IAM EXECUTIVE STATUS DASHBOARD

Transcription

IAM EXECUTIVE STATUS DASHBOARD
IAM EXECUTIVE STATUS DASHBOARD | April 2, 2015
PROGRAM NARRATIVE
KEY
NO SIGNIFICANT CONCERNS
SIGNIFICANT CONCERNS/RISKS;
NEEDS IMMEDIATE ATTENTION
RISKS IDENTIFIED; MITIGATION
FEASIBLE AND UNDER REVIEW
MAJOR RISKS TO DELIVERABLES/
MILESTONES; NO PLAN YET
EXECUTIVE ATTENTION NEEDED
Accomplishments this month include implementation of consolidated database schemas for IAM databases — reducing support and testing overhead
and enabling faster cloud migrations — as well as the deployment of a SailPoint IIQ release enabling Alumni provisioning. Program Increment 3 is
underway, and handoff of final deliverables from El El See (for cloud deployment tools) and Isobar (for user-facing design patterns) is expected this
month. First cloud migration of an IAM app in concert with Cloud & DevOps program (Phonebook) is underway.
No items requiring executive attention.
CRITICAL SUCCESS FACTORS
Executive Sponsorship
• Executive Committee to assist with
FAS- and Alumni-related rollout and
communications activities throughout the
summer
Transition Planning
Budget Planning
• First major release with transition manager
a success, with good coordination among
stakeholders, multiple CAB meetings, and colocation; post-deployment follow-up complete
• IAM DevOps matures via continued app migration
• Vendor (El El See) failed to deliver entirety of
CDP solution, but app migration is still moving
as planned; development automation is in
progress using internal team resources
Resource Planning
• FY16 budget has been approved by HUIT
finance team
Community & School Engagement
• Interviewing for QA contractor
• Positions will be posted shortly for two
AD engineers
• Position will be posted shortly for lead
software development manager (replacing
Greg Freiter)
• All stakeholders received invitation to PI-2
demo; many accepted
• Continued discussions with FAS leadership
about HarvardKey rollout and tie-in with
Security campaign
• Meetings with HMS and HLS to discuss
proposals for their rollouts
• Town Hall with small subset of PIN app
owners about reconfiguring for HarvardKey
PROGRAM PLAN SUMMARY, STATUS, AND MILESTONES
KEY
2014
TRACK
PROJECT STATUS
NEAR-TERM MILESTONES
Q1
Jan
Provisioning
Federation
Alumni feature development
expected to conclude in May, with
data migration and go-live schedule
determined by Alumni team’s
milestones. First round of HMS
analysis documentation is ready for
final approval.
June: Support provisioning and account
self-service for FAS users.
June: Support provisioning and account
self-service for Alumni users.
June: Finish HMS analysis Phase 2: AD
account lifecycle, IT resource provisioning.
IdP meets known regulatory and
customer needs; latest deployment
expands attribute release to better
support service providers/app owners.
No near-term milestones.
Q2
Feb
Mar
Apr
May
Jun
Jul
Aug
Q4
Sep
Oct
Nov
Readiness
No near-term milestones.
Dec
Jan
Q2
Feb
Mar
Apr
May
Jun
Jul
Foundation
Aug
Q4
Sep
Oct
Nov
Q1
Dec
Jan
Feb
Mar
Apr
Q3
May
FIM Replacement for O365
Jun
Jul
Aug
Q4
Sep
Oct
Nov
Q1
Dec
Jan
Feb
Q2
Mar
Apr
May
Jun
Sponsored Account Self-Service
Expand Provisioning Targets
Account Claiming Self-Service
Decommission Waveset
PIN/AD Credential Management
idP Functionality Expansion
External Partner
Enhanced idP Functionality for Privacy
InCommon Bronze Self-Certification Preparation (AD, PIN/CAS)
No near-term milestones.
NOT STARTED
2017
Q2
Expansion (Office 365)
Waveset
UNDER DEVELOPMENT
2016
Q3
Alumni
Federation for Hospitals
LDAP Updates (HU/Auth)
Directory
Services
Q1
• Continued meetings for cross-program
communications
• Support for SIS release in March; working
on stories to support June release
• Provided TLT with communication
templates
• Migrated Cloud & DevOps into Salesforce
(using for tracking)
RELEASE COMPLETED
2015
Q3
Cross-Program Collaboration
New Cloud LDAP (HU and AUTH LDAP)
LDAP Functional Enhancement
LDAP Attribute Expansion
Decommission FAS AD
UUID Enhancement
AD Migration (FAS/Central)
Identity APIs
App Owner
Support
One-Way Fed
Reference Implementation release
is underway.
July: Make integration easier for HUIT
app owners and improve app security by
providing standard libraries.
No near-term milestones.
No near-term milestones.
Identity Access
No near-term milestones.
Governance
July: Reduce user risk profile by truncating
SSN, ensuring it is no longer stored in
places where it is not absolutely needed.
Aug: Protect end-user privacy by aligning
with Barron Committee recommendations.
Application Registration
Customer Test Data
OWF Onboarding for HBS
Program-Level KPI Reporting
IAM Service Usage & Access Reporting
IAM External-Facing Website
Refine Privacy Protocols
Aug: Reduce end-user risk of identity and
account compromise by adding support
for multifactor authentication. Decommission PIN3
Authorization
Enhancements
Integration testing and API
enhancements underway for SIS
Wave 2.
July: Enable SIS to benefit from IAM data by
granting data access in production.
Aug: Make authorization admin tasks easier by
enabling creation of user groups.
SIS Wave 0
No near-term milestones.
No near-term milestones.
AD & FIM support hires approved.
Oct: Give end users not provisioned through
Waveset or IIQ access to the full O365 toolset.
IAM app migration is underway in
coordination with Cloud & DevOps
program. Public LDAP has been
retired in dev environment.
May: Migrate PIN, saving costs and keeping
it current with other IAM infrastructure.
Aug: Sunset legacy hardware to cut cost.
Sep: Boost stability/performance for people
admins and cut cost by migrating IIQ.
Sep: Cut cost and improve support,
performance and stability for IAM-owned
databases used by downstream apps.
Identity Analytics & Risk Assessment
Automated Alerting and Monitoring
Identity Proofing
Cloud Authentication
Adaptive Access
Bring Your Own Identity
Desktop & Mobile Native Apps
SIS Wave 2
Group Management
Coarse-Grained Authorization
Expand Groups
Connections Update
Connections UI Improvements
FIM Support
Stand Up Cloud-Based LDAP
Connections Migration
Business Intelligence Tool Set
CAS Bridge
Multifactor Authentication
Cloud Architectural Reference Model
Add Data to Warehouse
School-Level KPI Reporting
Metric Dashboard
SSN Truncation
Multifactor Authentication vendor
selected; formal agreement in
progress.
Cloud
Migration
Application Usage Statistics
IAM Reference Implementations
Authentication
Enhancements
External
Directories
Expanded
Provisioning
Federation Updates
Yellow Pages Improvements
Authenticable Credentials for Machines
Retire Legacy LDAP
IdDB Migration and Database Export/View Migration
Self-Service Migration
PIN/CAS Migration
SailPoint IIQ Migration
MIDAS Migration
Phonebook & Public LDAP Cloud Migration
IAM EXECUTIVE STATUS DASHBOARD | April 2, 2015
KEY
NO SIGNIFICANT CONCERNS
SIGNIFICANT CONCERNS/RISKS;
NEEDS IMMEDIATE ATTENTION
RISKS IDENTIFIED; MITIGATION
FEASIBLE AND UNDER REVIEW
MAJOR RISKS TO DELIVERABLES/
MILESTONES; NO PLAN YET
STRATEGY AND PLANNING: TOPICS & TREND LINES
PI-2 was extended by one sprint to allow more development time for incomplete features and minimize carryover, with no impact to customers or program plan. PI-3 now is underway, and
the development teams remain focused on features for Alumni and FAS, supporting IAM customers and HUIT programs and migrating IAM applications to the cloud. The goal is to finalize
all Alumni features in PI-3 in order to spend the bulk of PI-4 development time on features for FAS. The team received a final build kit and assets from Isobar for implementing user-facing
design patterns, and will conclude front-end development on HarvardKey account management features in PI-3. Planning for PI-4 began this week with definition of the increment’s business
objectives and a draft of the candidate features list. Technical analysis and decomposition of features into high-level stories will begin in Sprint 3 of PI-3, the week of April 6.
