RICHARD MARDLING, Director, Risk Assurance, PwC, at the European IRM Summit 2014.

1. www.pwc.co.uk
IRM Summit
The university of the future
04 November 2014

2. Agenda
Vision for the future university
Current IdAM status
What’s being delivered
What have we learned so far
IRM Summit November 2014
PwC
2

3. University of today
IRM Summit November 2014
PwC
3

4. Tomorrow’s students
IRM Summit November 2014
PwC
Growing digital identities
Value for money Greater access to
4

5. Vision for the future
IRM Summit November 2014
PwC
Course fees have increased and as a result, students are demanding value for money
Attracting top quality students brings in more revenue for the University
Top quality students also impact the University’s rankings and therefore future revenue
Digital is not a nice to have – it’s an expectation from digital natives & a competitive
differentiator
£
5

6. Student journey
IRM Summit November 2014
PwC
01 02
Attract Apply
04 03
Alumni Study
6

7. Student journey – IdAM requirements
IRM Summit November 2014
PwC
What to
action
now
What to
action in
the coming
weeks
What to
action in
the
coming
months
Apply
Create and manage
account at the
Apply stage
Lifecycle
Manage the
student lifecycle
Access
Access Experience
SSO
Devices
Options of
credentials
University issued
Social identities
7

8. Current issues - Students
IRM Summit November 2014
PwC
01
02
03
Current identity provisioning can only process 700 accounts in one batch. Over 3
or 4 days in August when the bulk of the undergraduate accounts are created this
may result in account creation times being more than one day;
04
The process for withdrawn student accounts due to outstanding debts, is
manual. This causes some inaccurate information flow, which is not being
fixed in a timely manner if the student clears the debt;
The process for de-provisioning accounts for leavers only takes place twice a year;
and
The policy around individuals who fall into both the staff and student
category is that they are treated as 2 different people.
8

9. Current issues - Staff
IRM Summit November 2014
PwC
01
02
03
Currently the agreed process between HR and IT restricts an “applicant” account
from being changed to a “person” account until a signed employment contract has
been received;
04
Complex technology that has been accumulated over the years;
Students who work at the University need to maintain a second set of staff
credentials in addition to their student account; and
Staff intake peaks in October when admission is three times higher than the
rest of the year and therefore requires supplementary processing by HR.
9

10. Current issues - Guests
IRM Summit November 2014
PwC
01
02
03
From an operational perspective, the current process suffers from long processing
times reliant on overnight batch jobs;
The long processing times mean that the University cannot accommodate
their goal to provision visitor accounts within the same day; and
As ‘In Grace’ de-provisioning is run only once a month, user accounts of leavers
are left with access to the systems longer than required. This poses an inherent
security risk.
10

11. What are we engaged to deliver?
IRM Summit November 2014
PwC
UAM
Access Governance
Who should
have access
to what
What should
the re-certification
process look
like
Lifecycle
Management
Streamline
the JML
processes
Provisioning
for core
applications
SSO
Define
requirements
Architecture
designs,
interface
specification
On-boarding
documentation,
test and
migration plan
11

12. What will be built…
IRM Summit November 2014
PwC
12

13. Identity Service
IRM Summit November 2014
PwC
Lifecycle Management (LCM) &
Compliance (CM)
inc. interface
Administrative inc.
Delegated Management
IdP
Self Service Password Reset
(SSPR)
Directory Service
13

14. Federation Service
IRM Summit November 2014
PwC
Service Provider/Relying Party Interface
Admin Interface
Presentation
Processing
Orchestration
Policy Store
Attribute Providers
Identity Provider Interface
Service Providers
Federation Service
Identity Providers
14

15. Next steps – Access Service
IRM Summit November 2014
PwC
1
Access service
Protecting IPR
Location based for core applications
Device based
1
2
3
4
Access and Authorisation Service
Policy
Enforcement
Point
Policy
Administration
Point
Policy
Decision Point
Policy
Retrieval
Point
Policy
Information
Point
Web Single Sign-On
Policy
Enforcement
Point
15

16. Conclusions / what we’ve learned so far
A lot of these are
stating the
obvious but…
IRM Summit November 2014
PwC
Projects within
a large
transformation
move slower
due to multiple
pressure points
Working with a
client who has a
good level of
maturity
expedites some
decision making
Understand
what impacts
what – Boston
tunnels
Define and
agree the
processes as
early as possible
16

17. Thank you
Richard Mardling
richard.w.mardling@uk.pwc.com
@rmardling

18. Add closing statement here...
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the
information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the
accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members,
employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in
reliance on the information contained in this publication or for any decision based on it.
© 2014 PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to the UK member firm, and may sometimes refer to the PwC network.
Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.