Educause Security Discussion mailing list archives
Re: Outsourcing Student Email - Security Concerns?
From: "Francis, Greg" <francis () ITS GONZAGA EDU>
Date: Thu, 26 May 2011 13:02:47 -0700
As a campus using SSO, I agree that BC is a major consideration. We chose the SSO option to keep passwords local. However, when we had an internal event that knocked out our VMWare environment, students lost the ability to login to Google. The solution is only as good as its weakest link and our internal infrastructure is probably that weakest link with regards to Google Apps. We have not changed our approach as a result of that event but it did reconfirm a weakness that we had already seen in an SSO configuration. Greg On 5/26/11 12:56 PM, "Walter Moore" <moorewr () ECKERD EDU> wrote:
Another key consideration in favor on password sync over SSO for us was Business Continuity. We're on the coast of Florida, on low land, so we must plan for complete campus shutdowns even when hurricanes miss us. On Thu, May 26, 2011 at 3:42 PM, Barron Hulver <Barron.Hulver () oberlin edu> wrote:We moved everyone go Google Apps for Edu about 3 years ago. I was involved with negotiating our agreement with Google (before it became more general) and we had our external counsel involved as well. We didn't really make that many changes to the agreement. On the technical side, we also went with a password sync process instead of an SSO. After discussions with my two people that handle our directories, we decided to implement a reduced single sign-on environment by either having applications authenticate directly to one of our two LDAP servers or use password synchronization. I preferred the password sync with Google for two reasons: 1) It is convenient for people using POP or IMAP and it enforces our password policies and 2) in the event of a communication problem to our central servers (e.g. Internet link is down or LDAP is down - almost never happens), the Google services could still be used from home. We see this as an advantage in a disaster recovery/business continuity situation. Barron Hulver Director of Networking, Operations, and Systems Center for Information Technology Oberlin College 148 West College Street Oberlin, OH 44074 440-775-8798 Barron.J.Hulver () oberlin edu http://www2.oberlin.edu/staff/bhulver/ -------- Original Message -------- Subject: Re: Outsourcing Student Email - Security Concerns? Date: Thu, 26 May 2011 11:57:48 -0400 From: Walter Moore <moorewr () ECKERD EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU There have been some fairly public debates about this, notably at Yale. http://www.yaledailynews.com/news/2010/mar/30/its-delays-switch-to-gmail/ Our discussion centered on the Google Apps SLA, but in the end our General Counsel felt was acceptable. We ended up using a password sync process instead of SSO, but you could opt to run a SAML server. In that scenario your AD password would not be stored or synced to Google Apps. Be aware that users will, in that scenario, need to set a separate password for external IMAP/SMTP clients (phones etc). On Thu, May 26, 2011 at 11:04 AM, Allen Wood <awood () hillcollege edu <mailto:awood () hillcollege edu>> wrote: Hello all, I work for a small community college and we¹re currently running Exchange 2010 for student email. Our VP likes the idea of using Google Apps for Education (or Microsoft¹s Live@edu) and freeing up that mail server for something else. I am leery of making the move and basically putting the student¹s Active Directory accounts in someone else¹s hands. I would think there are also possible compliance issues, but I haven¹t really studied that side of it yet. Have any of you ever made either side of this argument before? If so, would you mind sharing any info that you may have available that may help us decide outsourced vs. locally hosted, and maybe even Google vs. Microsoft? Thanks in advance for any info- Allen Wood
Greg Francis Director, Central Computing and Network Support Services 502 E. Boone Ave. Spokane, WA 99258-0092 509.313.6896 direct http://www.gonzaga.edu/its
Current thread:
- Re: Outsourcing Student Email - Security Concerns?, (continued)
- Message not available
- Re: Outsourcing Student Email - Security Concerns? Charles Polisher (May 26)
- Re: Outsourcing Student Email - Security Concerns? Gene Spafford (May 26)
- Google Apps additions Plesco, Todd (Jun 14)
- Re: Google Apps additions Jesse Thompson (Jun 14)
- Re: Google Apps additions Theresa Rowe (Jun 14)
- Re: Outsourcing Student Email - Security Concerns? Walter Moore (May 26)
- Re: Outsourcing Student Email - Security Concerns? Francis, Greg (May 26)
- Re: Outsourcing Student Email - Security Concerns? Mike Porter (May 26)
- Re: Outsourcing Student Email - Security Concerns? Dr. Wole Akpose (May 26)
- Re: Outsourcing Student Email - Security Concerns? Allen Wood (May 26)
- Re: Outsourcing Student Email - Security Concerns? Walter Moore (May 26)
- Re: Outsourcing Student Email - Security Concerns? Jesse Thompson (May 26)