Schedule
Budget
Scope
Reporting
Staffing
Community Outreach
Release Management
FUNCTIONAL STATUS: TOPICS & TREND LINES
The HarvardKey team is currently modifying the application to reflect designs delivered by Isobar. Alumni data imports will begin soon. The provisioning team is working on deploying
SailPoint IdentityIQ to the cloud and, in parallel, refactoring how source data updates are processed to make more efficient use of the product and simplify our implementation. MIDAS
enhancements are being developed to allow for viewing of Alumni data and the creation of new types of sponsored affiliations. PI-4 business objectives and features for the next program
increment are being reviewed in preparation for design planning.
Policy Governance
Service Support
Documentation
Requirements Assessment
Service Definition
Quality Assurance
Service Transition
TECHNICAL STATUS: TOPICS & TREND LINES
The team has successfully completed the database rationalization production release, making it now possible to move the database and IIQ to the cloud for the provisioning expansion. PIN/
CAS, IdP, and AuthZProxy are all also on track to move to the cloud in the near future. The team has improved the design for importing data into IIQ, allowing for faster detection of changes,
larger volumes, and the introduction of group functionality. The team has also been working with an MFA vendor, and a proof of concept for this vendor’s solution is in progress with the aim of
enabling release later in the year.
Identity Management
Cloud Migration
Access Management
Infrastructure
Directory Services
Data
User Experience
COMMUNITY OUTREACH: HARVARD UNITS & TREND LINES
Faculty of Arts and Sciences
Alumni, SIS, SEAS, FAS, and HMS work progresses, with ongoing outreach efforts
to keep them informed. Working with HUIT programs around combined outreach to
FAS, including our IAM information in a single, coordinated message. Cloud team
tracking Wave 1 migrations via Salesforce and will start on reporting for them next.
Further work to create coordinate rollout activities plan across programs.
Graduate School of Design
Harvard School of Public Health
2000 2000
1700
1400
1100
800
500
1400
1100
800
1700
1400
1100
800
TLT
Harvard Kennedy School
1400 1400
Campus Services
4
4
Harvard School of Dental Medicine
Harvard Law School
1100
1100
FSS
3
3
Harvard Divinity School
Harvard Medical School
800
800
Human Resources
IAM Incidents as Percent of Total
1700
Alumni Affairs
500
Jan Feb
Apr
May
AugJulSep
Oct
Nov
Dec
JanDec
Feb
JanMar
Feb
Mar
AprJun
MayJulJun
Aug
Sep
Oct
Nov
JanMar
Feb Mar
14
15
14
15
2
2
1
1
0
Total Authentication Services Registrations
Total Identities in SailPoint IIQ
1800
1800
1800
650000650000
35000 35000
6
6
6
1700
1700
1700
640000640000
28000 28000
5
5
5
1600
1600
1600
4
4
4
630000630000
21000 21000
1500
1500
1500
620000620000
14000 14000
1400
1400
1400
1300
1300
1300
610000610000
7000 7000
3
3
2
2
1
1
1
Registered
Registered
Applications
Registered
Applications
Applications
IAM Percentage
IAM Percentage
IAM
ofPercentage
Totalof Totalof Total
We expect a reduction in IAM incidents over time as a
percentage of total ServiceNow
incidents,
with
modest
(55386 originally
(55386
originally
populated)
(55386 originally
populated)
populated)
35000 35000 35000
temporary increases for Spring and Fall Starts.
