This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1 Hitachi ID Password Manager (B2C)
Managing The User Lifecycle
With The Hitachi IDManagement Suite
Password synchronization and self-service reset.
2 Agenda
• Hitachi ID corporate overview.• Hitachi IDMS overview.• Extranet password problems.• The Hitachi ID Password Manager solution.• Project TCO and ROI.• Buy vs Build.
Customers log into web applications and ISPs/BSPs with an ID and password, but sometimesforget their password. When this happens:
• The customer has trouble logging in.• A call to the user support line follows.• Both the user and support organization spend time resolving the problem.
This support process is costly, especially for large numbers of users. The process also frustrates users,impacting customer retention.
National and EU regulations mandate strong measures to protect user privacy, including on B2Capplications.
• In most B2C applications, confidential customer data is protected by one password per user.• Passwords may be: easily guessed, written down or shared .• Users who forget their password must prove their identity to the customer support organization
before being allowed a password reset, but this process may be weak and vulnerable to attack.
8 Hitachi ID Password Manager Reduces Password Cost of Owner-ship
Password Manager reduces the TCO of customer password systems:
• Users can reset their own forgotten passwords, using a web browser or an automated telephonecall.
• Support staff use a simple, secure and accountable web interface to quickly resolve customerpassword problems.
• The solution is available: 24x365 from anywhere.
9 Password Manager Strengthens Security
Aging: Users can be prompted to change their password regularly.
Composition: New passwords must meet rules, designed to make them hard to guess.
Authentication: Users must reliably identify themselves before they can reset their forgottenpasswords.
• Synchronization:Reduce the number of passwords per user.
• Self service:Enable users to resolve lockout and forgotten-password problems without calling the help desk.
• Assisted reset:Shorten help desk password calls.
• Policy enforcement:Ensure consistently strong, frequently changing passwords.Close social-engineering weaknesses at the help desk.
• Other authentication factors:PIN resets for smart cards and one-time-password tokens.Enrollment for security questions and voice biometrics.Unlock encrypted hard disks with lost/forgotten keys.
11 Network Architecture
InternetUser
InternalUser
PasswordSynchTriggerSystems
Load Balancer
SMTP or Notes Mail
IVR Server
HelpdeskTicketingSystem Authoritative
System ofRecord
Target Systemswith local agent:OS/390, Unix, older RSA
Optimized to minimize effort: Using Hitachi ID Password Managertechnology:
• Password management with PasswordManager:
– Initial deployment:4 to 8 weeks of effort.
– Ongoing maintenance:0.25 to 0.5 FTE.
• Built-in nightly auto-discovery of IDs,entitlements.
• Both attribute-based and self-service IDmapping.
• Automatically managed user enrollment• No requirement for client software.• 113 connectors out of the box.• Rapid integration with custom, vertical
apps.• Easy customization of GUI, business
logic.
17 User Enrollment / Roll-out Process
• If no new data is needed from users, there will be no enrollment.• Hitachi ID Password Manager automatically identifies users who need to enroll. It limits the total
number of registration requests per day and the frequency of requests per user.• Users are notified by e-mail or a popup Web browser launched during their network login script and
asked to register.• Users enroll by filling in the blanks on a handful of sequential Web forms on the Password Manager
server.
18 Deployment Services
Turn-key deployments are recommended, to ensure a rapid return on investment:
• A typical B2C Hitachi ID Password Manager deployment takes just 2 weeks.• Deployments can be carried out remotely, using VPN and remote control software.• Deployments do not interrupt service.
Hitachi ID Password Manager deployment normally pays for itself in 2-3 months:
• Cost of the problem: $10 - $20 per user annually.• Password Manager deployment cost: - Hardware: $6,000
- Software license: less than $1/user- Professional services (turnkey): $18,000- Ongoing software support: less than 1/4 FTE- Software maintenance: 20% of license/year
20 Buy vs. Build
Purchasing Hitachi ID Password Manager is more cost effective than developing a home-grownsolution:
• Benefits can be realized immediately – ROI in less time than completing development.• No ongoing software maintenance work.• Password Manager is a high-quality, commercial-grade, robust and secure product. This degree of
quality control is costly to reproduce and maintain.
21 Summary
• Password management is a costly problem.• Hitachi ID Password Manager is a simple, targetted and secure solution to the password
management problems of support cost, customer satisfaction and privacy .• Deployment can be completed in 2-3 weeks, and return on investment can be realized in 2-3 months.
Find out more at Password-Manager.Hitachi-ID.com.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]