IAM EXECUTIVE STATUS DASHBOARD
Transcription
IAM EXECUTIVE STATUS DASHBOARD
IAM EXECUTIVE STATUS DASHBOARD | April 2, 2015 PROGRAM NARRATIVE KEY NO SIGNIFICANT CONCERNS SIGNIFICANT CONCERNS/RISKS; NEEDS IMMEDIATE ATTENTION RISKS IDENTIFIED; MITIGATION FEASIBLE AND UNDER REVIEW MAJOR RISKS TO DELIVERABLES/ MILESTONES; NO PLAN YET EXECUTIVE ATTENTION NEEDED Accomplishments this month include implementation of consolidated database schemas for IAM databases — reducing support and testing overhead and enabling faster cloud migrations — as well as the deployment of a SailPoint IIQ release enabling Alumni provisioning. Program Increment 3 is underway, and handoff of final deliverables from El El See (for cloud deployment tools) and Isobar (for user-facing design patterns) is expected this month. First cloud migration of an IAM app in concert with Cloud & DevOps program (Phonebook) is underway. No items requiring executive attention. CRITICAL SUCCESS FACTORS Executive Sponsorship • Executive Committee to assist with FAS- and Alumni-related rollout and communications activities throughout the summer Transition Planning Budget Planning • First major release with transition manager a success, with good coordination among stakeholders, multiple CAB meetings, and colocation; post-deployment follow-up complete • IAM DevOps matures via continued app migration • Vendor (El El See) failed to deliver entirety of CDP solution, but app migration is still moving as planned; development automation is in progress using internal team resources Resource Planning • FY16 budget has been approved by HUIT finance team Community & School Engagement • Interviewing for QA contractor • Positions will be posted shortly for two AD engineers • Position will be posted shortly for lead software development manager (replacing Greg Freiter) • All stakeholders received invitation to PI-2 demo; many accepted • Continued discussions with FAS leadership about HarvardKey rollout and tie-in with Security campaign • Meetings with HMS and HLS to discuss proposals for their rollouts • Town Hall with small subset of PIN app owners about reconfiguring for HarvardKey PROGRAM PLAN SUMMARY, STATUS, AND MILESTONES KEY 2014 TRACK PROJECT STATUS NEAR-TERM MILESTONES Q1 Jan Provisioning Federation Alumni feature development expected to conclude in May, with data migration and go-live schedule determined by Alumni team’s milestones. First round of HMS analysis documentation is ready for final approval. June: Support provisioning and account self-service for FAS users. June: Support provisioning and account self-service for Alumni users. June: Finish HMS analysis Phase 2: AD account lifecycle, IT resource provisioning. IdP meets known regulatory and customer needs; latest deployment expands attribute release to better support service providers/app owners. No near-term milestones. Q2 Feb Mar Apr May Jun Jul Aug Q4 Sep Oct Nov Readiness No near-term milestones. Dec Jan Q2 Feb Mar Apr May Jun Jul Foundation Aug Q4 Sep Oct Nov Q1 Dec Jan Feb Mar Apr Q3 May FIM Replacement for O365 Jun Jul Aug Q4 Sep Oct Nov Q1 Dec Jan Feb Q2 Mar Apr May Jun Sponsored Account Self-Service Expand Provisioning Targets Account Claiming Self-Service Decommission Waveset PIN/AD Credential Management idP Functionality Expansion External Partner Enhanced idP Functionality for Privacy InCommon Bronze Self-Certification Preparation (AD, PIN/CAS) No near-term milestones. NOT STARTED 2017 Q2 Expansion (Office 365) Waveset UNDER DEVELOPMENT 2016 Q3 Alumni Federation for Hospitals LDAP Updates (HU/Auth) Directory Services Q1 • Continued meetings for cross-program communications • Support for SIS release in March; working on stories to support June release • Provided TLT with communication templates • Migrated Cloud & DevOps into Salesforce (using for tracking) RELEASE COMPLETED 2015 Q3 Cross-Program Collaboration New Cloud LDAP (HU and AUTH LDAP) LDAP Functional Enhancement LDAP Attribute Expansion Decommission FAS AD UUID Enhancement AD Migration (FAS/Central) Identity APIs App Owner Support One-Way Fed Reference Implementation release is underway. July: Make integration easier for HUIT app owners and improve app security by providing standard libraries. No near-term milestones. No near-term milestones. Identity Access No near-term milestones. Governance July: Reduce user risk profile by truncating SSN, ensuring it is no longer stored in places where it is not absolutely needed. Aug: Protect end-user privacy by aligning with Barron Committee recommendations. Application Registration Customer Test Data OWF Onboarding for HBS Program-Level KPI Reporting IAM Service Usage & Access Reporting IAM External-Facing Website Refine Privacy Protocols Aug: Reduce end-user risk of identity and account compromise by adding support for multifactor authentication. Decommission PIN3 Authorization Enhancements Integration testing and API enhancements underway for SIS Wave 2. July: Enable SIS to benefit from IAM data by granting data access in production. Aug: Make authorization admin tasks easier by enabling creation of user groups. SIS Wave 0 No near-term milestones. No near-term milestones. AD & FIM support hires approved. Oct: Give end users not provisioned through Waveset or IIQ access to the full O365 toolset. IAM app migration is underway in coordination with Cloud & DevOps program. Public LDAP has been retired in dev environment. May: Migrate PIN, saving costs and keeping it current with other IAM infrastructure. Aug: Sunset legacy hardware to cut cost. Sep: Boost stability/performance for people admins and cut cost by migrating IIQ. Sep: Cut cost and improve support, performance and stability for IAM-owned databases used by downstream apps. Identity Analytics & Risk Assessment Automated Alerting and Monitoring Identity Proofing Cloud Authentication Adaptive Access Bring Your Own Identity Desktop & Mobile Native Apps SIS Wave 2 Group Management Coarse-Grained Authorization Expand Groups Connections Update Connections UI Improvements FIM Support Stand Up Cloud-Based LDAP Connections Migration Business Intelligence Tool Set CAS Bridge Multifactor Authentication Cloud Architectural Reference Model Add Data to Warehouse School-Level KPI Reporting Metric Dashboard SSN Truncation Multifactor Authentication vendor selected; formal agreement in progress. Cloud Migration Application Usage Statistics IAM Reference Implementations Authentication Enhancements External Directories Expanded Provisioning Federation Updates Yellow Pages Improvements Authenticable Credentials for Machines Retire Legacy LDAP IdDB Migration and Database Export/View Migration Self-Service Migration PIN/CAS Migration SailPoint IIQ Migration MIDAS Migration Phonebook & Public LDAP Cloud Migration IAM EXECUTIVE STATUS DASHBOARD | April 2, 2015 KEY NO SIGNIFICANT CONCERNS SIGNIFICANT CONCERNS/RISKS; NEEDS IMMEDIATE ATTENTION RISKS IDENTIFIED; MITIGATION FEASIBLE AND UNDER REVIEW MAJOR RISKS TO DELIVERABLES/ MILESTONES; NO PLAN YET STRATEGY AND PLANNING: TOPICS & TREND LINES PI-2 was extended by one sprint to allow more development time for incomplete features and minimize carryover, with no impact to customers or program plan. PI-3 now is underway, and the development teams remain focused on features for Alumni and FAS, supporting IAM customers and HUIT programs and migrating IAM applications to the cloud. The goal is to finalize all Alumni features in PI-3 in order to spend the bulk of PI-4 development time on features for FAS. The team received a final build kit and assets from Isobar for implementing user-facing design patterns, and will conclude front-end development on HarvardKey account management features in PI-3. Planning for PI-4 began this week with definition of the increment’s business objectives and a draft of the candidate features list. Technical analysis and decomposition of features into high-level stories will begin in Sprint 3 of PI-3, the week of April 6. Schedule Budget Scope Reporting Staffing Community Outreach Release Management FUNCTIONAL STATUS: TOPICS & TREND LINES The HarvardKey team is currently modifying the application to reflect designs delivered by Isobar. Alumni data imports will begin soon. The provisioning team is working on deploying SailPoint IdentityIQ to the cloud and, in parallel, refactoring how source data updates are processed to make more efficient use of the product and simplify our implementation. MIDAS enhancements are being developed to allow for viewing of Alumni data and the creation of new types of sponsored affiliations. PI-4 business objectives and features for the next program increment are being reviewed in preparation for design planning. Policy Governance Service Support Documentation Requirements Assessment Service Definition Quality Assurance Service Transition TECHNICAL STATUS: TOPICS & TREND LINES The team has successfully completed the database rationalization production release, making it now possible to move the database and IIQ to the cloud for the provisioning expansion. PIN/ CAS, IdP, and AuthZProxy are all also on track to move to the cloud in the near future. The team has improved the design for importing data into IIQ, allowing for faster detection of changes, larger volumes, and