Initiative brief

(lightbulb) Readme

* Required information

Project details

Phase

  • Envision
  • Strategize

Status

IN PROGRESS  

Start Date

 

Initiative name

ID Provided by DT PMO

not provided yet because need an Envision PB Go

Description of the initiative

Needs description: This project is related to the incident that impacted Torrelavega SodaAsh site and the connection from Dataiku to Vendohm Database. An assessment was done and the team find out more 150 projects that are out of GCP Landing Zone, which represents a high security risk as the projects are not under full DT control.

Following non exhaustive actions needs to be taken:
- Classifying the projects and searching for the application owners/accountables
- Decommissioning the non used projects (Bringing some potential OPEX savings)
- Identity and Access management cleaning
- Application replatforming including network changes

Added value: this project is a security remediation plan so the added value is to improve our cloud cybersecurity posture.

Please see here more information for this project.

Budget estimated: the budget will be estimated in the Strategize phase, however, this budget will be fully included in the actual budget of the Information Security & Compliance platform. So this is not a new budget request.

Domain & Product

Requested Domain Journey / Platform

  • Platf1- Data & Analytics & AI Platform
  • Platf2 A- Develop, Test & Deploy Platform
  • Platf2 B- Multi experience Platform
  • Platf2 C- Ent. Business Systems Platform
  • Platf3 A- Ecosystem Platform
  • Platf3 B- Hybrid & Cloud Platform
  • Platf3 C- Intelligent Asset Platform
  • Platf4- Info Security and Compliance Platform
  • Platf5- Workplace Platform
  • Journ1- Digital Customer Journey
  • Journ2- Digital Ops & Corporate Enablement Journey
  • Journ3- Digital Employee Journey
  • Journ4- Prepare the Future & Connected Research Journey
  • DTmng3- DT Enablement & Transformation
Involved Domain Journey/ Platform
  • Platf1- Data & Analytics & AI Platform
  • Platf2 A- Develop, Test & Deploy Platform
  • Platf2 B- Multi experience Platform
  • Platf2 C- Ent. Business Systems Platform
  • Platf3 A- Ecosystem Platform
  • Platf3 B- Hybrid & Cloud Platform
  • Platf3 C- Intelligent Asset Platform
  • Platf4- Info Security and Compliance Platform
  • Platf5- Workplace Platform
  • Journ1- Digital Customer Journey
  • Journ2- Digital Ops & Corporate Enablement Journey
  • Journ3- Digital Employee Journey
  • Journ4- Prepare the Future & Connected Research Journey
  • DTmng3- DT Enablement & Transformation

Initiative Ownership

Digital Technology Partner

TAN, Li-Lian Benjamin POISSONNET OSMANI, Hachem Fadi BECHARA Eric TOURNIER Jean Rozé Anja Milenkovic 

Product Manager / Service Delivery

RUAULT, Luc 

Roadmap & Key objectives

Roadmap


2023 Digital Technology Key objective

S&C Cloud cybersecurity posture

Priority

P1

Phase 1: Envision - High level initiatives

Do

  • Create Envision brief if the initiative is part of the validated roadmap

  • Highlight roadmap value
  • Request a budget for Strategize if you need one => not needed, budget will be included in the actual S&C platform budget
  • Security scoring 
  • RADAR/SENTRI  

Don´t

  • Request platform resources if the business capability is already identified and clear
  • Write portfolio epics, epics and user stories

  • Identify squad resources

First, let´s start with the Problem space

1.1. Reason

* Why is this initiative proposed today?

  • Solvay Google Cloud Platform has been used since 2015
  • It was only in 2020 where the definition of “Landing Zone” has been implemented, with managed service contract with Vanenburg
  • The priority was to manage those in the Landing Zone with the Key Partner, focusing on security by design and new workloads
  • However, there are still a high volume of workloads running outside Landing Zone
  • These workloads are “managed internally by other platforms”, some are lacking of ownership due to legacies, or managed with an agency that does not fall into an official service contract
  • During the Cloud Penetration Test in December 2021, “critical” vulnerabilities and misconfigurations have been remediated throughout 2022
  • Since Q4 2022 and 2023, there are still some “medium” and “low” vulnerabilities and misconfigurations on GCP

1.2. Benefits

What are the new capabilities expected?

No new capabilities only security remediation.


What will it replace? Is it a new solution or an existing one?

No replacement and no new solution, only security remediation.

1.3. Target users

Who are the future users?

No impact on users.


What is the number of users impacted?

No impact on users.


What about the Business Needs?

1.4. Value proposition

What is the value of the initiative?

This project is a security remediation plan so the added value is to improve our cloud cybersecurity posture.

1.5. Business goals

How does the product / deliverable align with the business goals?

Business is not involved in the project however the objective of this project is to improve our Cloud cybersecurity posture in order to prevent any GCP security issue (data leak, availability issue...).

1.6. Challenges

Are there any challenges in developing the product?

No major challenge identified except the timing.

1.7. Business metrics

How will we measure success?

Complexity level were defined here - so success measurement will be performed based on this complexity level.

1.8. Cybersecurity

Please duplicate this template in this folder. Then, for the envision phase, answerto the initiative card tab and  to the 7 high-level questions in the "Security Scoring" tab. These questions will help the SIP team to determine the level of cybersecurity & compliance support you will need. Please contact the team by email: @SIP_team@solvay.com

The "Initiative Card" and the "Security Scoring" are fulfilled. Please find here the SIP Tool.

1.9. Up to investment


What is the coherent time to commit on the initiative?*

Estimated Delivery phase start date*

 

Estimated Delivered end Quarter*

Q4 2023


What is the coherent money to commit on the initiative?*


2023 (in K€)* 2024 (in K€)* 2025 (in K€)

Estimated size of investment (high level)

135k€

between 150 k€ and 200 k€


What is the coherent run and build commit on the initiative?

Estimated run costs (estimation high level) per year on xxYear (xx= duration of the contract if known) + Type of run cost

No run costs.

Type of savings expected /year for DT (Ex: Contracts, FTE, ...)  

1.10. Resources

What skills and talents do we need? 

This list will be adjusted in the Strategize phase but here are some assumptions:

  • DT LT members (for arbitration on projects under their platforms responsibility: KEEP or DECOMM)
  • S&C Platform: Fadi Bechara, Anja Milenkovic
  • H&C Platform: Alexandre Mathe, Khemaies KEBAIER 
  • Development, Test & Deployment Platform: Alexander Henry Tejasukmana, Darren Ong
  • Application Owners
  • Acenture: some support from Accenture will be maybe needed
  • Vanenburg: in case of rebuild is needed


1.11. Methodology to apply (refer for Accolade)

Do you think if your initiative is compatible with a waterfall approachor with an agile approach?

  • Agile model
  • Waterfall model
  • I do not know at this stage

If the initiative will be done in Agile methodology, please contact during the strategize phase Nicolas LOVAGNINI

Phase 2: Strategize

Do

  • Identify portfolio epics and epics within each portfolio epics
  • Create a document / slide / spreadsheet to build your epics and put a link in the brief
  • Estimate experts and budget by portfolio epics or by increment
  • Show SMART KPI (Specific, Measureable, Archievable, Relevant, and Time-Bound)
  • Evaluate the impact on Solvay One Planet objectives

Don´t

  • Identify squad resources (naming)
  • Write user stories


Now, we can move on to the Solution space

2.0 Scope / Deliverables

What is your list of scope if waterfall initiatives (technical, functional & organizational) / deliverables foreseen? What are your list of Epics if Agile initiatives?

EPIC 1: Study and arbitrate 150 projects with each Head of Platforms to define planning for Wave 2 & 3

  • List of GPC projects with information updated (owner, scope, architecture,...) and decision (keep/kill)
  • Presentation for arbitration
  • Workload & Cost estimation + Capacity for each project rebuild/move
  • Planning for Wave 2 & 3

EPIC 2: Quick win actions (decomm & replatform) projects into Landing Zone

  • Project removed (18) or moved (11)
  • Documentation updated (Update referential master data, CMDB)

EPIC 3:  Rebuild of Vendohm application into AWS

  • New architecture designed (HLD & LLD)
  • Project rebuilt in LZ 
  • Current project removed
  • Data and database optimization
  • Handover to OPS team (Infosys)
  • Update referential master data, CMDB

EPIC 4: Decom projects linked to Dataiku

  • Project removed or moved
  • Update referential master data, CMDB

2.1. Actions to complete 

Mandatory actions (please contact them together if possible)

Description of the action / task

Contact

Document & examples (please make your own copy and insert new link here)

Contact each relevant pool lead to book resources in the capacity planning tool

  • check once done to inform the contact       ARPIN, Florine  

ARPIN, Florine 

Complete Capacity planning tool

Complete Accolade

  • check once done to inform the contact       Claire Bazin   
Claire Bazin Complete Accolade

Review with Enterprise Architect the actual solution answering the objective

Françoise BERGAME (Structure)

Complete Architecture Impact Analysis (AIA)

ARB & AIA


Alexandre Mathé

Check you have confirmed the involvement of each platform


Revert to SDM of each Platform

Identify security needs (Confidentiality, Integrity, Availability) and define security measures to be implemented by the initiative team

Benjamin POISSONNET 

Complete the security questionnaire in “SIP Support tool

The questionnaire applied only for EPIC 3 - Vendohm rebuild

Support for budget estimation (via the Workload & Cost), Financial evaluation (Total Cost of Ownership over 10Y), saving validation

  • check once done to inform the contact           Jill Wilson  

Anne-Laure ALLARD

W&C: to be filled in to Accolade in preparation phase

TCO over 10Y: 

xxxx - Business Case/Financial evaluation 10Y

If Data Governance is required: identify the business objects

Philippa de Glanville 

Data Governance Strategise for Initiative Briefs
Optional

If any relation needed with a supplier

BLANCHER, Alexis 


If it concerns a key supplier, a sourcing strategy has to be defined

Isabelle Auboeuf 


If conformity by design is required

Emmanuelle Bureau 

GMP (pharma), ISO

2.2. Users needs

What do users dislike about the current solution?

Applicable when a new solution is developed

N/A


What tools or features do your users wish to have?

N/A


What value will it add to the user´s lives?

Security improvement


What alternative do we have?

Keep the current solution but with security issues

2.3. Risk Analysis

What are the risks (refer to Risk analysis matrix in Accolade)?

https://biarritz.solvay.com/Project/Page/getlayout?projectid=12255&layoutid=21

2.3. Solvay One Planet Objectives

What is the qualitative assessment of Hardware/ Data processing/ Project’s contribution to Solvay One Planet?

- Is the business ambition you will support improving or not sustainability?

no

- Will you increase or decrease the number of hardware we need to operate? How much ?

yes, by database optimization for EPIC-3 Vendohm we will reduce CPU consumption

- Will you generate or transfer an important amount of data, especially videos? How much?

for EPIC-3 Vendohm the current data stored is 18TO => will be reduced

My tasks

  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date
  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date
  • Enter your task here, using « @ » to assign it to a user and « // » to select a due date



  • No labels