approaches to Enterprise Identity Management: Best of Breed vs. Suites:
    Considerations when selecting IAM products: are suite vendors, which can address every conceivable need but some of whose products may be less than ideal and/or not well integrated preferable to a handful of best-of-breed products, which cannot address every need but which optimally fill specific needs.
  • Overcoming Operational Challenges with Traditional Approaches to Enterprise Single Sign-On:
    Lays out what works and, more importantly, what doesn't work well with traditional approaches to enterprise single sign-on. It goes on to describe an alternate approach to reducing the frequency of sign-on prompts presented to users, that does not have any of the problems described here.
arrowRegulatory Compliance
arrowLatest Research and Surveys
  • 2015 Privileged Access Management Study:
    This study reviews how organizations are best managing privileged identities, as well as the true business impact of intrusions due to compromising external/internal privileged access.
page top page top