Identity Access Management

> SOLUTION > Identity Access Management

Summary
Solution

The Integrated Account Privilege Management Solution is an Identity Access Management (IAM) solution that integrates and manages accounts, privileges, logs, and authentication of internal information systems, and was developed by leveraging the expertise we obtained through years of solution development.

Characteristics

  • Enables efficient fault handling through Active-Standby or Active-Active duplexing.
  • Deploys an Integrated Account Privilege Management System through account privilege issuance for servers, mainframes, tandems, DB, networks, AD, integrated systems, etc.
  • Integrates the monitoring of session logs and access logs.
  • Provides an integrated UI to manage accounts, privileges, authentication systems, and session logs.
Expected Effects
Automation of account privilege management
  • Account provisioning based on a workflow
  • Time and cost reduction through the automated generation, modification, and deletion of accounts
  • Automatic detection and handling of ghost identities through account lifecycle management
  • Work load reduction of administrators by User Self-Service
Consistent account and privilege control process
  • Management process application for an enterprise account and privilege control policy
  • Automated access control application by privilege separation according to duties of an account
  • Audit trail enforcement through user session logging
  • Minimization of cryptographic communication and interworking between original vendor's products
Enforcement of access control and additional authentication
  • Software OTP authentication using smartphone or PC for an account log-in
  • Log-in control based on real users
  • Provisioning of a security-enforced access process system via access control, OTP, and audit trail interworking
Satisfies compliance requirements
  • Follows all domestic and international regulations, and satisfies internal/external audit requirements.
  • Establishes transparency of integrated access privilege management by providing information and reports that satisfy audit and law-abiding monitoring requirements.
Deployment Method
Integrated Management Portal

  • Integrates and manages accounts and privileges (separation of user and administrator screens).
  • Provides a Dashboard that enables the administrator to view OS, users, user in-out status, etc. at a glance.
  • Provides a report on output screens for each function in the administrator screen.
  • Provides User Self-Service.
  • Provides a customized user-centric web portal, which was developed by leveraging the expertise we obtained through years of account management projects.

Account Management Engine

  • Chosen as a world-leading product in various polls.
  • Provides new technologies such virtualization through multiple vendor certifications.
  • Established a consistent and automated account management process by providing an internally developed workflow.
  • Provides an extension scheme to DB accounts, system accounts, and application accounts.
  • Certified by international CC.

Server Security

  • Applies the same security level in various platforms.
  • Applies centralization for heterogeneous virtual OSs and a consistent security policy.
  • Provides a password management function for privileged accounts and shared accounts.
  • Provides a function to merge authentication information of server accounts to AD.
  • Provides a key logging function.

OTP Authentication

  • Provides a generator for PCs as well as smartphones.
  • Reduces inventory and management cost for H/W tokens and card readers.
  • Possible to store and authenticate multiple users in a single mobile device.
  • Provides OTP authentication interworking with various applications, as well as server OTP.

Access Control and Audit

  • Provides a precise audit trail by command storage and screen capture method during Windows auditing.
  • Provides server/account/group-basis control methods based on account management.
  • Provides a real-time alarm function when personal information is queried or read.
  • Provides a real-time session-based audit and playback function.

Integrated Account Privilege Management Appliance

  • Composes integrated management portal, account management engine, server security, OTP authentication, access control and audit solution as an appliance, improves management efficiency, and enforces autonomous security.

Reference Sites
Financial Sector

  • META, DB access control, tandem, mainframe, tibero, ACS, IT audit, standardized code, HR, Job automation interworking
  • Password configuration control through interworking of DB functions and profiles
  • SIEM solution interworking for correlation analysis of account privilege logs.
  • Account ownership designation and transfer
  • DB access control and AD interworking
  • Existing account ownership modification, multiple accounts per user, and service account group management

Manufacturing Sector

  • System and DB account management
  • Simultaneous issuance of a role and a profile for a DBMS account
  • Server security interworking

Public Sector

  • Interworking access control and privilege management systems
  • Construction of an OTP system, and interworking it with account management