IAM Solutions

The larger your organisation, the harder it becomes to control Access & Identity Management. It’s so important to get these areas right to meet regulatory and audit requirements, to enable users and provide a good experience, as well as reducing the burden and cost of administration.

Winterhawk is a global reseller and implementor of the Hitachi ID solutions, covering IAM, privileged access management and password management, which can be deployed individually or together, on-premise or in the cloud.

Hitachi ID Identity Manager to manage accounts, attributes and entitlements using automation, requests/approvals, access certification and policy enforcement.

Hitachi ID Password Manager to enable users to manage their own credentials — passwords, tokens, smart cards, certificates, security questions and biometrics.

Hitachi ID Privileged Access Manager to control access to privileged accounts and security groups, through password randomisation/vaulting, access requests and session monitoring.

The growing list of clients leveraging Hitachi ID

“The product reduces deployment risk and total cost of ownership by providing out-of-the-box reference builds that support typical identity lifecycle patterns. Hitachi ID provides all options and all connectors in one product, thus avoiding the multi-module purchasing dilemma (buy now or later) that customers face with some other vendors.” – Gartner

 

For a walk-through of the solutions, demonstrations and pricing information, get in touch.

Arrange a 1:1 solution demo

Identity Manager

Identity Manager is an integrated solution for managing identities, groups and security entitlements across systems and applications. It ensures that users are granted access quickly, that entitlements are appropriate to business need and that access is revoked once no longer needed.

Identity Manager implements the following business processes to drive changes to identities, groups and entitlements on systems and applications:
• Automation: grant or revoke access based on changes in trusted data (typically HR).
• Requests: users request changes to identity data or access rights – for themselves or for peers.
• Certification: stakeholders review the status and access rights of other users, to identify access which is no longer business-appropriate.
• Workflow: users are invited to approve requests, implement approved changes or perform access reviews.
• Analytics: examine trends, access rights, data consistency and policy compliance to identify and remediate problems.

 

Business Challenge

Users have too many login IDs. A typical user in a large organisation may sign into 10 to 20 internal systems. This complexity creates real business problems:
• Redundant and expensive onboarding processes.
• Slow and unreliable access deactivation.
• Users with inappropriate security entitlements, who may be able to intentionally or accidentally harm the organisation.

These problems lead to high IT support costs, poor user service and security vulnerabilities, in some cases violating regulatory requirements.

Features

Identity Manager manages the lifecycles of identities, accounts, groups and entitlements. It includes:

• Automation to grant and revoke access, after detecting changes on systems of record.
• A web portal for access requests, profile updates and certification.
• Full lifecycle management for groups and roles on target systems.
• A workflow manager to invite people to approve requests, review access or complete tasks.
• Policy enforcement related to SoD, RBAC, risk scores, privacy protection and more.
• Reports, dashboards and analytics.

Identity Manager includes connectors to manage accounts, groups and entitlements on over 130 kinds of systems and applications, on-premises and in the cloud.

Password Manager

Password Manager is an integrated solution for managing credentials across systems and applications. It simplifies the management of passwords, tokens, smart cards, security questions and biometrics. Password Manager lowers IT support cost and improves the security of login processes.

Password Manager includes password synchronisation, self-service password and PIN reset, strong authentication, federated access, enrolment of security questions and biometrics and self-service unlock of encrypted drives.

 

Business Challenge

Users have too many passwords used to sign into different systems and applications. Users respond to this complexity by:
• Avoiding password changes,
• choosing simple passwords,
• writing down their passwords or
• forgetting passwords.

This creates real business problems:
• Inconvenience for users,
• security compromises and
• high help desk call volumes.

SAP Security Consulting

Users may also have smart cards or tokens that users unlock with a PIN (which they will occasionally forget). They may also use security questions in some contexts or a password to unlock an encrypted drive on their PC. Some users use biometrics, such as finger prints, voice prints or face recognition to sign into systems or applications. Users may experience login problems with any of these credentials.

Increasingly, users sign into cloud-hosted SaaS applications, where single-factor (password-only) authentication is simply not strong enough to protect critical systems that are accessible to attackers via a public URL.

Features

Password Manager, a component of the Hitachi ID Identity and Access Management Suite, is a system that helps users to better manage their own credentials. It includes:
• Strong authentication (MFA) and federated access (Security Assertions Markup Language (SAML) 2.0 identity provider (IdP).
• Self-service password and PIN reset.
• Self-service unlock of encrypted drives.
• Password synchronisation.
• Managed enrolment of security questions, mobile phone numbers, personal e-mail addresses and biometrics.

Password Manager includes connectors to manage PINs, passwords and encryption keys on over 130 kinds of systems and applications.

These capabilities are available via a full-screen or mobile web browser, from an off-site laptop or smart phone, from the login screen of a corporate PC or via a phone call.

SAP Security Implementation Partner

 

Privileged Access Manager

Privileged Access Manager secures access to elevated privileges. It eliminates shared and static passwords to privileged accounts, enforcing strong authentication and reliable authorisation prior to granting access. User access is logged, creating strong accountability. Privileged Access Manager secures access at scale, supporting over a million password changes daily and access by thousands of authorised users. It is designed for reliability, to ensure continuous access to shared accounts and security groups, even in the event of a site-wide disaster.

Privileged Access Manager grants access to authorised users, applications and services. It can integrate with every client, server, hypervisor, guest OS, database and application, on-premises or in the cloud.

 

Business Challenge

As an organisation’s IT assets grows, it can become increasingly difficult to securely manage them:
• There may be thousands of privileged accounts.
• High privilege accounts need to be secured on a wide variety of platforms.
• It is difficult to coordinate password changes and access to shared accounts.
• Former IT staff can retain sensitive access after leaving an organisation.
• It can be difficult to trace changes back to individuals who made them.

Features

Privileged Access Manager secures privileged access across the enterprise:

• Discovers and classifies privileged accounts and security groups.
• Randomises passwords and stores them in an encrypted, replicated vault.
• Requires strong authentication before granting access.
• Enforces pre-authorised and one-time access policy, to grant temporary access to privileged accounts and security groups.
• Launches login sessions automatically, through browser extensions and temporary SSH trust.
• Eliminates static embedded and service account passwords.
• Logs access requests and sessions, including video capture and key-logging.

Get in touch

A free trial is available – contact Winterhawk for a custom demo with our IAM solution experts.