Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Outsourcing Student Email - Security Concerns?

From: Barron Hulver <Barron.Hulver () OBERLIN EDU>
Date: Thu, 26 May 2011 15:42:57 -0400
We moved everyone go Google Apps for Edu about 3 years ago. I was involved with negotiating our agreement with Google (before it became more general) and we had our external counsel involved as well. We didn't really make that many changes to the agreement.
On the technical side, we also went with a password sync process instead of an SSO. After discussions with my two people that handle our directories, we decided to implement a reduced single sign-on environment by either having applications authenticate directly to one of our two LDAP servers or use password synchronization. I preferred the password sync with Google for two reasons: 1) It is convenient for people using POP or IMAP and it enforces our password policies and 2) in the event of a communication problem to our central servers (e.g. Internet link is down or LDAP is down - almost never happens), the Google services could still be used from home. We see this as an advantage in a disaster recovery/business continuity situation. 


Barron Hulver
Director of Networking, Operations, and Systems
Center for Information Technology
Oberlin College
148 West College Street
Oberlin, OH  44074
440-775-8798
Barron.J.Hulver () oberlin edu
http://www2.oberlin.edu/staff/bhulver/




-------- Original Message --------
Subject:        Re: Outsourcing Student Email - Security Concerns?
Date:   Thu, 26 May 2011 11:57:48 -0400
From:   Walter Moore <moorewr () ECKERD EDU>
Reply-To:       The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
To:     SECURITY () LISTSERV EDUCAUSE EDU



There have been some fairly public debates about this, notably at Yale.
http://www.yaledailynews.com/news/2010/mar/30/its-delays-switch-to-gmail/

Our discussion centered on the Google Apps SLA, but in the end our
General Counsel felt was acceptable. We ended up using a password sync
process instead of SSO, but you could opt to run a SAML server. In that
scenario your AD password would not be stored or synced to Google Apps.

Be aware that users will, in that scenario, need to set a separate
password for external IMAP/SMTP clients (phones etc).

On Thu, May 26, 2011 at 11:04 AM, Allen Wood <awood () hillcollege edu
<mailto:awood () hillcollege edu>> wrote:

    Hello all,

    I work for a small community college and we’re currently running
    Exchange 2010 for student email.  Our VP likes the idea of using
    Google Apps for Education (or Microsoft’s Live@edu) and freeing up
    that mail server for something else.  I am leery of making the move
    and basically putting the student’s Active Directory accounts in
    someone else’s hands. I would think there are also possible
    compliance issues, but I haven’t really studied that side of it yet.

    Have any of you ever made either side of this argument before?  If
    so, would you mind sharing any info that you may have available that
    may help us decide outsourced vs. locally hosted, and maybe even
    Google vs. Microsoft?

    Thanks in advance for any info-

    Allen Wood




--
+-----------------------------------------------------------------+
Walter R. Moore --  Sr. Systems Administrator, Eckerd College
moorewr () eckerd edu <mailto:moorewr () eckerd edu> --
http://home.eckerd.edu/~moorewr

"It was glorious to see -- if your heart were iron,
And you could keep from grieving at all the pain" - The Iliad (13.355)

I'm on twitter: http://twitter.com/moorewreckerd

***Reminder! ITS will never ask you to e-mail your password!***
Previous By Date Next
Previous By Thread Next

Current thread: