Self-Service, Anywhere™: This document explains how Hitachi ID Password Manager addresses the login
problems experienced by mobile users with full disk encryption,
cached credentials, smart phones, smart cards and tokens.
Enterprise Password Management Best Practices: Best practices for enterprise password management. Classifies
security threats and discusses practical strategies to counter
password guessers, packet sniffers, sticky notes and more.
Password Policy Guidelines: Guidelines for secure password management, including policy on
composition, transmission and expiration of passwords.
Choosing Good Passwords: A plain-language guide, suitable for sharing with end users,
to security threats posed by password cracking software and how
to apply good password rules to prevent security compromises.
Password Reset for Locked Out Users: An objective comparison of alternate strategies to addressing the
problem of helping users that forgot their initial network login password.
Challenge/Response Authentication: Constructing secure, usable policies for authenticating users
who forgot their password by asking them to answer a series
of security questions.
Password Management for Mobile Users: Managing passwords for mobile users is more challenging than
managing passwords to network-attached users. Challenges include
managing local passwords on thousands of workstations, coping with
cached credentials and supporting mobile users who forgot their
initial workstation sign-on password.
Password Management for ISP Subscribers: As ISPs scale to hundreds of thousands and millions of end
customers, the cost to support repetitive problems such as password
resets rises to significant levels, reaching millions of dollars
annually. This document describes password management specifically
Password Management Project Roadmap: A roadmap for password management projects, starting with a
needs analysis, through requirements and product selection, and
including deployment and ongoing management of the system.
Business Case for Identity Administration and Access Governance: This document is designed to assist in the preparation of a business
case for the deployment of an identity administration and access
governance (IAM) system. The benefits of an IAM system: namely cost
savings, improved user service and strengthened security are justified
in terms of concrete metrics, which compare current to desired state.
Identity Management as a Service: Deploying IAM in a SaaS Model: This document discusses strategies for deploying an identity
and access management system (IAM) using a software as a service
(SaaS) provider. It identifies business and technical challenges
that arise when an IAM system is moved outside of an organization's
private network perimeter and offers solutions to address them.
Intersection of Identity Management and Cloud Computing: This document is a comprehensive analysis of all the ways that Identity and Access Management (IAM)
solutions can be run in and integrate with cloud computing systems.
Both cloud computing and IAM are relatively new, so the first part of this document defines key concepts
and terminology. Next, assumptions that clarify the scope of this document in terms of network topology
and functionality are presented and finally a comprehensive list of architectural scenarios are presented,
along with an analysis of the costs, risks and benefits of each scenario.
Selecting a User Provisioning Product: Considerations for selecting a user provisioning product which
will help an organization successfully replace manual
security administration with automation and self-service.
Selecting a Password Management Product: Advice to prospective buyers of a password management system as
to what features, services and vendor characteristics to look for,
in order to maximize the chances for a successful project outcome.
Password Reset for Locked Out Users: An objective comparison of alternate strategies to addressing
the problem of helping users that forgot their initial network
Password Manager Competitive Advantages: There are many password management products on the market.
Password Manager is the market leader because of superior
technology, lower TCO and higher ROI.
Enterprise IdM: Suite vs. Best of Breed: Considerations when selecting IAM products: are suite vendors,
which can address every conceivable need but some of whose products
may be less than ideal and/or not well integrated preferable to
a handful of best-of-breed products, which cannot address every
need but which optimally fill specific needs.
Problems with Traditional E-SSO: Lays out what works and, more importantly,
what doesn't work well with traditional approaches to enterprise
single sign-on. It goes on to describe an alternate approach to
reducing the frequency of sign-on prompts presented to users,
that does not have any of the problems described here.
Securing Sensitive Passwords with Hitachi ID Privileged Access Manager: Hitachi ID Privileged Access Manager enables organizations to secure privileged passwords. It periodically randomizes them. Users must sign into it when they need to access a sensitive account. The password change and disclosure process creates strong, personal authentication authorization over which passwords are visible to whom and audit of access attempts (AAA).
Password Manager Security Analysis: Password Manager impacts authentication processes and standards.
Describes this impact, and how to ensure that it
is a positive change. Password Manager is also a sensitive part
of an organizations I.T. infrastructure, and consequently must
be defended by strong security measures. The technology used by
Password Manager to protect against intrusions, as well as best
practices to deploy that technology, are described here.
Password Manager Telephony Integration: Outlines how Password Manager can be integrated with
an interactive voice response (IVR) system, to enable self-service
password reset from a telephone, self-service token management
from a telephone and active enrollment of biometric voice print
Privileged Access Manager Features: Privileged Access Manager is a system for securing privileged
passwords across many servers and workstations. It periodically
randomizes them, stores the resulting values in a replicated
database and - when appropriate - discloses passwords to
administrators, applications and services.