the introduction of group functionality. The team has also been working with an MFA vendor, and a proof of concept for this vendor’s solution is in progress with the aim of enabling release later in the year. Identity Management Cloud Migration Access Management Infrastructure Directory Services Data User Experience COMMUNITY OUTREACH: HARVARD UNITS & TREND LINES Faculty of Arts and Sciences Alumni, SIS, SEAS, FAS, and HMS work progresses, with ongoing outreach efforts to keep them informed. Working with HUIT programs around combined outreach to FAS, including our IAM information in a single, coordinated message. Cloud team tracking Wave 1 migrations via Salesforce and will start on reporting for them next. Further work to create coordinate rollout activities plan across programs. Graduate School of Design Harvard School of Public Health 2000 2000 1700 1400 1100 800 500 1400 1100 800 1700 1400 1100 800 TLT Harvard Kennedy School 1400 1400 Campus Services 4 4 Harvard School of Dental Medicine Harvard Law School 1100 1100 FSS 3 3 Harvard Divinity School Harvard Medical School 800 800 Human Resources IAM Incidents as Percent of Total 1700 Alumni Affairs 500 Jan Feb Apr May AugJulSep Oct Nov Dec JanDec Feb JanMar Feb Mar AprJun MayJulJun Aug Sep Oct Nov JanMar Feb Mar 14 15 14 15 2 2 1 1 0 Total Authentication Services Registrations Total Identities in SailPoint IIQ 1800 1800 1800 650000650000 35000 35000 6 6 6 1700 1700 1700 640000640000 28000 28000 5 5 5 1600 1600 1600 4 4 4 630000630000 21000 21000 1500 1500 1500 620000620000 14000 14000 1400 1400 1400 1300 1300 1300 610000610000 7000 7000 3 3 2 2 1 1 1 Registered Registered Applications Registered Applications Applications IAM Percentage IAM Percentage IAM ofPercentage Totalof Totalof Total We expect a reduction in IAM incidents over time as a percentage of total ServiceNow incidents, with modest (55386 originally (55386 originally populated) (55386 originally populated) populated) 35000 35000 35000 temporary increases for Spring and Fall Starts. 28000 28000 28000 Number of registrations is expected to fluctuate over time — but grow overall — based upon new applications added and removal of unused applications. 10 10 10 9 9 9 8 8 8 600000 600000 July 14 Aug July 14 Sept Aug Oct Sept Nov Oct Dec Nov Jan Dec 15 Feb Jan 15 Mar Feb Number of Identities Number of Identities The number of identities illustrated will increase over time as overall migration from Waveset to SailPoint IIQ progresses. Mar 0 1700 1600 1600 1500 Unified Communications Other HUIT Departments Monthly Provisioning Transactions 7 2 1700 IAM Percentage of Totalof Total IAM Percentage 7 3 1800 1800 Registrars 0 Jan Feb Apr May AugJulSep Oct Nov Dec JanDec Feb JanMar Feb Mar AprJun MayJulJun Aug Sep Oct Nov JanMar Feb Mar 14 15 14 15 7 Account Account Management Account Management Management Help Desk HelpRequests Desk HelpRequests Desk Requests 640000640000640000 SIS Division of Continuing Education 500 500 0 0 0 1200 1200 1200 Jan FebJan MarFeb Apr Jan Mar May Feb Apr Jun Mar May Jul Apr Jun Aug May Jul Sep Jun Aug Oct JulSep Nov Aug Oct Dec Sep Nov Jan Oct Dec Feb Nov Jan Mar Dec Feb Jan Mar Feb Mar Jan FebJan MarFeb Apr Jan Mar May Feb Apr Jun Mar May Jul Apr Jun Aug May Jul Sep Jun Aug Oct JulSep Nov Aug Oct Dec Sep Nov Jan Oct Dec Feb Nov Jan Mar Dec Feb Jan Mar Feb Mar Feb Mar FebApr Mar Feb May Apr Mar Jun May Apr JulJun May AugJulJun Sep AugJul Oct Sep Aug Nov Oct Sep Dec Nov Oct JanDec Nov Feb Jan Dec Mar Feb JanMar Feb Mar 14 14 14 15 15 15 14 14 14 15 15 15 14 14 14 15 15 15 Aside from academic-year cyclical trends, we expect a decline in requests as self-service functionality is 650000650000650000 introduced, offset by the increase in user population. 5 School of Engineering & Applied Sciences Account Management Help Desk Account Management HelpRequests Desk Requests Account Management Help Desk Requests 1700 6 5 Harvard Business School KEY PERFORMANCE INDICATORS 2000 2000 6 Graduate School of Education 1700 Radcliffe Institute for Advanced Study 7 Graduate School of Arts and Sciences 500 2000 Harvard Library 7 (55386 originally populated) (55386 originally populated) 0 Feb 14Mar Apr JanDec 15 Feb Mar Feb 14 MarMay AprJun MayJuly JunAug JulySep AugOct SepNov OctDec Nov Jan 15 Feb Mar Create/Update (WS) (WS) Create/Update Create/Update (IIQ) (IIQ) Create/Update Deprovision (WS) (WS) Deprovision Deprovision (IIQ) (IIQ) Deprovision Distribution is expected to shift from Waveset to IIQ over time, with outlier data points due to bulk migrations, Spring/Fall Starts, or other isolated changes. 1500 1400 1400 1300 1300 1200 1200 Feb M 14