1 Service Desk Express and Hitachi ID Password Manager (P-Synch) MANAGE profiles and rights Managing The User Lifecycle HIRE employees contractors User Lifecycle SUPPORT access problems With The Hitachi ID Management Suite TERMINATE access rights Increasing the value proposition for help desk organizations. Colin Duffy, Account Manager Pierre Plante, NA Sales Manager Scott Delaney, Manager Professional Services 2009-07-22 2 Hitachi ID / BMC Partnership 2009 Hitachi ID Systems, Inc. All rights reserved. 1
2.1 Hitachi ID Corporate Overview Hitachi ID is a leading provider of identity management solutions. Founded in 1992, acquired by Hitachi, Ltd. in 2008. 780+ customers with a combined 9.8M+ licensed users. Offices in North America and partners overseas. Approximately 140 employees. Award: SC Magazine Best Buy for the Hitachi IDMS. 2.2 Hitachi ID Value Proposition 2009 Hitachi ID Systems, Inc. All rights reserved. 2
2.3 Hitachi ID Advantages 2.4 Representative Hitachi ID Customers 3 Value Proposition 2009 Hitachi ID Systems, Inc. All rights reserved. 3
3.1 Help Desk Stats: Passwords Problem Gartner estimates that 30% of typical IT support call volume is password resets. (G00158133 2008-06-02). Typical direct costs are $3 to $18/incident, plus lost user productivity. Solution Password Manager eliminates most of this cost: Synchronization: Eliminates 60% to 90% of incidents. Self service: Resolve 60% of help desk calls. Assisted reset: Reduce call duration to about 1 minute/call. 3.2 Problem: Too Many Passwords Every login account has its own: Password value. User interface. Strength rules. Expiration date. Password complexity creates business problems: High call volume : Users forget or lock out their passwords. This can be 30% of help desk workload. Sticky notes : Users write down their passwords and may leave them in public view. Bad passwords : Users choose simple, easily guessed passwords. 3.3 Password Management: Functional Overview START Problem: Users have too many passwords. Solution: Problem: Solution: Synchronize them. Users still have to type their password into every app. Auto-populate the synchronized password. Problem: Solution: Problem: Solution: Users still forget their passwords. Self-service password reset. Users are locked out of Windows. GINA Service, Secure Kiosk Account, Telephony access. Problem: Solution: Problem: Solution: Users don t want to change passwords. Password expiry, early warnings. Need to authenticate users with out a password. Tokens, voice prints, personal Q&A data. Problem: Solution: Problem: Solution: Users prefer to reuse simple passwords. Global password policy, history. Q&A has the right price point - but we don t have any data. Manage a Q&A enrollment program. 2009 Hitachi ID Systems, Inc. All rights reserved. 4
3.4 Password Manager Benefits Feature Impact Benefit Password synchronization Self-serve password reset Assisted password reset Policy enforcement Password expiration 3.5 The 50/50/50 Rule Solve the problem at its source: Fewer passwords to remember. Divert problem resolution: Self-service fix for login problems. Shorten time to resolve issues: Help desk interface to help users over the phone. Users must choose strong passwords. All passwords change regularly. A simple rule that illustrates cost savings from each Password Manager feature: Cost, Service: Fewer help desk calls. Improved user service. Cost: Fewer help desk calls. Cost: Shorten help desk calls. Security: Prevent password guessing attacks. Security: Short time window for intruders. Feature Impact Password synch: Eliminates 50% of problems. 50% Self-service reset: Reduces call volume by 50%. 75% Assisted reset: Shortens call duration by 50%. Net help desk workload reduction 87.5% Scenario Impact Conservative estimate: 50/50/50 87.5% Optimized deployment: 80/60/60 96% SSPR only, no synch.: 0/60/60 80% Net workload reduction 4 Technology Details 2009 Hitachi ID Systems, Inc. All rights reserved. 5
