Hitachi ID Systems, Inc.

Hitachi

Resource Center
Hitachi ID Systems Web Feeds Follow Us on Twitter Follow us on LinkedIn
certification

Product Sites

White Papers

arrowRegulatory Compliance
  • Sarbanes-Oxley Act:
    The Sarbanes-Oxley act was enacted by the United States Congress in July 2002. It requires publicly traded companies to ensure that they are properly reporting financial information. One of the most critical sections is section 404, which requires internal control over the creation of financial reports, and mandates responsibility for access privileges. This section is crucial for IT organizations to understand and act on.
  • PCI-DSS:
    The Payment Card Industry Data Security Standard (PCI-DSS) is a brief, pragmatic and very reasonable set of standards intended to guide financial institutions, retailers and other data processors in protecting data about credit cards and their owners.
  • FDA 21 CFR Part 11:
    Pharmaceutical and other biotech companies are subject to regulation by the food and drug administration (FDA). One of the FDA regulations, regarding electronic signatures and the integrity of electronic systems, is FDA 21 CFR 11.
  • HIPAA:
    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines what is required of healthcare organizations to ensure the portability of healthcare coverage and the privacy of patient records.

arrowAuthentication Best Practices: Passwords and SSO
  • From Password Reset to Authentication Management:
    The evolution of password management -- from simple password reset to enterprise-scale management of all authentication factors.
  • Enterprise Password Management Best Practices:
    Best practices for enterprise password management. Classifies security threats and discusses practical strategies to counter password guessers, packet sniffers, sticky notes and more.
  • Secure Management of Privileged Passwords:
    Identifies technical challenges and offers solutions for effectively managing large numbers of sensitive passwords.
  • Password Policy Guidelines:
    Guidelines for secure password management, including policy on composition, transmission and expiration of passwords.
  • Choosing Good Passwords:
    A plain-language guide, suitable for sharing with end users, to security threats posed by password cracking software and how to apply good password rules to prevent security compromises.
  • Challenge/Response Authentication:
    Constructing secure, usable policies for authenticating users who forgot their password by asking them to answer a series of security questions.
  • Integrating Password Management with Single Sign-On:
    Learn about where password synchronization, password reset and single sign-on interact and how/why they should be integrated.
  • Password Management for Mobile Users:
    Managing passwords for mobile users is more challenging than managing passwords to network-attached users. Challenges include managing local passwords on thousands of workstations, coping with cached credentials and supporting mobile users who forgot their initial workstation sign-on password.
  • Password Management for ISP Subscribers:
    As ISPs scale to hundreds of thousands and millions of end customers, the cost to support repetitive problems such as password resets rises to significant levels, reaching millions of dollars annually. This document describes password management specifically for ISPs.
  • Password Management Project Roadmap:
    A roadmap for password management projects, starting with a needs analysis, through requirements and product selection, and including deployment and ongoing management of the system.
  • Data Replication in Privileged Password Management Systems.:
    Privileged passwords must be protected more vigorously than any other data in an organization. This document describes why and how.

arrowIdentity Management Best Practices
  • Best Practices for Identity Management Projects:
    Presents best practices for deploying and operating an identity management infrastructure. Builds on Hitachi ID Systems' years of experience in deploying password management and user provisioning into some of the largest and most complex organizations in the world.
  • Identity Management Project Roadmap:
    A guide to the entire life of a successful identity management project, including: a needs analysis, who to involve in the project, how to select the best product, technical design decisions, how to effectively roll out the system and how to monitor and assure sound ROI.
  • User Provisioning Best Practices:
    Describes and justifies user provisioning best practices in an enterprise network. It is intended to offer reasoned guidance to information technology decision makers when they set security policy and design processes to manage user identity data, such as accounts and directory objects, across multiple enterprise systems.
  • Reasons to Deploy Password Management before User Provisioning:
    Why deploying a relatively simple set of functionality -- password synchronization and self-service password reset -- can aid the subsequent deployment of more complex capabilities such as user provisioning or access certification.
  • Extranet Identity and Access Management:
    An overview of the identity management requirements that arise in an Extranet portal, where a corporation provides services to a large number of external users -- typically consumers and in some cases partners.
  • User Provisioning Best Practices:
    Describes and justifies current user provisioning best practices in an enterprise network. It is intended to offer reasoned guidance to information technology decision makers when they set security policy and design processes to manage user identity data, such as accounts and directory objects, across multiple enterprise systems.
  • Addressing Identity Management Deployment Challenges:
    This Hitachi ID Systems white paper describes the major challenges in deploying an enterprise identity management (IdM) system, including data cleansing, role engineering and workflow definition and maintenance. The information presented here is derived from hundreds of deployments performed over many years.
  • Beyond Roles:
    A Practical Approach to Enterprise User Provisioning, which does not depend on the completion of a role engineering project to move to production.
  • Addressing Deployment Challenges:
    Addressing deployment challenges in enterprise identity management systems -- getting to production sooner, at lower cost and with lower risk.

