11

State of OregonState of OregonIdentity and Access Identity and Access

ManagementManagement

John Radford, State ControllerJohn Radford, State Controller

Department of Administrative ServicesDepartment of Administrative ServicesState Controller’s DivisionState Controller’s Division

22

AgendaAgenda ApproachApproach VisionVision Current StateCurrent State ProblemsProblems Potential RemediesPotential Remedies SuccessesSuccesses Q&AQ&A

33

ApproachApproach Access control identified in a Access control identified in a

vulnerability assessment as a critical vulnerability assessment as a critical security issuesecurity issue

Initial funding through Certificate of Initial funding through Certificate of Participation (COP)Participation (COP)

Procured IBM Tivoli Software Suite Procured IBM Tivoli Software Suite Developed I&AM InfrastructureDeveloped I&AM Infrastructure

Development/Test/ProductionDevelopment/Test/Production

4

Vision Create an enterprise solution that is:

Standardized Interoperable Cost effective

Identification of “authoritative data Identification of “authoritative data source”source” HR Personnel Data (no PII included)HR Personnel Data (no PII included)

55

Current StateCurrent State

All environments fully functionalAll environments fully functional

Agencies in development/test/productionAgencies in development/test/production Directories/application for two agencies in testDirectories/application for two agencies in test

Directory and applications for two agencies in Directory and applications for two agencies in productionproduction

Requirements definition continuesRequirements definition continues Two new agency directoriesTwo new agency directories

Existing agency applicationsExisting agency applications

6

Ongoing Efforts Updating Business case to

determine future direction In-source vs. Out-source Development of new funding model Transition from a project to a program

E-government Portal integration Single entry point for employees,

citizens and business partners to all facets of government

77

Problems EncounteredProblems Encountered Concurrent I&AM build with new Concurrent I&AM build with new

State Data Center ConsolidationState Data Center Consolidation Hosting CostHosting Cost Lack of standardsLack of standards

State has multiple e-mail systemsState has multiple e-mail systems No standards for User IdentitiesNo standards for User Identities No standard Password PolicyNo standard Password Policy

Enterprise solution is not mandatedEnterprise solution is not mandated

8

Potential RemediesEstablishment of a governance Establishment of a governance

structurestructure Solution is not mandatedSolution is not mandated Agency commitment to meeting project Agency commitment to meeting project

scheduleschedule Currently funded via agency assessmentCurrently funded via agency assessment

Bringing the “right” people to the Bringing the “right” people to the tabletable Proper mix of business and technology Proper mix of business and technology

99

SuccessesSuccesses New agencies seeking to participateNew agencies seeking to participate Completed development for Citizen Completed development for Citizen

and Partner interfaces to directory and Partner interfaces to directory structurestructure

Demonstrated reduction integration Demonstrated reduction integration time after two integrations with one time after two integrations with one agencyagency Third effort required less than 30 days Third effort required less than 30 days

10

Q & A