Educause Security Discussion mailing list archives
Re: Outsourcing Student Email - Security Concerns?
From: Barron Hulver <Barron.Hulver () OBERLIN EDU>
Date: Thu, 26 May 2011 15:42:57 -0400
We moved everyone go Google Apps for Edu about 3 years ago. I was involved with negotiating our agreement with Google (before it became more general) and we had our external counsel involved as well. We didn't really make that many changes to the agreement.
On the technical side, we also went with a password sync process instead of an SSO. After discussions with my two people that handle our directories, we decided to implement a reduced single sign-on environment by either having applications authenticate directly to one of our two LDAP servers or use password synchronization. I preferred the password sync with Google for two reasons: 1) It is convenient for people using POP or IMAP and it enforces our password policies and 2) in the event of a communication problem to our central servers (e.g. Internet link is down or LDAP is down - almost never happens), the Google services could still be used from home. We see this as an advantage in a disaster recovery/business continuity situation.
Barron Hulver Director of Networking, Operations, and Systems Center for Information Technology Oberlin College 148 West College Street Oberlin, OH 44074 440-775-8798 Barron.J.Hulver () oberlin edu http://www2.oberlin.edu/staff/bhulver/ -------- Original Message -------- Subject: Re: Outsourcing Student Email - Security Concerns? Date: Thu, 26 May 2011 11:57:48 -0400 From: Walter Moore <moorewr () ECKERD EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU There have been some fairly public debates about this, notably at Yale. http://www.yaledailynews.com/news/2010/mar/30/its-delays-switch-to-gmail/ Our discussion centered on the Google Apps SLA, but in the end our General Counsel felt was acceptable. We ended up using a password sync process instead of SSO, but you could opt to run a SAML server. In that scenario your AD password would not be stored or synced to Google Apps. Be aware that users will, in that scenario, need to set a separate password for external IMAP/SMTP clients (phones etc). On Thu, May 26, 2011 at 11:04 AM, Allen Wood <awood () hillcollege edu <mailto:awood () hillcollege edu>> wrote: Hello all, I work for a small community college and we’re currently running Exchange 2010 for student email. Our VP likes the idea of using Google Apps for Education (or Microsoft’s Live@edu) and freeing up that mail server for something else. I am leery of making the move and basically putting the student’s Active Directory accounts in someone else’s hands. I would think there are also possible compliance issues, but I haven’t really studied that side of it yet. Have any of you ever made either side of this argument before? If so, would you mind sharing any info that you may have available that may help us decide outsourced vs. locally hosted, and maybe even Google vs. Microsoft? Thanks in advance for any info- Allen Wood -- +-----------------------------------------------------------------+ Walter R. Moore -- Sr. Systems Administrator, Eckerd College moorewr () eckerd edu <mailto:moorewr () eckerd edu> -- http://home.eckerd.edu/~moorewr "It was glorious to see -- if your heart were iron, And you could keep from grieving at all the pain" - The Iliad (13.355) I'm on twitter: http://twitter.com/moorewreckerd ***Reminder! ITS will never ask you to e-mail your password!***
Current thread:
- Re: Outsourcing Student Email - Security Concerns?, (continued)
- Re: Outsourcing Student Email - Security Concerns? Kenneth G. Arnold (May 26)
- Re: Outsourcing Student Email - Security Concerns? Dr. Wole Akpose (May 26)
- Message not available
- Re: Outsourcing Student Email - Security Concerns? Charles Polisher (May 26)
- Re: Outsourcing Student Email - Security Concerns? Gene Spafford (May 26)
- Google Apps additions Plesco, Todd (Jun 14)
- Re: Google Apps additions Jesse Thompson (Jun 14)
- Re: Google Apps additions Theresa Rowe (Jun 14)
- Re: Outsourcing Student Email - Security Concerns? Kenneth G. Arnold (May 26)
- Re: Outsourcing Student Email - Security Concerns? Walter Moore (May 26)
- Re: Outsourcing Student Email - Security Concerns? Francis, Greg (May 26)
- Re: Outsourcing Student Email - Security Concerns? Mike Porter (May 26)
- Re: Outsourcing Student Email - Security Concerns? Dr. Wole Akpose (May 26)
- Re: Outsourcing Student Email - Security Concerns? Allen Wood (May 26)
- Re: Outsourcing Student Email - Security Concerns? Walter Moore (May 26)
- Re: Outsourcing Student Email - Security Concerns? Jesse Thompson (May 26)