1 Introduction
Digital identity was a primary attack vector in nearly all the headline-grabbing data breaches of the last few years. Bad actors, such as fraudsters, state agents, and even malicious insiders or contractors, start by getting access to user accounts, then searching for administrative or service accounts to take over in order to exploit the elevated privileges that they possess. Whether the attackers’ goal is stealing credit card information, health records, or intellectual property, their Techniques, Tactics, and Procedures (TTPs) almost always include compromising passwords and using privileged accounts.
Passwords remain an all-too-common authentication method for getting access to a user, group, shared, administrative, and service accounts even today. Managing passwords securely has never been more important.
Regulatory compliance is another factor driving the adoption of privileged access management solutions. For example, in Germany, the “IT-Sicherheitsgesetz” (IT Security Law) requires critical infrastructure operators to adopt a stronger security posture and report security incidents to the government. In the US, federal laws such as Sarbanes-Oxley mandate segregation of duties (SoD).
Traditional IAM systems are designed to provision, authenticate, authorize, and store information about users. User accounts are also defined; users are assigned to groups; users receive role or attribute information from an authoritative source. IAM systems are generally composed of user identities stored in directories, credentials, authenticators, authentication, and authorization services for Single Sign-On (SSO) and Web Access Management (WAM), identity federation for cross-domain support, and identity lifecycle and access governance functions.
IAM systems are generally deployed in an inward-facing way to serve a single enterprise. Over the last decade, many enterprises have found it necessary also to store information about business partners, suppliers, and customers in their own enterprise IAM systems, as collaborative development and e-commerce needs have dictated. Many organizations have built extensive identity federations to allow users from other domains to get authenticated and authorized to external resources. Traditional IAM scales in well-defined environments containing up to hundreds of thousands of users.
The growing need for APIs is driven by the need to meet emerging IT requirements such as hybrid environments that span across on-premises, the cloud, even multi-cloud environments, which support the different functional requirements of B2E, B2B, and B2C, as well as the ability to select these capabilities a la carte as needed. By exposing key IAM functionality via APIs, workflow and orchestration capabilities can span across multiple environments as well as providing DevOps support through automation.
Hitachi ID Systems was founded as M-Tech in 1992 in Calgary, Canada. Their first password management product – P-Synch – was released in 1995. In 2008, the company was purchased by Hitachi and became known as Hitachi ID Systems. Hitachi ID focuses on identity, credential, entitlement management, as well as access governance. Hitachi ID Systems has offices in North America, Europe, and the APAC region with partners globally. With over 1, 300 licensed customers worldwide serving more than 14.5 million users, Hitachi ID is an established and respected solution developer in the Identity and Access Management (IAM) space.