1. Identity and Access Management Town Hall February 10, 2014Monday10:00AM-12:00PM6 Story Street

2. Agenda Team News (Jason) Recent Accomplishments (Jane/Magnus) Program Plan (Erica/Jason) Project Methodology (Ann) Upcoming Project Milestones (Ann) IAM HUIT Website (Greg) Hiring Update (Jason) Questions and Answers (All) 2

3. Team News There is greatness among us! – Congratulations to Joe Hardin on your well deserved HUIT Cup win! We’ve been busy creating IAM Program awareness! – First iteration of the IAM Program Plan complete! – Successful IAM Executive Leadership meeting on 1/28/13 – Program budget and resource requests have been approved. – CIO Council update for IAM to take place today. We created a monthly dashboard for the Executive Committee We are creating an IAM Community Plan – Provides an approach for keeping Harvard schools and departments, not to mention other higher education institutions involved We are looking to introduce a Program CRM solution to assist us in tracking our involvement with partners 3

4. Recent Accomplishments Auth-LDAP release deployed to Production without issue! – Lessons learned to be gathered to assist with future process changes and release planning. DM Sailpoint Identity Cubes built (and built, and built…) – Further performance tuning is in process Connections deployed to the Cloud! Working test repository created to enable efficient reuse of test data Working Puppet setup of our standard architecture for web apps (Apache/Tomcat) used in development. On-boarding of additional SPs (e.g.; ServiceNow) 4

5. Program Plan - Overview What is a Program Plan? – High-level, governing document for all facets of IAM Program: Program Goals Team Structure Governance Structure Planning Approach Implementation Roadmap Communication/Partner Engagement – Capture User Benefits End users Application Owners People Administrators – Date driven, not scope driven deliverables 5

6. Program Plan (cont.) Four IAM Program Tenets will: – Simplify the User Experience Eliminate perceived complexities surrounding user identities. – Enable Research and Collaboration Enable students and faculty to share information and work across School boundaries leveraging authentication standards and federation. – Protect University Resources Protect sensitive information and data. Meet audit and regulatory requirements. – Facilitate Technology Innovation Enable HUIT-wide strategic initiatives (SIS, UC) Cloud 6

7. Program Plan - Implementation Approach 7 The IAM Program will be implemented in accordance to the four strategic objectives and work will be managed as a portfolio of eleven projects:

8. Program Plan - Deliverable Roadmap Review of the IAM Program Deliverables Roadmap (Hand-out) Review of the IAM Release Benefit Roadmap (Hand-out) Review of the One Way Federation One Pager (Hand-out) 8

9. Project Management Methodology Implementing expanded PM Approach – Keep everything that works well – Add structure where needed 9

10. Project Management Methodology Cont. – Formalize additional phases of the releases – Planning & Analysis Phase – Development Phase – Release/ Go-Live – Support/ Maintenance – Adjust JIRA structure to mirror Program Plan to allow for reporting – Releases: Epics – Deployments: Versions – Release Documents on Confluence – Project Charter – Go-Live Playbook – Release Plan 10

11. Project Management Methodology Cont. – Project Management Plan draft due on 2/14/14 – Pilot Release to “kick off” on 2/28/14 11

12. 12 Release Milestones

13. HUIT Website - IAM New IAM External Website to “go-live” on 2/13/14. – http://projects.iq.harvard.edu/iam Call for content! – Ideas and submissions for content entries – IAM topics to be spot lighted – Plans for group videos – Photo submission 13

14. Hiring Update Interim Community Manager Position filled – Welcome, Steve King! Senior Cloud Engineer selected – Conditional Offer extended to candidate with expected start date on 2/18/14. Wave 1 Positions are Open! – Software Engineer – Senior Database Developer – Lead Software Engineer ($1,000 referral bonus eligible) – Community Program Manager – Directory Architect – Quality Assurance Engineer – Solutions Architect – Communications and Reporting Specialist 14

