Skip to main content

LinkedIn Twitter Facebook YouTube
Hitachi ID certification

Learn more

Read more about access governance using the Hitachi ID Identity and Access Management Suite here

Access governance

Hitachi ID Identity and Access Management Suite can enforce a variety of internal controls, all of which contribute to access governance and regulatory compliance:

Control Description
Automatic access deactivation

  • Automatically deactivate all access when users leave an organization.
  • Trigger from SoR where possible -- for example, employees.
  • Trigger by request where there is no SoR, or where it is late or unreliable.
Segregation of duties (SoD)

  • Define a set of entitlements that should not be assigned at the same time to any one user.
  • Prevent users from acquiring new entitlements that would violate the policy.
  • Find users who already have rights that violate policy and remediate their access rights.
Approval for access

  • Pass all access requests through a workflow system.
  • Require approval by business stake-holders for any requests that represent material risk.
  • Invite managers, policy owners or data owners to approve access.
  • Effective for ensuring new rights are business-appropriate.
Access certification

  • Periodically ask stake-holders to review users and their entitlements.
  • Items are either certified (i.e., marked as acceptable) or marked for revocation.
  • Invite managers, policy owners and application/data owners to perform reviews.
  • Effective for finding inappropriate rights among existing entitlements.
Orphan, dormant accounts and profiles

  • Find orphan accounts -- not associated with an owner.
  • Find orphan user profiles -- which have no accounts.
  • Find dormant accounts -- with no recent login activity.
  • Find dormant user profiles -- which contain only dormant accounts.
  • Automatically disable and/or highlight for manual review.
Risk scores

  • Assign business risk scores to entitlements, number of subordinates, frequency of transfers or other signals.
  • Aggregate scores to identify high risk users.
  • Adjust approval, certification processes when high risk users are involved.
Password security

  • Ensure that users change their passwords regularly, choose hard-to-guess (but memorable) passwords and do not reuse their passwords.
Authentication prior to IT support

  • Reliably authenticate users prior to assisting them with login problems, such as forgotten passwords or clearing lockouts.
  • Combine multiple factors, such as sending a PIN to the user's phone and answering security questions.
Randomize and vault passwords

  • Periodically change passwords to service accounts, app-to-app accounts and administrator accounts.
  • Set passwords to random strings and store in a secure vault, where access can be controlled.
Control access to elevated privileges

  • Authenticate and authorize access to shared, privileged accounts or group memberships.
  • Grant access for short time windows only.
  • Pre-authorize frequent users and approve single-use requests otherwise.
Audit elevated access

  • Log requests and session initiation when elevated privileges are used.
  • Record login sessions (video, key-logging, etc.) where required.
Multi-factor authentication

  • Replace just-passwords or just-security-questions with multiple factors, including tokens or PINs sent to smart phones.
  • Leverage federation to extend strong authentication to applications, especially SaaS.

 

Read More:

  • IAM controls:
    Reliable deactivation, request approvals, access reviews, policy enforcement and role-based access control link technical access to business need.
  • Password security:
    Password composition rules, reliable authentication and periodic password changes secure passwords.
  • Elevated access:
    Randomized and vaulted passwords, pre-approved and requested access, replacing embedded passwords and session recording secure access to shared/privileged accounts and groups with elevated rights.
  • Regulatory compliance:
    Hitachi ID Systems solutions satisfy regulatory requirements.
page top page top