Self-Service AD Group Management: Hitachi ID Group Manager is software from Hitachi ID Systems for managing membership
in groups, where groups exist on Hitachi ID Group Manager target systems --
principally Active Directory. It allows users to initiate security
change requests -- principally requests to join or exit network
operating system security groups -- in a self-service manner,
without the need for users to understand the underlying security
Defining Enterprise Identity Management: Identity management is a much used term that refers to a set
of technologies intended to manage a basic problem: information
about the identity of employees, contractors, customers, partners,
customers and vendors is distributed among too many systems,
and is consequently difficult to manage. This document defines
the components of enterprise identity management technologies.
It describes the underlying business problem of managing user
identity information on a variety of systems. It then defines
identity management in the context of this problem, and describes
technologies used to manage user identities effectively in the
Best Practices for Identity Management Projects: Presents best practices for deploying and operating an identity
management infrastructure. Builds on Hitachi ID Systems' years of experience
in deploying password management and user provisioning into some of
the largest and most complex organizations in the world.
Identity Management Project Roadmap: A guide to the entire life of a
successful identity management project, including: a needs analysis,
who to involve in the project,
how to select the best product,
technical design decisions,
how to effectively roll out the system and
how to monitor and assure sound ROI.
Extranet Identity and Access Management: An overview of the identity management
requirements that arise in an Extranet portal, where a corporation
provides services to a large number of external users -- typically
consumers and in some cases partners.
User Provisioning Best Practices: Describes and justifies current user provisioning
best practices in an enterprise network. It is intended to offer
reasoned guidance to information technology decision makers when
they set security policy and design processes to manage user
identity data, such as accounts and directory objects, across
multiple enterprise systems.
Addressing Identity Management Deployment Challenges: This Hitachi ID Systems white paper describes the major challenges
in deploying an enterprise identity management (IdM) system,
including data cleansing, role engineering and workflow definition
and maintenance. The information presented here is derived from
hundreds of deployments performed over many years.
Beyond Roles: A Practical Approach to Enterprise User Provisioning, which
does not depend on the completion of a role engineering project
to move to production.
Sarbanes-Oxley Act: The Sarbanes-Oxley act was enacted by the United
States Congress in July 2002. It requires publicly traded companies
to ensure that they are properly reporting financial information.
One of the most critical sections is section 404, which requires
internal control over the creation of financial reports, and
mandates responsibility for access privileges. This section is
crucial for IT organizations to understand and act on.
PCI-DSS: The Payment Card Industry Data Security Standard (PCI-DSS) is a brief,
pragmatic and very reasonable set of standards intended to guide
financial institutions, retailers and other data processors in
protecting data about credit cards and their owners.
FDA 21 CFR Part 11: Pharmaceutical and other biotech companies are subject
to regulation by the food and drug administration
(FDA). One of the FDA regulations, regarding electronic
signatures and the integrity of electronic systems, is
FDA 21 CFR 11.
HIPAA: The Health Insurance
Portability and Accountability Act of 1996 (HIPAA) outlines what is required of healthcare
organizations to ensure the portability of healthcare coverage
and the privacy of patient records.
Privileged Access Manager Product Q&A: Introduction to the business challenges of securely managing access to
privileged accounts and the technical processes built into
Privileged Access Manager to secure access to administrator, service and
Best Practices for Managing Access to Privileged Accounts: Describes the business problems that a privileged access
management system is intended to address. Goes on to describe
best practices for defining and enforcing policies regarding access
to privileged accounts on a variety of systems.
Design and Implementation of Administrator Session Monitoring: This document introduces the business case for implementing a session monitoring system to record login sessions to privileged
accounts. It examines a series of technological design decisions
that must be considered when developing a session monitoring system
and offers guidance about how such a system might be best deployed
and managed in practice.
Securing Privileged Accounts with Hitachi ID Privileged Access Manager: Hitachi ID Privileged Access Manager enables organizations to secure privileged accounts.
It periodically randomizes privileged passwords. Users must
sign into it when they need to access a sensitive account.
The password change and access disclosure process creates strong,
personal authentication authorization over which passwords are
visible to whom and audit of access attempts (AAA).
Hitachi ID Privileged Access Manager Features: Hitachi ID Privileged Access Manager is a system for securing access to privileged
accounts across many servers and workstations. It periodically
randomizes privileged passwords, stores the values in a
replicated database and - when appropriate - discloses access to
administrators, applications and services.
Securing Embedded Passwords with Hitachi ID Privileged Access Manager: Applications often need to connect to other applications or services
on the network to function. For example, a web application may have
to connect to one or more databases to retrieve or update data, to
web services to initiate transactions, to a directory to create or
update user objects, etc.