Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CASE STUDY: UK UNIVERSITY

948 views

Published on

RICHARD MARDLING, Director, Risk Assurance, PwC, at the European IRM Summit 2014.

Published in: Software
  • Be the first to comment

CASE STUDY: UK UNIVERSITY

  1. 1. www.pwc.co.uk IRM Summit The university of the future 04 November 2014
  2. 2. Agenda Vision for the future university Current IdAM status What’s being delivered What have we learned so far IRM Summit November 2014 PwC 2
  3. 3. University of today IRM Summit November 2014 PwC 3
  4. 4. Tomorrow’s students IRM Summit November 2014 PwC Growing digital identities Value for money Greater access to 4
  5. 5. Vision for the future IRM Summit November 2014 PwC Course fees have increased and as a result, students are demanding value for money Attracting top quality students brings in more revenue for the University Top quality students also impact the University’s rankings and therefore future revenue Digital is not a nice to have – it’s an expectation from digital natives & a competitive differentiator £ 5
  6. 6. Student journey IRM Summit November 2014 PwC 01 02 Attract Apply 04 03 Alumni Study 6
  7. 7. Student journey – IdAM requirements IRM Summit November 2014 PwC What to action now What to action in the coming weeks What to action in the coming months Apply Create and manage account at the Apply stage Lifecycle Manage the student lifecycle Access Access Experience SSO Devices Options of credentials University issued Social identities 7
  8. 8. Current issues - Students IRM Summit November 2014 PwC 01 02 03 Current identity provisioning can only process 700 accounts in one batch. Over 3 or 4 days in August when the bulk of the undergraduate accounts are created this may result in account creation times being more than one day; 04 The process for withdrawn student accounts due to outstanding debts, is manual. This causes some inaccurate information flow, which is not being fixed in a timely manner if the student clears the debt; The process for de-provisioning accounts for leavers only takes place twice a year; and The policy around individuals who fall into both the staff and student category is that they are treated as 2 different people. 8
  9. 9. Current issues - Staff IRM Summit November 2014 PwC 01 02 03 Currently the agreed process between HR and IT restricts an “applicant” account from being changed to a “person” account until a signed employment contract has been received; 04 Complex technology that has been accumulated over the years; Students who work at the University need to maintain a second set of staff credentials in addition to their student account; and Staff intake peaks in October when admission is three times higher than the rest of the year and therefore requires supplementary processing by HR. 9
  10. 10. Current issues - Guests IRM Summit November 2014 PwC 01 02 03 From an operational perspective, the current process suffers from long processing times reliant on overnight batch jobs; The long processing times mean that the University cannot accommodate their goal to provision visitor accounts within the same day; and As ‘In Grace’ de-provisioning is run only once a month, user accounts of leavers are left with access to the systems longer than required. This poses an inherent security risk. 10
  11. 11. What are we engaged to deliver? IRM Summit November 2014 PwC UAM Access Governance Who should have access to what What should the re-certification process look like Lifecycle Management Streamline the JML processes Provisioning for core applications SSO Define requirements Architecture designs, interface specification On-boarding documentation, test and migration plan 11
  12. 12. What will be built… IRM Summit November 2014 PwC 12
  13. 13. Identity Service IRM Summit November 2014 PwC Lifecycle Management (LCM) & Compliance (CM) inc. interface Administrative inc. Delegated Management IdP Self Service Password Reset (SSPR) Directory Service 13
  14. 14. Federation Service IRM Summit November 2014 PwC Service Provider/Relying Party Interface Admin Interface Presentation Processing Orchestration Policy Store Attribute Providers Identity Provider Interface Service Providers Federation Service Identity Providers 14
  15. 15. Next steps – Access Service IRM Summit November 2014 PwC 1 Access service Protecting IPR Location based for core applications Device based 1 2 3 4 Access and Authorisation Service Policy Enforcement Point Policy Administration Point Policy Decision Point Policy Retrieval Point Policy Information Point Web Single Sign-On Policy Enforcement Point 15
  16. 16. Conclusions / what we’ve learned so far A lot of these are stating the obvious but… IRM Summit November 2014 PwC Projects within a large transformation move slower due to multiple pressure points Working with a client who has a good level of maturity expedites some decision making Understand what impacts what – Boston tunnels Define and agree the processes as early as possible 16
  17. 17. Thank you Richard Mardling richard.w.mardling@uk.pwc.com @rmardling
  18. 18. Add closing statement here... This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2014 PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to the UK member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

×