Educause Security Discussion mailing list archives

Re: Gmail, etc. - Forwarding Email to Personal Accounts!

From: Theresa Semmens <theresa.semmens () NDSU EDU>
Date: Wed, 8 Nov 2006 14:22:10 -0600

Connie,

I hear you loud and clear!  What happens when staff and faculty funnel that
sensitive information into their personal account and wife and kids also
have access to that account?  That is a definite breach of confidentiality
in my estimation because those individuals do not have a need to know.  And,
this is just one scenario; there are several more out there, each more
serious than the last one.



We are struggling with this as well.  It's a tough call because so many
claim "ownership" of that e-mail account - getting them to understand that
the institution owns the account is a difficult task.  We do a lot of
education (preaching) to our staff and faculty.  It helps to have
administration behind you.  If some areas for NDSU they are very supportive,
in other areas, they tend to want to "deal with their own."



Have a good day.



Theresa Semmens, CISA

NDSU IT Security Officer

North Dakota State University

Fargo, ND 58103

701.231-5870

Theresa.Semmens () ndsu edu

  _____

From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU]
Sent: Wednesday, November 08, 2006 2:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Gmail, etc. - Forwarding Email to Personal Accounts!





Hi, all. we have more and more people (faculty and staff as well as
students) who want to forward their work-related messages, as well as their
personal messages, to one central email account, usually gmail. Obviously, I
am concerned about having potentially sensitive university email content
sitting on a gmail server. What are you folks doing to manage these sorts of
requests? Are you preventing staff or faculty from doing this? If so, how
has that worked? We are rapidly moving toward expectations people have of
having all of their messaging funneled to one place, and while this is
certainly convenient, I'm quite concerned about how we can ensure a
reasonable level of security.

Thanks -

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
IT Security Officer
Brown University Box 1885, Providence, RI 02912
 <mailto:Connie_Sadler () Brown edu> Connie_Sadler () Brown edu
Office: 401-863-7266
PGP Key:  <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB>
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB

Current thread:

Gmail, etc. - Forwarding Email to Personal Accounts! Sadler, Connie (Nov 08)
- <Possible follow-ups>
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Geoff Nathan (Nov 08)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Theresa Semmens (Nov 08)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Ken Connelly (Nov 08)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Pace, Guy (Nov 08)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Parker, Ron (Nov 08)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Theresa M Rowe (Nov 08)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! hokan (Nov 08)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! David Lundy (Nov 08)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Theresa M Rowe (Nov 09)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Geoffrey S. Nathan (Nov 09)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Mark S. Bruhn (Nov 09)
- Re: Gmail, etc. - Forwarding Email to Personal Accounts! Mike Wiseman (Nov 09)

(Thread continues...)