IDENTITY ACCESS MANAGEMENT – PHASE 0 – IDM REPLACEMENT December 5, 2013

Executive Summary Identity Access Management (IAM)* solution will be end-of-life in Dec 2013 – Current solution deployed in 2004 – Oracle has sunset the solution in favor of its own product – no upgrade path available Significant risk associated with having a production IDM solution that is not supported by the vendor – External facing for key functions such as password resets – Critical platform for security & compliance Solution replacement is required to stay on supported and secure technology 2 *Lighthouse Waveset Identity Manager, formally Sun and then Oracle Business Problem:

3 Proposed Solution

Financial Summary -Phase 0 4 Expense 16%, Capital 84% NOTE: Maintenance costs for the software are will remain relatively flat (i.e. what is paid today for IDM is similar).

Benefits 5 Cost Reduction / Avoidance  Avoidance of enhancements on end of life solution, throwaway customizations – required if project is delayed (~$1.3M annually)  Enhancements become less expensive, as software is more easily configured (vs. customized)  Decreased costs for integration with other applications (for provisioning)- not custom connectors for every deployment Risk Mitigation  IDM is critical to the business – user management, password resets etc for ANY person accessing a major SPE system – current supported SW is mandatory  Prevents and protects against security and vulnerability findings such as Java and other technology versions External facing issues requiring remediation of critical vulnerabilities in 1-3 calendar days

Competitive Analysis 6 The most popular IAM solutions other corporations have chosen are: – SailPoint – Oracle – CA – NetIQ – Microsoft Recent studios implemented the following: Paramount Pictures – Microsoft and Disney -CA Other SailPoint customers: RBS, BNP Paribas, Fidelity, Wellpoint, Bank of America, JP Morgan Chase, MGM Resorts, Cardinal Health, Adobe, ING DIRECT, Sallie Mae, OfficeMax, Exxon Mobil, UBS, UPS, Travelers, New York Life

Timeline- Phase 0 7 Nov ’13Dec‘13Jan’14Feb ’14March ’14April ’14May ’14June ’14July ’14Aug ’14Sept ’14Oct ’14Nov ’14Dec ’14 FY2015 FY2014 Project Greenlight Project Kickoff Greenlight Prep Planning / Blueprint Solution Architecture & Design Implementation Hypercare

SailPoint IdentityIQ (IIQ) has been chosen as the replacement for the current IDM Lighthouse Waveset Identity Manager existing solution. The IIQ Base Product includes the following: Identity Governance Platform – Identity Warehouse (aggregation and correlation engine); Generally available connectors to support 3 rd party software applications, databases and platforms; Role Modeler; Policy Catalog; Risk Analyzer Identity Intelligence – Dashboards, Reporting, Advanced Analytics Unlimited instances for development, test, and high availability environments as needed to support the production instance In addition, the following IIQ Modules are add-on Modules to the Base Product and are in scope for Phase 0: IdentityIQ Lifecycle Manager Module- Self-service Access Request and Password Management, Automated Lifecycle Event Management, Process Assembler and Preventive Policy Enforcement IdentityIQ Provisioning Engine Module -SailPoint’s generally available provisioning connectors for processing changes to user access within 3 rd party software applications, databases, and platforms IdentityIQ Service Desk Integration Module (for ServiceNow)- Generate help desk tickets automatically from IdentityIQ to ServiceNow 8 Proposed Solution