• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Access Manager
  • Download evaluation
  • Releases
  • CCC
• Solutions
  • Security / GRC
  • Reducing IT support cost
  • Improve user service
• Support
  • Shipping products
  • Supported versions
  • Portal login
  • Report problem
• Services
  • Solution delivery
  • Methodology
  • Education
  • Upgrades
  • AdMax Program
  • Hitachi ID Systems-Managed IAM
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Channel Partners
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Online partner application

Security

Hitachi ID Identity Manager security benefits

User administration, especially in a heterogeneous environment where each user has multiple login accounts and appears in multiple directories, has many inherent security problems. In many organizations, weaknesses in change management processes are a major source of security problems.

Learn more about:

• Secure User Administration.
• Locking down Hitachi ID Identity Manager.

---

	Security problem	Hitachi ID Identity Manager solution
User profiles persist long after their owner has been terminated	Unreliable business processes and incomplete access profiles mean that when employees or contractors are terminated, systems administrators may not be notified on time, or at all. Additionally, without a global record of every login ID on every system that belongs to a user, it is difficult or impossible to ensure that all of the login accounts associated with a user are reliably and promptly disabled after a termination. As a result, users may retain login entitlements long after they have left an organization.	Identity Manager helps organizations to implement reliable and prompt termination, through automated termination, consolidated access reporting, and use of a consolidated user administration console.
Users accumulate entitlements like lint	Over time, as users move around an organization, changing responsibilities, they accumulate login accounts on various systems and specific security entitlements, all required to do their jobs. Unfortunately, it is difficult or impossible to determine when their old entitlements are really no longer needed, and so should be removed. As a result, users just accumulate entitlements. This is a security problem, as it increases the risk of security violations due either to honest errors or compromised accounts.	Identity Manager can be used to periodically review what login accounts and entitlements each user has, to identify suspicious entitlements, and to remove those that managers and system owners agree are truly no longer required.
It is difficult to determine what users have what access to systems and data, and how they got it.	Lack of a database that connects login IDs across systems back to individual users, and that tracks security entitlements across systems, makes it difficult or impossible to determine just what access rights any given user has (globally), or conversely what set of users have a particular combination of security entitlements. Local or absent change logs make it impossible to track how users got the access rights they have. This makes it difficult to meet regulatory requirements for effective internal controls.	Identity Manager can be used to report on user access rights and change history globally.
Users have non-standard login IDs and account configuration	Different human security administrators create accounts in different ways, inadvertantly violating standards. Without effective standards enforcement, it is difficult to control the access rights of large user populations. Without enforcing login ID naming conventions, it is difficult to correlate security events across systems.	Identity Manager creates all new users with standard login IDs by cloning pre-defined, standardized template accounts.
Users get new accounts and security changes without proper authorization	Overly-restrictive change control procedures, or simply difficult to use change request forms, may lead business users to bypass the change request / routing / authorization process entirely, and demand security changes directly from systems administrators. In effect, lack of usability can defeat security.	Identity Manager makes the change control process easy to use, with a built-in self-service workflow engine. Users have no incentive to bypass the system when it is fast and effective.

Identity Manager strengthens security by:

• Quickly and reliably removing access to all systems and applications when users leave an organization.
• Finding and helping to clean up orphan and dormant accounts.
• Assigning standardized access rights, using roles and rules, to new and transitioned users.
• Enforcing policy regarding segregation of duties and identifying users who are already in violation.
• Ensuring that changes to user entitlements are always authorized before they are completed.
• Asking business stake-holders to periodically review user entitlements and either certify or remove them, as appropriate.
• Reducing the number and scope of administrator-level accounts needed to manage user access to systems and applications.
• Providing readily accessible audit data regarding current and historical security entitlements, including who requested and approved every change.

Read more:

• Secure User Administration:
  Changing business processes and infrastructure to secure user administration.
• Locking Down Identity Manager:
  Protecting the Identity Manager server, its data and its communications against attack.

© Hitachi ID Systems, Inc. . All rights reserved.