IT security
According to Tim Vaverchak, program director, identity & access management, in the Harvard University Information Technology (HUIT) orga- nization, the University Identity and Access Management (UIAM) effort began with careful planning. It was important to lay out the context and vision for the effort in the IAM Program Plan created in the first six months of the program, he said: “I believe it was a key foundation to ensure the program delivered on the value proposition over many years and changes in leadership.” As mentioned in the plan, the vision of the program was to: “Provide users, application owners and IT administrative staff with secure, easy access to applications; solutions that require fewer login credentials; the ability to collaborate across and beyond Harvard; and improved security and auditing.”
“We have made tremendous gains in standard- izing and securing our environment through the HarvardKey deployment,” Vaverchak said, “and we are continuing to grow our service offerings and work with our schools to drive consistent process adoption throughout the university.”
Still, there were some initial false starts during the IAM improvements. When the University IT Strategic Plan was first developed, the CIOs of the various schools of Harvard recognized that there would be great value in sharing common identity, authentication and authorization func- tions across the university, Vaverchak explained. It took some time, however, to be able to coalesce that felt need into terms and a vision that could be recognized by other leaders across the university. “Prior to the UIAM program, there were several efforts that focused more on the technology than on the business process changes that the program would enable,” he
22
CAMPUS TECHNOLOGY | March/April 2019
“This is not something where you work on it and then you are done. You need to have flexibility in your environment to take on new use cases, because they will crop up.”