Re: Gmail, etc. - Forwarding Email to Personal Accounts!

["Waller, Michael A. (HSC)" <Michael-Waller () OUHSC EDU>]

I think each institution needs to look at the ways in which it uses
email. On our campus, we do not provide secure email services at this
point and discourage all faculty, staff and students from using email to
send sensitive information. In that light, I can't imagine that it much
matters where work correspondence might be forwarded. After all, it's
sent out in plaintext over the Internet anyway.

 

For those institutions that offer secure email services, then it would
make sense to lock that down and not allow the kind of forwarding
discussed here.

 

Mike Waller

Information Security Analyst

University of Oklahoma Health Sciences Center

 

 

From: Theresa Semmens [mailto:theresa.semmens () NDSU EDU] 
Sent: Wednesday, November 08, 2006 2:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to Personal
Accounts!

 

Connie,

I hear you loud and clear!  What happens when staff and faculty funnel
that sensitive information into their personal account and wife and kids
also have access to that account?  That is a definite breach of
confidentiality in my estimation because those individuals do not have a
need to know.  And, this is just one scenario; there are several more
out there, each more serious than the last one. 

 

We are struggling with this as well.  It's a tough call because so many
claim "ownership" of that e-mail account - getting them to understand
that the institution owns the account is a difficult task.  We do a lot
of education (preaching) to our staff and faculty.  It helps to have
administration behind you.  If some areas for NDSU they are very
supportive, in other areas, they tend to want to "deal with their own."


 

Have a good day.

 

Theresa Semmens, CISA

NDSU IT Security Officer

North Dakota State University

Fargo, ND 58103

701.231-5870

Theresa.Semmens () ndsu edu

________________________________

From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] 
Sent: Wednesday, November 08, 2006 2:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Gmail, etc. - Forwarding Email to Personal Accounts!

 

 

Hi, all... we have more and more people (faculty and staff as well as
students) who want to forward their work-related messages, as well as
their personal messages, to one central email account, usually gmail.
Obviously, I am concerned about having potentially sensitive university
email content sitting on a gmail server. What are you folks doing to
manage these sorts of requests? Are you preventing staff or faculty from
doing this? If so, how has that worked? We are rapidly moving toward
expectations people have of having all of their messaging funneled to
one place, and while this is certainly convenient, I'm quite concerned
about how we can ensure a reasonable level of security.

Thanks - 

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC 
IT Security Officer
Brown University Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu <mailto:Connie_Sadler () Brown edu> 
Office: 401-863-7266
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB> 
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB