Presentation is loading. Please wait.

Presentation is loading. Please wait.

All Contents © 2008 Burton Group. All rights reserved. IdM Governance in Higher Education Dave Muehling Director, Consulting

Similar presentations


Presentation on theme: "All Contents © 2008 Burton Group. All rights reserved. IdM Governance in Higher Education Dave Muehling Director, Consulting"— Presentation transcript:

1 All Contents © 2008 Burton Group. All rights reserved. IdM Governance in Higher Education Dave Muehling Director, Consulting 1 April 2010

2 2 Governance is Overwhelming! Higher Education may not be able to use common business patterns Funding models can become a roadblock Governance models differ, even within the Higher Education space itself The Culture of Higher Education is unique It is often difficult to assign ownership Membership in governing bodies is often fluid and diverse

3 3 Why Talk About Governance Now? The Generation Y and Z effect Technologies role in research and education Regulation and Compliance: FERPA, HIPAA, PCI Technology overload: Stacking the deck Social Networking Mobility The my.Device dilemma Federation

4 4 What Is IdM Governance? What is Governance? Governance sets policy, establishes authority and responsibility, and implements accountability Comprises structures, rules, power and influence, funding mechanisms, enforcement mechanisms, and appeals processes University executives and steering committees define policies Localized working groups implement policy via processes IT automates some of these processes through technology

5 5 Effective Governance A strong governance team helps institutions Foster communication Achieve high data quality Promote application inter-operability Avoid undue risk Bring together different constituent groups Enforce regulatory compliance Supports the autonomy amongst the schools Provide better service

6 6 Effective Governance Goals of governance Build value Create transparency Allows management to understand whether the risks the institution is taking are prudent and to know how effectively its value-creation and loss-limitation activities are functioning so that these activities can be adjusted if they are not doing the job To achieve executives governance goals of building value and creating transparency, institutions must continuously perform two governance tasks Turn policies into processes Measure success - create evidence of its actions

7 7 Effective Governance A strong governance team requires Sponsorship Maintain focus Manage relationships Overcome roadblocks Provide stewardship throughout the life of the IdM initiative Ownership An individual or group should be accountable for the decisions made and the actions taken Has enforcement capabilities to go along with the accountability Core Team Responsible for day-to-day direction Right mix is critical to making effective decisions

8 8 Effective Governance What happens if an institution does not have effective IdM governance? Redundant identity data propagated across application silos Diminished oversight as to how identity data is being used as propagation propagates Duplicitous application development to handle authentication or authorization Potential misuse of sensitive identity data due to insufficient controls Little end-to-end auditability Of identities and access privileges across all resources Of the applications and systems using an institutions identity data and how that data is used

9 9 Governance IdM Framework model includes governance

10 10 Types of IdM Governance Models Formal Hybrid Model Shared Central ownership with steering committees and working groups throughout the institution Centralized Model All governance stems from strong central ownership with centralized committees and groups Explicitly De-Centralized Model All governance stems from individual committees and working groups that act in an independent fashion No Clear Governance Model

11 11 Levels of Governance Maturity Level 5 – Optimizing Continuous process improvement is enabled by quantitative feedback from the process and from testing innovative ideas and technologies Level 1 – Initial Few processes are defined, and success depends on individual effort talent and heroic effort Level 2 – Repeatable The necessary process discipline is in place to repeat earlier successes on projects with similar applications Level 3 – Defined The process for both management and engineering activities is documented, standardized, and integrated into an organization- wide process and used by all projects Level 4 – Managed Both the process and end-products are quantitatively understood and controlled using detailed measures

12 12 IdM Governance Framework Business Initiatives & Processes Technology Strategy & Usage Growth Management Federation Legislation Guiding Principles Policy Management Model System Architecture and technical Standards Enforcement Processes Recovery Processes Monitoring Processes Administrative and End User Guidelines and Procedures Business Drivers Governance Documents policy, principles, control environment Management Model – content management, security management, operational impact Operations Documenting administrative and end- user guidelines and procedures Administering access controls, monitoring, and recovery processes Governance Business Requirements Architecture Design the infrastructure Develop technical standards and processes Architecture Operations Factors determining the Business drivers User Profile extensions

13 13 Governance Governance Process – it is iterative!

14 14 Governance The IdM strategy should be published and reviewed on an annual basis (evidence of its actions) The review process should evaluate the strategy with respect to four key areas: Enhancement to existing services New services Operational efficiency Cost reduction

15 15 Governance High level governance process example for an institution to consider (operationalization) Any department, application owner or business project team requiring new services or extensions to existing services provided by the IdM infrastructure must provide the following: Business purpose Description of the processes Written assurance that the data being used will be protected to the full extent of the institutions data usage policy

16 16 Where To Begin? Understand that individual initiatives will have priorities and objectives that dont align directly to others A governance body should, therefore, Rationalize common requirements and capabilities Arbitrate the needs of different initiatives Acknowledge and accommodate the current state Establish the point of convergence Foster and manage the migration

17 17 Governance The governance team and working groups develop: Business processes that impact the IdM infrastructure Service-level-agreements Operations and maintenance issues Enterprise (University) standards Application integration guidelines Privacy guidelines Data-usage guidelines Schema extensions University role definitions and usage Authentication and authorization rules Address operational issues Budget and funding

18 18 Governance A typical IdM Governance Team would be comprised of decision-making representatives from the following departments: Executive stakeholder(s) Delegate but maintain responsibility IT Security and/or Privacy IT Architecture Operations and Support (e.g., Infrastructure) Administrative Systems HR Information Systems Registrar Application Development Internal Audit

19 19 Where / How To Start Evaluate existing policies and processes during initial analysis and release Start making governance decisions now to be ready for future requirements Iterative process –Create, Validate, Finalize Executives, legal, IT, privacy, & security validate any decisions If needed, form sub-teams to work offline and present recommendations

20 20 How To Measure Success Leverage management frameworks (CobiT, ITIL, etc.) Key Goal Indicators Business-driven measurements of what needs to be accomplished Lag indicators that can only be measured after the fact Examples: CISO / CPO agreement and signoff, having operations on budget and on schedule, availability of systems and services Key Performance Indicators Short, focused measurements of how well a given process is performing Examples: reduce # of support incidents, satisfaction of stakeholders By clearly defining key goal and performance indicators, institutions can establish benchmarks to determine effectiveness of governance model

21 21 Summary Governance should start at the top Governance tasks should be delegated, but authority is still held at the executive level In order for governance to work you need to: Have a minimum level of control at the top level Have to determine scope of compliance Have to determine execution of compliance Have to create the processes, audit points and architectures that will support the decisions being made One size does not fit all – define and adopt a governance model that best fits with the institutions principles and culture

22 All Contents © 2008 Burton Group. All rights reserved. Q&A


Download ppt "All Contents © 2008 Burton Group. All rights reserved. IdM Governance in Higher Education Dave Muehling Director, Consulting"

Similar presentations


Ads by Google