1 Introduction
Digital identity is a primary vector of attack in nearly all the headline-grabbing data breaches of the last few years. Bad actors, such as fraudsters, state agents, and even malicious insiders or contractors, start by getting access to user accounts, then searching for administrative or service accounts to take over in order to exploit the elevated privileges that they possess. Whether the attackers’ goal is stealing credit card information, health records, or intellectual property, their Techniques, Tactics, and Procedures (TTPs) almost always include compromising passwords and using privileged accounts.
Passwords are still an all-too-common authentication method for getting access to user, group, shared, administrative, and service accounts even today. Managing passwords securely has never been more important.
Regulatory compliance is another factor driving adoption of privilege management solutions. For example, in Germany, the “IT-Sicherheitsgesetz” (IT Security Law) requires critical infrastructure operators to adopt a stronger security posture and report security incidents to the government. In the US, federal laws such as Sarbanes-Oxley mandate separation of duties.
Traditional IAM systems are designed to provision, authenticate, authorize, and store information about users. User accounts are defined; users are assigned to groups; users receive role or attribute information from an authoritative source. IAM systems are generally composed of user identities stored in directories, credentials, authenticators, authentication and authorization services for Single Sign-On (SSO) and Web Access Management (WAM), identity federation for cross-domain support, and identity lifecycle and access governance functions.
IAM systems are generally deployed in an inward-facing way to serve a single enterprise. Over the last decade, many enterprises have found it necessary to also store information about business partners, suppliers, and customers in their own enterprise IAM systems, as collaborative development and e-commerce needs have dictated. Many organizations have built extensive identify federations to allow users from other domains to get authenticated and authorized to external resources. Traditional IAM scales in well-defined environments of hundreds of thousands of users.
Hitachi ID Systems was founded as M-Tech in 1992 in Calgary, Canada. Their first password management product – P-Synch – was released in 1995. In 2008, the company was purchased by Hitachi and became known as Hitachi ID Systems. Hitachi ID focuses on identity, credential, entitlement management and access governance. With over 1,200 customers worldwide serving more than 14 million users, Hitachi ID is an established and respected solution developer in the Identity and Access Management (IAM) space.
The Hitachi ID Identity and Access Management Suite can be deployed locally on Windows infrastructure or hosted in the cloud on Amazon AWS.