Committee meeting - May 30, 2013

Melissa Conrad
Secretary to the Committee
June 12, 2013

Present:

Dave Wallace (Chair), Melissa Conrad (Secretary), Bill Baer, Bruce Campbell, Marko Dumancic, Erick Engelke, Bob Hicks, Bill Ince, Dawn Keenan, Dave Kibble, Robyn Landers, Paul Miskovsky, Carl Nagel, Terry Stewart, Jason Testart

Guests:

Lisa Tomalty

Regrets:

Andrea Chappell

Agenda

  1. IT Asset Management (ITAM) (Dawn Keenan) [1:30-1:50pm]
  2. Chair’s remarks (Dave Wallace) [1:50pm-2:00pm]
  3. Approval of the minutes of the meeting of February 7, 2013 and business arising [2:00pm-2:10pm]
  4. Identity Management, scope (Jason Testart) [2:10-2:30pm]
  5. IT Strategy, Enterprise Architecture, and Organize for Success Update (2:30-2:40pm; Andrea Chappell, Dave Wallace, Bob Hicks)
  6. Updates (2:40-2:50pm; Various)
    • Email (Bruce Campbell)
    • Active Directory (Bruce Campbell)
    • Green IT (Marko Dumancic)
    • IT security (Jason Testart)
    • Campus Firewall project (Bruce Campbell)
    • Student Printing (Bill Baer)
  7. Other business (2:50-3:00pm)
  8. Next Computing Technology and Services Committee (CTSC) meeting
    [Will be held Thursday, June 13, 2013, at 1:30 p.m., in Mathematics & Computing building (MC) 2018A.]

Asset Management project update (Lisa Tomalty)

Dawn Keenan provided a project update. The group has identified a short list which includes three vendors and one locally written system.

Keenan's ITAM presentation (PDF).

Current project status

  • Four systems under consideration
    • Communicating with Request Tracker (RT) Investigation to ensure compatibility addressing all identified needs
  • Ranking short list
    • 3 vendor products, 1 locally written
  • Additional functionality has not been addressed
    • Working with vendors to complete product reference interviews
  • Developing expected resource requirements for internal development of local solution

Next steps

  • Recommend product to implement
    • Finalize first year and ongoing budget expectations
  • Write Request For Proposal (RFP)/Request For Quote (RFQ) for selected product
    • including desired functionality beyond initial Request For Information (RFI)
  • Create project plan for Phase 2
  • Identify project team membership for implementation phase

There is a distinct advantage to go to the next level of RT rather than integrate asset management with a request tracking system. This will give us options going forward.

While an Asset Management system could be considered expensive, many of the features these systems provide are needed for compliance.

IST will provide a dedicated project manager for Phase 2 (deployment).

Chair's remarks

Organize for Success

We are moving forward in the next stages of the IST organization process. The Information Systems & Technolgoy (IST) Senior Management Team participated in an all-day workshop with Human Resources (HR) on May 23rd. Next, we complete the mapping process and fill repurposed roles via “expression of interest” and fill any other positions (due to retirements and any new Full Time Equivalent's (FTE's)). The expressions of interest will be open to IST staff only and the vacancies will follow the regular recruitment process, outlined in Policy 18.

Budget

The university budget is going forward at the June Board of Governors meeting. IT is seen as a critical. In fact, there will be an IT mini-retreat with Executive Council members in the fall.

Approval of the minutes of the meeting of May 16, 2013, and business arising

Subject to a change, the minutes of the meeting of May 16, 2013 were approved.

Identity and Access Management (IAM) (Jason Testart)

Jason Testart provided a high-level program view for what he terms “IAM Renewal”. Topics included:

  • Identity management
  • Identity elements
  • Access management
  • Sources of IAM
  • Inputs to a strategy
  • Steps to get the strategy
  • Pre-planning phases
  • Determining the direction

Testart's entire IAM presentation (PDF).

Testart is currently developing a charter for the first phase, where the scope is as follows:

  1. Define institutional roles and identify “sponsors” for the roles (e.g. “full-time employee”, “undergraduate student”, “employer” and “Human Resources”, “Registrar”, “Co-operative Education & Career Action (CECA)”, respectively)
  2. For each role defined in previous step, model the lifecycle of the role (state transition diagram).
  3. Develop a governance model and/or structure for identity management at Waterloo.
  4. Define a security architecture model for Waterloo.

Testart is considering requesting that a small team with some campus-wide representation help in this effort. Timing has yet to be determined because this is dependent on people resources.

Business workflow also needs to be considered (e.g., approvals for online expenses, training, etc.).

A synopsis of the group discussion follows:

  • Could be broadened to include other potential uses.
  • Roles do not map one-to-one to individuals. Roles can be transient (e.g., student and employee roles can overlap on either end).
  • Should have the ability to provide access even when the administrator does not personally have that access -- the concept of “delegated authority”.
  • Key to this is be audit ready - operationalize it and then go forward.
  • Include an Access Management “user story”.

Testart hopes to have the first phase complete by the end of the year. Some of this cross references with the audits.

IT Strategy, Enterprise Architecture, and Organize for Success Initiative update (Andrea Chappell (via email), Dave Wallace)

IT Strategic Plan (ITSP)

Distributed via email:

ITSP activities continue in advance of hand-off to the permanent home of these activities.

Underway:

  • Long project report (For posterity, describe project, processes, tools, deliverables, outcomes, measures, next steps, etc.)
  • Map directions and potential opportunities to Strategic Objectives - almost completed
  • Hand-off of the indicator starting points - initial discussion with Dave Kibble
  • Finalizing audit charter with Deloitte
  • Mapping of IT directions to IAP/University of Waterloo directions
  • Preparation for presentation at CANHEIT
  • Project transition to implementation:
  • Starting point for ongoing review of plan, progress updates
  • Starting point for governance and how governance and federated models will be completed
  • Audit of the project (Andrea main contact for now)

Enterprise Architecture (EA)

An EA 101 professional development seminar will be held on May 31st.

Organize for Success

Covered under Chair’s Remarks.

Updates

Email (Bruce Campbell)

  • In the last week, IST moved 1035 objects which is equal to 644GB of data as part of ‘connect’ mailbox migration.
  • A reminder to read the IST notice regarding scheduled maintenance activities.
  • A discussion regarding student e-mail in the cloud held was held at University Committee on Information Systems & Technolgoy (UCIST) on May 24th. UCIST members are in support of an investigation. Next step is publicity and possibly seeking assistance from others to lead certain elements of the project.

Active Directory (Bruce Campbell)

Order for Netwrix license for 1,000 objects is in progress (to provide auditing on Nexus).

Green IT (Marko Dumancic)

Nothing to report.

IT security (Jason Testart)

  • Memo regarding XP end of life will be distributed.
  • Version 6 of Secunia, one of the most complete vulnerability databases for application software in existence, will be deployed to academic support areas. Testart will report on any findings at the June 27th meeting.

Campus Firewall (Bruce Campbell)

No update.

Student Printing (Bill Baer)

No update.

Other business

None

Next meeting

The next meeting will be held on June 13, 2013, at 1:30pm, in MC 2018A.