15. Questions and Answers? 15

16. Supporting Materials 16

17. Appendix A: IAM Accomplishments to Date Simplify the User Experience Selected and purchased a new identity creation toolset that will lead to improved onboarding experience for all users. Implemented a new Central Authentication Service for faster, flexible deployment of applications across the University. Implemented One-Way Federation with the Harvard Medical School to prove the concept that users can select the credentials they would like to use, to access services. Implemented Provisioning improvements to set the foundation for the expansion of cloud services, support Active Directory consolidation, and email migrations. Integrated a new ID Card Application into IAM that enables the University to handle large-scale replacement of expired cards. Enable Research and Collaboration Joined InCommon Federation and enabled authorized Harvard users to access protected resources at Hathitrust. Enabled access to a planning tool that Harvard researchers can use to assist with compliance of funding requirements specific to grants (e.g., NSF, NIH, Gordon and Betty Moore Foundation). Protect University Resources Proposed a new Password Policy to the HUIT Security Organization to standardize password strength and expiration requirements for the University. Drafted a Cloud Security Architecture with the HUIT Security Organization to provide Level 4 security assurance for application deployments within Amazon Web Services. Refreshed the AUTH LDAP software and infrastructure to current, supported versions. Fa cilitate Technology Innovation Created a conceptual architecture for IAM Services to be deployed within the Amazon’s offsite hosting facilities. 17

18. Appendix B – IAM Business Need 18 StakeholderExperience TodayImagine If….Program Benefit Faculty and Staff Faculty and staff use different user names and credentials to access applications and data both internal and external to the University. Manual, paper based process for sponsoring and managing user accounts. Faculty and staff have no access or are forced to register for accounts to access external sites. Faculty and staff could access information and perform research across schools and with other institutions without having to use several sets of credentials. Faculty and staff could manage their own accounts and sponsor other through a centralized web applications. Simplify Account Management Increase Self- Service Expand Access to Resources Students Student use different user names and credentials to access applications that cross school boundaries. The identity of a student is not consistent throughout the identity lifecycle from acceptance to alumni resulting in interrupted access to services and resources. Students could choose to use their home school credentials to login into applications across the University. Students could keep using the same set of credentials after they graduate. Allow Choice of Credentials Ensure Continuity of Identity Technical Staff Reliance on manual user management results poses a security risk. Application teams have difficulty integrating identity access management into their solutions creating long implementation timelines and higher costs. Automated provisioning reduces the burden on IT staff and increases the security posture of the University. Application teams can easily integrate Harvard users with internal and external applications. Simplify Application Set- up and Administration External Users External users, such as researchers from other higher education institutions, must obtain a Harvard credential and password to access resources. External users can access Harvard applications using credentials native to their home institution. Reduce Manual Process for Guest Membership

19. Appendix C- IAM Vision 19 1. Simplify the User Experience “Simplify and improve user access to applications and information inside and outside of the University.” 2. Enable Research and Collaboration “Simplify the ability for faculty, staff, and students to perform research and collaboration within the University and with colleagues from other institutions.” 3. Protect University Resources “Improve the security stature of the University with a standard approach.” 4. Facilitate Technology Innovation “Establish a strong foundation for IAM to enable user access regardless of new and/or disruptive technologies.“ Strategic ObjectivesGuiding PrinciplesKey Performance Indicators ●Harvard Community needs will drive the technology supporting the Identity and Access Management Program ●Tactical project planning will remain aligned with the Program strategic objectives ●Solution design should allow for other Schools to use the foundational to communicate with the IAM system in a consistent, federated fashion ●Communication and socialization of the program are critical to its success The number of help desk requests that relate to account management per month. The number of registered production applications that use the IAM system per month. The number of user logins and access requests through the IAM system per month. The number of production systems that the IAM system provisions to per month. Provide secure access to applications that is easy for the user, application owner, and IT administrative staff with solutions that require fewer login credentials, enable collaboration across Harvard and beyond, and improve security and auditing. The Vision for Identity and Access Management (IAM)