Hitachi ID Systems, Inc. delivers access governance and identity administration solutions to organizations globally, including many of the Fortune 500 companies. The Hitachi ID Identity and Access Management Suite is a fully integrated solution for managing identities, security entitlements and credentials, for both business users and shared/privileged accounts, on-premises and in the cloud.
The Hitachi ID Suite is well known in the marketplace for high scalability, fault tolerance, a pragmatic design and low total cost of ownership (TCO). Hitachi ID is recognized by customers and analysts for industry leading customer service.
Originally founded in 1992 as M-Tech Information Technology, Inc. and acquired by Hitachi, Ltd. in 2008, Hitachi ID Systems, Inc. is a leading provider of identity management and access governance solutions.
Hitachi ID first identity management and access governance product, Hitachi ID Password Manager, has been commercially available since 1995. Today, Hitachi ID is the leading password management vendor world-wide and a leading provider of identity and privileged access management solutions.
Hitachi ID currently has 160 employees. Hitachi ID has enjoyed strong financial performance, with 96 consecutive quarters of growth and profitability.
Hitachi ID is headquartered in Calgary, Canada and has regional offices in: Canada: Vancouver, Montréal and Ottawa; United States: New York. Europe: Amsterdam, Leeds UK and Warsaw, Poland. Australia: Brisbane.
Password Manager is an integrated solution for managing credentials, across systems and applications. It simplifies the management of passwords, tokens, smart cards, security questions and biometrics. Password Manager lowers IT support cost and improves the security of login processes.
Password Manager includes password synchronization, self-service password and PIN reset, strong authentication, federated access, enrollment of security questions and biometrics and self-service unlock of encrypted hard drives.
Password Manager reduces the cost of password management using:
Password Manager strengthens security by providing:
To find out more about Password Manager, visit https://Hitachi-ID.com/password-manager/.
Identity Manager is a separate product built on the same infrastructure as Password Manager. Where Password Manager manages passwords, Identity Manager creates, deletes and manipulates user accounts.
Identity Manager is an integrated solution for managing identities and security entitlements across systems and applications. It ensures that users are granted access quickly, that entitlements are appropriate to business need and that access is revoked once no longer needed.
Identity Manager implements the following business processes to drive changes to identities and entitlements on systems and applications:
Identity Manager strengthens security by:
Identity Manager reduces the cost of managing users and security entitlements:
Password Manager reduces the IT support cost associated with passwords:
Password Manager improves user service by simplifying password management:
Password Manager improves the security of authentication processes:
Password Manager is not a single sign-on system. Rather, it manages and reduces the number of passwords that users must remember, but does not eliminate the need for users to type their own passwords.
Password management, rather than single sign-on, may be attractive, because of some problems with enterprise single sign-on software:
Over time, a traditional E-SSO system will respond to applications expiring passwords by choosing new, random password values, allowing the application to change passwords and storing the random password value for future reference.
With this process in place, over time users lose knowledge of their own passwords and become dependent on the E-SSO system to sign into their applications. This means that users cannot access their applications from devices that are not equipped with the E-SSO software, such as smart phones or even their home PCs.
Building and maintaining a database of every login ID and every password on every application can be both costly and time consuming.
Login IDs and passwords stored in a traditional E-SSO system are typically encrypted using a key derived from the user's primary network password. When users forget their primary password, they lose this key and can no longer decrypt their application passwords. As a result, password problems may be less frequent with E-SSO, but resolving them is more complicated, time consuming and expensive.
In the event that the password database in a traditional E-SSO system is compromised, every user ID and every password would be exposed.
If the password database suffers an outage, every user would be locked out of every application.
Web single sign-on software (WebSSO) are less ambitious than enterprise SSO, but have none of its drawbacks. When users first access an Intranet page, they are diverted to an authentication page. Thereafter, whenever they access another page, their browser sends an encrypted authentication cookie to the web server, which validates it and does not prompt for a second login screen.
With agent-based WebSSO, there is no client software, no credential database and no costly password reset processes.
Password Manager can synchronize passwords across both legacy systems (network operating systems, applications, mainframes, etc.) and WebSSO systems, which typically authenticate users with an LDAP directory and password.
There is a detailed ROI model for Hitachi ID identity management and access governance solutions at:
ROI from Password Manager is principally due to improved user productivity (fewer password problems) and reduced workload for the help desk.