28000 28000 28000
Number of registrations is expected to fluctuate over
time — but grow overall — based upon new applications
added
and
removal
of unused applications.
10
10
10
9
9
9
8
8
8
600000
600000
July
14
Aug
July
14
Sept
Aug
Oct
Sept
Nov
Oct
Dec
Nov
Jan
Dec
15
Feb
Jan
15
Mar
Feb
Number
of Identities
Number
of Identities
The number of identities illustrated will increase
over time as overall migration from Waveset to
SailPoint IIQ progresses.
Mar
0
1700
1600 1600
1500
Unified Communications
Other HUIT Departments
Monthly Provisioning Transactions
7
2
1700
IAM Percentage
of Totalof Total
IAM Percentage
7
3
1800 1800
Registrars
0
Jan Feb
Apr
May
AugJulSep
Oct
Nov
Dec
JanDec
Feb
JanMar
Feb
Mar
AprJun
MayJulJun
Aug
Sep
Oct
Nov
JanMar
Feb Mar
14
15
14
15
7
Account
Account
Management
Account
Management
Management
Help Desk
HelpRequests
Desk
HelpRequests
Desk Requests
640000640000640000
SIS
Division of Continuing Education
500
500
0
0
0
1200 1200 1200
Jan FebJan
MarFeb
Apr
Jan
Mar
May
Feb
Apr
Jun
Mar
May
Jul
Apr
Jun
Aug
May
Jul
Sep
Jun
Aug
Oct
JulSep
Nov
Aug
Oct
Dec
Sep
Nov
Jan
Oct
Dec
Feb
Nov
Jan
Mar
Dec
Feb
Jan
Mar
Feb Mar
Jan FebJan
MarFeb
Apr
Jan
Mar
May
Feb
Apr
Jun
Mar
May
Jul
Apr
Jun
Aug
May
Jul
Sep
Jun
Aug
Oct
JulSep
Nov
Aug
Oct
Dec
Sep
Nov
Jan
Oct
Dec
Feb
Nov
Jan
Mar
Dec
Feb
Jan
Mar
Feb Mar
Feb Mar
FebApr
Mar
Feb
May
Apr
Mar
Jun
May
Apr
JulJun
May
AugJulJun
Sep
AugJul
Oct
Sep
Aug
Nov
Oct
Sep
Dec
Nov
Oct
JanDec
Nov
Feb
Jan
Dec
Mar
Feb
JanMar
Feb Mar
14
14
14
15
15
15
14
14
14
15
15
15
14
14
14
15
15
15
Aside from academic-year cyclical trends, we expect
a decline in requests as self-service functionality is
650000650000650000
introduced,
offset by the increase in user population.
5
School of Engineering & Applied Sciences
Account
Management
Help Desk
Account
Management
HelpRequests
Desk Requests
Account Management Help Desk Requests
1700
6
5
Harvard Business School
KEY PERFORMANCE INDICATORS
2000 2000
6
Graduate School of Education
1700
Radcliffe Institute for Advanced Study
7
Graduate School of Arts and Sciences
500
2000
Harvard Library
7
(55386 originally
populated)
(55386 originally
populated)
0
Feb 14Mar
Apr
JanDec
15 Feb
Mar
Feb 14
MarMay
AprJun
MayJuly
JunAug
JulySep
AugOct
SepNov
OctDec
Nov
Jan 15
Feb Mar
Create/Update
(WS) (WS)
Create/Update
Create/Update
(IIQ) (IIQ)
Create/Update
Deprovision
(WS) (WS)
Deprovision
Deprovision
(IIQ) (IIQ)
Deprovision
Distribution is expected to shift from Waveset to IIQ over
time, with outlier data points due to bulk migrations,
Spring/Fall Starts, or other isolated changes.
1500
1400 1400
1300
1300
1200
1200
Feb M
14