1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Suresh Balakrishnan, Deputy CIO, University System of Maryland Mary Anne Mahin, Vice President of HR, Georgetown University Dr. Donald Z. Spicer, CIO, University System of Maryland January 18, 2007

2 Overview of the Summit Summit with Thought Leaders and Experts  Held in Washington D.C., Nov. 2-3, 2006 –Key message was in the organization of the summit: A highly diverse group of higher education leaders from a wide range of institutional offices –Range of issues discussed reflected in subsequent slides of this presentation  Definition –IdM is an integrated system of business processes, policies, and technologies that enable organizations to facilitate and control their users’ access to online applications and resources, while protecting confidential personal and business information from unauthorized users User Authentication Access and restrictions Account profiles Passwords and other attributes supportive of users’ roles/profiles on one or more applications or systems

3 Drivers for Identity Management Services, Stakeholder Expectations, Security  Why is IdM needed on campus?  What services, federal compliances, and other advantages are evident?  What responsibilities does the institution have to students, faculty, staff?  How much time do institutions have to accommodate these drivers?

4 The Business Case for Identity Management Key Points, Strategies, and Follow-up Steps  What key points should be in a business case for IdM?  How and by whom should the business case be developed and presented?  What are the follow-up steps in the case of a positive response; a negative response; a lukewarm response?

5 Institutional Ownership/Governance Breadth of Functional Engagement, Collaboration  Consider that IdM is not just an IT issue. How then do offices such as student enrollment services, human resources, internal auditing, financial services, library, faculty research, instruction, legal counsel, security offices, policy offices, alumni, advancement, card services, health centers, IT and others define their identity management needs on campus?  How can these groups effectively work together on the policy, business process, and technology to develop and move forward on a plan to institute a common identity management system?  What are the responsibilities of the Board, President, Provost?  How would a governance process be instituted and work effectively to accommodate continuous change in requirements, legislation and opportunities?

6 Policy Considerations Scope and Implementation  What should policy cover?  How should policy be established and managed?  How are decisions made on such issues as who gets access, cradle- to-grave management, interim access, proper checks and balances, ease of use vs. more conservative processes, privacy, other security requirements?

7 Risk Management and Assessment Level of Risk, Cost/Benefit Considerations  What are the risks of not properly managing the identities of users?  How should institutions decide on the level of risk they are willing to absorb?  What are the costs/benefits of protecting resources?  How does IdM fit into security strategies?

8 Communication and Education Strategies and Responsibilities  How should users of institutional resources be educated on the importance of IdM? Whose responsibility is this and more general communications?  What part does each component of the institution play?

9 Implementation and Operational Issues Priorities, Resources, Engagement, Tradeoffs, Other Information Systems, Operations  CAMPUS PRIORITIES AND RESOURCES – How does IdM relate to other priorities at our institutions and how does planning and implementation of an IdM infrastructure fit into the ongoing work of the institution? What strategies can a campus use to make progress on implementing of a robust identity management environment on our campuses?  ENGAGEMENT – How can business units on campus stay engaged in the implementation process and maintain a sense of buy-in and urgency?  TRADEOFFS - How does the campus ensure that the IdM plan has an integrated approach to policy, process and technology?  OTHER INFORMATION SYSTEMS – Given that the campus must integrate the IdM system with existing and new information systems, how does this affect application choices of the various functional units and departments? What can be done with information systems that incorporate their own way of doing identity management?  OPERATIONS - What mechanisms are needed to support IdM? What business processes and related technologies are needed?

10 Recommendations to Educause Brian Hawkins to deliver message to campus CEOs Develop short readable brochures Provide external consultants Help forge new relationships between technical staff and functional offices Collect and publish best practices Apply cybersecurity taskforce model to IdM Advocacy with government---monitor status of legislation Work with non-IT higher ed associations

11 Questions/Discussion Materials and notes from the IdM Summit are available at: