- Created by Vidhyadharan-ext, Vaishna on Jun 30, 2023
Initiative brief
Readme
* Required information
Project details
Phase |
|
|---|---|
Status | IN PROGRESS UNDER REVIEW APPROVED NOT APPROVED |
Start Date | Starting March 1rst 2023, with deployment per application (each application host in Solvay datacenters would be transitionned to this standard solution with its individual plan)
|
Initiative name ID Provided by DT PMO | Standard security posture |
Description of the initiative | The initiative aims at standardizing the security exposure of Solvay application on internet and intranet. Indeed, in the current setup, services are exposed with different patterns (Level 4 and Level 7 load balancer or Reverse Proxies). The ambition of this initiative is to rationalize and standardize the technology later protecting applications and services. This would increase reliability while simplifying maintenance for the different applications. |
Domain & Product | |
Requested Domain Journey / Platform |
|
| Involved Domain Journey/ Platform |
|
Initiative Ownership | |
Digital Technology Partner | Head of PF Guillaume LHOMEL |
Product Manager / Service Delivery | Service Delivery Manager Romain BERGER Didier LONGERAY PF Engineer Binh NGUYEN |
Roadmap & Key objectives | |
Roadmap |
|
2023 Digital Technology Key objective | |
Priority | Enter the level of priority of your initiative: P1 must do by day 1/ P2 can do/ P3 parked for now P1 |
Phase 1: Envision - High level initiatives
Do
Create Envision brief if the initiative is part of the validated roadmap
- Highlight roadmap value
- Request a budget for Strategize if you need one
- Security scoring
- RADAR/SENTRI
Don´t
- Request platform resources if the business capability is already identified and clear
- Write portfolio epics, epics and user stories
Identify squad resources
First, let´s start with the Problem space
1.1. Reason
* Why is this initiative proposed today?
| Design a standard way of exposing a service to users whether on internet or intranet (replacing the big diversity of solutions in place today such as direct exposure, NAT, load balancers L4, load balancers L7...) to unify our security posture |
1.2. Benefits
What are the new capabilities expected?
| Improve Security posture |
What will it replace? Is it a new solution or an existing one?
| NA |
1.3. Target users
Who are the future users?
| All users access to DT applications from intranet or internet |
What is the number of users impacted?
| All users access to DT applications from intranet or internet |
What about the Business Needs?
1.4. Value proposition
What is the value of the initiative?
| Improve Security posture |
1.5. Business goals
How does the product / deliverable align with the business goals?
| Run the business (part of "Infrastructure Security exposure regroupment) |
1.6. Challenges
Are there any challenges in developing the product?
| No developpment of production |
1.7. Business metrics
How will we measure success?
| % of standardization of access |
1.8. Cybersecurity
Please duplicate this template in this folder. Then, for the envision phase, answer to the 7 high-level questions in the "Security Scoring" sheet. These questions will help the SIP team to determine the level of cybersecurity & compliance support you will need. Please contact the team by email: @SIP_team@solvay.com
1.9. Up to investment
Estimated Delivery phase start date*
| Estimated Delivered end Quarter* 20th December 2023 |
What is the coherent money to commit on the initiative?*
| 2023 (in K€)* | 2024 (in K€)* | 2025 (in K€) | |
|---|---|---|---|
Estimated size of investment (high level) | 80 |
What is the coherent run and build commit on the initiative?
Estimated run costs (estimation high level) - on 10Y (if already known) | Type of savings expected /year for DT (Ex: Contracts, FTE, ...) |
1.10. Resources
What skills and talents do we need?
| H&C Tech Lead, Platform Architect |
1.11. Methodology to apply (refer for Accolade)
Do you think if your initiative is compatible with a waterfall approachor with an agile approach?
|
If the initiative will be done in Agile methodology, please contact during the strategize phase Nicolas LOVAGNINI
Phase 2: Strategize
Do
- Identify portfolio epics and epics within each portfolio epics
- Create a document / slide / spreadsheet to build your epics and put a link in the bief
- Estimate experts and budget by portfolio epics or by increment
- Show SMART KPI (Specific, Measureable, Archievable, Relevant, and Time-Bound)
- Evaluate the impact on Solvay One Planet objectives
Don´t
- Identify squad resources (naming)
- Write user stories
Now, we can move on to the Solution space
2.0 Scope / Deliverables
What is the scope (technical, functional & organizational) / deliverables foreseen?
2.1. Actions to complete
| Mandatory actions * (please contact them together if possible) | ||
|---|---|---|
Description of the action / task | Contact | Document & examples (please make your own copy and insert new link here) |
Contact each relevant pool lead to book resources in the capacity planning tool
| Complete Capacity planning tool | |
Complete Accolade
| Claire Bazin | Complete Accolade |
Review with Enterprise Architect the actual solution answering the objective
| Complete Architecture Impact Analysis (AIA) | |
Check you have confirmed the involvement of each platform | Revert to SDM of each Platform | |
Identify security needs (Confidentiality, Integrity, Availability) and define security measures to be implemented by the initiative team
| Complete“SIP Support tool” | |
Support for budget estimation (via the Workload & Cost), Financial evaluation (Total Cost of Ownership over 10Y), saving validation
| W&C: to be filled in to Accolade in preparation phase TCO over 10Y: | |
| Optional | ||
If any relation needed with a supplier
| ||
If it concerns a key supplier, a sourcing strategy has to be defined
| ||
If conformity by design is required
| GMP (pharma), ISO | |
If Data Governance is required: identify the business objects
| Data Governance Strategise for Initiative Briefs | |
2.2. Users needs
What do users dislike about the current solution?
Applicable when a new solution is developed
What tools or features do your users wish to have?
What value will it add to the user´s lives?
What alternative do we have?
2.3. Risk Analysis
What are the risks (refer to Risk analysis matrix in Accolade)?
2.3. Solvay One Planet Objectives
What is the qualitative assessment of Hardware/ Data processing/ Project’s contribution to Solvay One Planet?
- Is the business ambition you will support improving or not sustainability? - Will you increase or decrease the number of hardware we need to operate? How much ? - Will you generate or transfer an important amount of data, especially videos? How much? |
My tasks
- Enter your task here, using « @ » to assign it to a user and « // » to select a due date
- Enter your task here, using « @ » to assign it to a user and « // » to select a due date
- Enter your task here, using « @ » to assign it to a user and « // » to select a due date
- No labels