arrowIdentity Management Basics
  • Identity Management Defined:
    Introduction to the topic -- what are identities, why managing them can be a challenge worth addressing, etc.
  • Identity Management Terminology:
    Define a range of identity-related terminology that seems to have different meanings depending on whom you talk to.
  • Defining Enterprise Identity Management:
    Identity management is a much used term that refers to a set of technologies intended to manage a basic problem: information about the identity of employees, contractors, customers, partners, customers and vendors is distributed among too many systems, and is consequently difficult to manage. This document defines the components of enterprise identity management technologies. It describes the underlying business problem of managing user identity information on a variety of systems. It then defines identity management in the context of this problem, and describes technologies used to manage user identities effectively in the enterprise.
  • Overview of Role Based Access Control:
    Introduces role based access control (RBAC), as applied to large numbers of users and multiple IT systems.

arrowBuilding a Business Case for an IAM Project

arrowEvaluating Alternate Products and Technologies
  • Selecting a User Provisioning Product:
    Considerations for selecting a user provisioning product which will help an organization successfully replace manual security administration with automation and self-service.
  • Selecting a Password Management Product:
    Advice to prospective buyers of a password management system as to what features, services and vendor characteristics to look for, in order to maximize the chances for a successful project outcome.
  • Password Reset for Locked Out Users:
    An objective comparison of alternate strategies to addressing the problem of helping users that forgot their initial network login password.
  • Password Manager Competitive Advantages:
    There are many password management products on the market. Password Manager is the market leader because of superior technology, lower TCO and higher ROI.
  • Enterprise IdM: Suite vs. Best of Breed:
    Considerations when selecting IAM products: are suite vendors, which can address every conceivable need but some of whose products may be less than ideal and/or not well integrated preferable to a handful of best-of-breed products, which cannot address every need but which optimally fill specific needs.
  • Problems with Traditional E-SSO:
    Lays out what works and, more importantly, what doesn't work well with traditional approaches to enterprise single signon. It goes on to describe an alternate approach to reducing the frequency of sign-on prompts presented to users, that does not have any of the problems described here.

arrowHitachi ID Systems Product Literature
  • Enterprise Scale User Provisioning with Hitachi ID Identity Manager:
    The challenges faced by organizations wishing to manage identities and entitlements across a variety of systems and applications, and how automation and self service can be used to improve security, reduce IT support cost and improve user service.
  • Enterprise-Scale Password Managmement with Password Manager:
    Addressing challenges such as forgotten or locked out passwords and users who write down their passwords using password synchronization, self-service password reset and assisted password reset.
  • Securing Sensitive Passwords with Hitachi ID Privileged Password Manager:
    Hitachi ID Privileged Password Manager enables organizations to secure privileged passwords. It periodically randomizes them. Users must sign into it when they need to access a sensitive account. The password change and disclosure process creates strong, personal authentication authorization over which passwords are visible to whom and audit of access attempts (AAA).
  • Password Manager Deployment Best Practices:
    Outlines best practices for designing, installing and rolling out Password Manager to an enterprise-scale user population.
  • Integrating the Management Suite with WebSSO Systems:
    Discusses how the Management Suite can be deployed in conjunction with WebSSO products, how the technologies interact, and how they complement one another.
  • Password Manager Security Analysis:
    Password Manager impacts authentication processes and standards. Describes this impact, and how to ensure that it is a positive change. Password Manager is also a sensitive part of an organizations I.T. infrastructure, and consequently must be defended by strong security measures. The technology used by Password Manager to protect against intrusions, as well as best practices to deploy that technology, are described here.
  • Using Password Manager to help with application migrations:
    Describes a number of ways in which Password Manager can be used to ease migrations from one system or directory to another.
  • Password Manager Telephony Integration:
    Outlines how Password Manager can be integrated with an interactive voice response (IVR) system, to enable self-service password reset from a telephone, self-service token management from a telephone and active enrollment of biometric voice print samples.
  • Locking Down a Identity Manager Server:
    It is important to protect both the Identity Manager server and the data it stores. This document describes how.
  • Privileged Password Manager Features:
    Privileged Password Manager is a system for securing privileged passwords across many servers and workstations. It periodically randomizes them, stores the resulting values in a replicated database and - when appropriate - discloses passwords to administrators, applications and services..
  • Addressing Excess Privileges using Access Certifier:
    Describes how access certification can be used to address the problem of privilege accumulation in a manner consistent with regulations such as Sarbanes-Oxley, HIPAA, 21CFR11 and GLB.
  • Self-Service AD Group Management:
    Hitachi ID Group Manager is software from Hitachi ID Systems for managing membership in groups, where groups exist on Hitachi ID Group Manager target systems -- principally Active Directory. It allows users to initiate security change requests -- principally requests to join or exit network operating system security groups -- in a self-service manner, without the need for users to understand the underlying security infrastructure.
  • Successful Enterprise Single Signon: Addressing Deployment Challenges:
    Summarizes the problems users experience when managing too many passwords. It describes the various approaches available to organizations to reduce the password burden on users and to improve the security of their authentication systems.

arrowOptimizing IT Infrastructure