Password management is key element in an organization's identity management and access governance infrastructure. Other components may include automated onboarding/deactivation, an access request portal, authorization workflow, access certification, directories, meta directories, web single sign-on (WSSO) and web access management (WAM) products.
Password Manager may be compared to other identity management and access governance products as follows:
Some password management products focus mainly on password reset.
The advantage of Password Manager over such products is a fundamentally different strategy. With Password Manager, customers first seek to eliminate problems, through password synchronization. Self-service is used to divert remaining problems, rather than as a primary tool for call volume management.
This approach generates a better ROI, through higher user adoption rates and better user service. Typically synchronization, self-service and assisted password resets together reduce help desk password problem load by 95%, as compared to about 60% for just self-service password reset.
Password Manager is often less costly to purchase and deploy than products that offer just self-service password reset.
A number of products are designed only to enable users who forgot their primary AD password to answer a few security questions and reset this password. This may be offered via a web browser only, or from the PC login screen, or via a phone call.
There are many problems with this approach:
AD-only password reset programs generally fail all of the above tests and provide only very limited value.
Products designed primarily to manage identities and entitlements often have a limited password reset capability, but this usually fails in all the important edge cases: managed user enrollment, access from the PC login screen, access from off-site, from pre-boot, etc. The result is poor user adoption and low ROI.
|Any LDAP, AD, eDirectory, NIS/NIS+.||Windows 2000--2012, Samba, SharePoint.||Oracle, Sybase, SQL Server, DB2/UDB, ODBC, Informix, Progress.|
|Linux, Solaris, AIX, HPUX, 24 more variants.||z/OS with RAC/F, ACF/2 or TopSecret.||iSeries (OS400), OpenVMS.|
|ERP:||Collaboration:||Tokens, Smart Cards:|
|JDE, Oracle eBiz, PeopleSoft, SAP R/3, SAP ECC 6, Siebel, Business Objects.||Lotus Notes, Exchange, BlackBerry ES.||RSA SecurID, SafeWord, RADIUS, ActivIdentity, Schlumberger.|
|WebSSO:||Help Desk:||HDD Encryption:|
|CA SiteMinder, IBM TAM, Oracle AM, RSA Access Manager.||ServiceNow, Remedy, BMC SDE, HP Service Manager, CA Unicenter,Assyst, HEAT, Altiris, Clarify, Track-It!, RSA Envision, MS SCS Manager.||McAfee, CheckPoint (PointSec), Microsoft (BitLocker), Symantec (PGP),Sophos SafeGuard (Sophos).|
|Salesforce.com, WebEx, Google Apps, MS Office 365, Concur, AWS, vCloud, SOAP (generic).||OLAP, Hyperion, iLearn, Caché, Success Factors, VMware vSphere.Cisco IOS, Juniper JUNOS, F5, iLO cards, DRAC cards, RSA cards, etc.||SSH, Telnet, TN3270, HTTP(S), SQL, LDAP, command-line.|
Password Manager pricing is based on the number of users (people, not login accounts). This includes all features, all connectors, all client software components and the right to run as many servers and CPUs as desired. A one-time purchase grants customers the perpetual right to use Password Manager.
Password Manager pricing is calculated using a smooth curve -- as the number of users increases, the price per user steadily decreases. This means that customers do not have to base their purchase volumes on price bands or tiers. Instead, customers purchase for the number of users actually required, knowing they will get the best price for that volume.
Customers are encouraged to, over time, extend their deployment of Password Manager to manage new target systems and to activate new features, at no additional charge.
Customers may run as many Password Manager servers as required, to provide high availability, redundancy and a test/QA environment, at no additional charge.
A basic Password Manager deployment typically requires from 10 to 40 days of work to design and implement.
At the larger end of the above spectrum are more complex implementations that include integrations with full disk encryption software, telephony infrastructure, VPNs (for self-service by off-site users), access from mobile phones and many password systems.
Once the software is active, user enrollment is often required. User enrollment is an ongoing process, as new staff are hired. In most cases, all users can be invited to enroll and most can be expected to complete registration, within 2-3 months of initial deployment.
Password Manager does not require active ongoing administration of user profiles and system functionality. Users are automatically detected on target systems, enrolled and invited to enroll if additional information is required.
A Password Manager administrator is required to monitor the servers, promote consistent password management to application owners, answer questions from the user community and perform periodic software upgrades.
These responsibilities typically amount to approximately 0.25 FTE.