IDENTITY ACCESS MANAGEMENT – PHASE 0 – IDM REPLACEMENT

December 5, 2013

Executive Summary

• Identity Access Management (IAM)* solution will be end-of-life in Dec 2013– Current solution deployed in 2004

– Oracle has sunset the solution in favor of its own product – no upgrade path available

• Significant risk associated with having a production IDM solution that is not supported by the vendor– External facing for key functions such as password resets

– Critical platform for security & compliance

• Solution replacement is required to stay on supported and secure technology

2

*Lighthouse Waveset Identity Manager, formally Sun and then Oracle

Business Problem:

3

Proposed Solution

Financial Summary -Phase 0

4

Project Costs Funding by Fiscal Year (Project Costs)Software/ Hardware: $575,000 FY13 $94,581

Assessment: $94,581 FY14 $449,656

Internal Labor: $381,824 FY15 $1,262,147

External Labor $754,979 TOTAL $1,806,384

Misc./Other: $0TOTAL $1,806,384

Depreciation: $1,521,659

Ongoing costs: $700,300

Expense 16%, Capital 84%

NOTE: Maintenance costs for the software are will remain relatively flat (i.e. what is paid today for IDM is similar).

5

Benefits• Cost Reduction / Avoidance

Avoidance of enhancements on end of life solution, throwaway customizations – required if project is delayed (~$1.3M annually)

Enhancements become less expensive, as software is more easily configured (vs. customized)

Decreased costs for integration with other applications (for provisioning)- not custom connectors for every deployment

• Risk Mitigation IDM is critical to the business – user management, password resets etc for ANY

person accessing a major SPE system – current supported SW is mandatory Prevents and protects against security and vulnerability findings such as

• Java and other technology versions

• External facing issues requiring remediation of critical vulnerabilities in 1-3 calendar days

6

Competitive Analysis

• The most popular IAM solutions other corporations have chosen are:– SailPoint– Oracle– CA– NetIQ– Microsoft

• Recent studios implemented the following: Paramount Pictures –Microsoft and Disney -CA

• Other SailPoint customers: RBS, BNP Paribas, Fidelity, Wellpoint, Bank of America, JP Morgan Chase, MGM Resorts, Cardinal Health, Adobe, ING DIRECT, Sallie Mae, OfficeMax, Exxon Mobil, UBS, UPS, Travelers, New York Life

7

Timeline- Phase 0

Nov ’13 Dec‘13 Jan’14 Feb ’14

March ’14

April ’14

May ’14

June ’14

July ’14

Aug ’14

Sept ’14

Oct ’14

Nov ’14

Dec ’14

FY2015FY2014

Project GreenlightProject Kickoff

Greenlight Prep

Planning /Blueprint

Solution Architecture & Design

Implementation

Hypercare

8

SailPoint IdentityIQ (IIQ) has been chosen as the replacement for the current IDM Lighthouse Waveset Identity Manager existing solution.

The IIQ Base Product includes the following:• Identity Governance Platform – Identity Warehouse (aggregation and

correlation engine); Generally available connectors to support 3rd party software applications, databases and platforms; Role Modeler; Policy Catalog; Risk Analyzer

• Identity Intelligence – Dashboards, Reporting, Advanced Analytics• Unlimited instances for development, test, and high availability

environments as needed to support the production instanceIn addition, the following IIQ Modules are add-on Modules to the Base Product and are in scope for Phase 0:• IdentityIQ Lifecycle Manager Module- Self-service Access Request and

Password Management, Automated Lifecycle Event Management, Process Assembler and Preventive Policy Enforcement

• IdentityIQ Provisioning Engine Module -SailPoint’s generally available provisioning connectors for processing changes to user access within 3rd party software applications, databases, and platforms

• IdentityIQ Service Desk Integration Module (for ServiceNow)- Generate help desk tickets automatically from IdentityIQ to ServiceNow

Proposed Solution