4.1 Supported Target Systems Password Manager ships with many built-in connectors, including: Directories: LDAP (any), NT domain, AD, NDS, edirectory, NIS(+). Unix: Compaq, DG, FreeBSD, HP, IBM, Linux, NCR, SCO, SGI, Sun, Unisys. Applications: JD Edwards, Oracle Applications, PeopleSoft, SAP R/3, Siebel, Business Objects. Individual servers: WinNT, Win2K, Win2K3, OS/2, Samba, NetWare. Mainframes: VM/ESA, MVS, OS/390, z/os, BS2000. Collaboration: Lotus Notes, MS Exchange, GroupWise, BlackBerry, OpenMail. Databases: Oracle, Sybase, SQL Server, DB2/UDB, Informix, Cache, Essbase, ODBC. Midrange: OS/400, OpenVMS. Networking: RSA SecurID, SafeWord, RADIUS. 4.2 Access from Login Prompt Problem Users who forget their network password cannot launch a Web browser to access the self service password reset application. Solution Secure Kiosk Account (SKA): access to SSPR without client software ("guest" account). GINA service: access to SSPR from UI extension no GINA DLL. Hitachi ID Phone Password Manager (ID-Telephony): turn-key telephone access to SSPR. Temporary VPN: access to SSPR from outside the corporate network. 2009 Hitachi ID Systems, Inc. All rights reserved. 6
4.3 Integration with SDE Password Manager ships with a pre-built integrations to SDE: Automatically create, update and close SDE incidents, in response to events that happen on the Password Manager server. Flexible scripting language specifies when to write incidents and how to populate them. Automatically updated incidents support a single point for reporting on key metrics such as: Successful/failed password resets. Authentication problems, lockouts. Self-service vs. assisted service. SDE can be extended with a button that launches a UI into Password Manager and pre-populates: The identity of the help desk analyst. The identity of the caller. The incident number. Password Manager can manage users and their passwords on SDE. 5 Market Differentiators 2009 Hitachi ID Systems, Inc. All rights reserved. 7
5.1 Why Hitachi ID? Password Manager is not the only password management product on the market. Here are some reasons to choose it over competitors: Lower Cost Lower Risk Foundation for IDM Embedded in SDE Competitive license fees. Deployment in 1 2 weeks. Maintenance: about 1/4 FTE. Hitachi ID offers fixed-price deployments. Experience with 780 deployments means we ve seen every weird problem before. Customers get their feet wet before diving into full IDM. Early ROI, early confidence. Shared connectors, user profile database. SSO and Password Management embedded in SDE. Simple upgrade for existing customers. Add-on solution for prospective customers. Bundled pricing with SDE. 2009 Hitachi ID Systems, Inc. All rights reserved. 8
5.2 Password Manager Cool Features Problem Feature Why it s cool Cached credentials ActiveX control to refresh cache Do not trigger intruder lockouts after a routine PW change. Locked out users GINA Service Access SSPR from Windows XP login screen without installing a (fragile, dangerous) GINA DLL. Locked out users Secure Kiosk Account Access SSPR from Windows XP login screen without installing any client software at all. Off-site, locked out users Users forget their password anyways There is no pre-existing Q&A data GINA Service + Temporary VPN Scheduled password expiry Managed enrollment 5.3 Password Manager "Hard" Target Systems Access SSPR from login screen over a temporary VPN addresses low frequency/high cost incidents. Avoid PW changes on Fridays, afternoons. Personalized invitations. Limited daily volume, frequency per user. Problem Feature Why it s cool PIN resets Notes, PKI passwords HDD key recovery 5.4 Other Offerings Reset PINs on smart cards, tokens Reset passwords used to encrypt cryptographic certificates Recovery forgotten HDD encryption keys Much more complex technology than passwords. How do you reset a password that was used to encrypt 3 copies of a cryptographic certificate, stored on 2 PCs and a USB flash drive? Users who cannot decrypt their HDD cannot work. BMC is currently sourcing Password Manager and Hitachi ID Login Manager (P-Synch/SSO) from Hitachi ID. Password Manager: synchronize, reset passwords. Login Manager: automatically sign users into their apps. Other products that IT support or data center managers may be interested in: Hitachi ID Privileged Password Manager (ID-Archive): secure administrator passwords. Hitachi ID Group Manager (ID-Access): self-service management of AD groups. 2009 Hitachi ID Systems, Inc. All rights reserved. 9
6 Animated Demo 6.1 SSPR Integrated with BMC SDE Animation:../pics/camtasia/bmc-psynch-demo-sde/psynch-ad-sspr-sde-ticket.cam 7 Discussion 500, 1401-1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@hitachi-id.com www.hitachi-id.com File: PRCS:pres Date: July 14, 2009