Email & Collaboration Tools Consultation

April 23, 2019

On April 10, 2019 we reviewed the letter of recommendation to close the RMail service submitted by the Advisory Committee on Academic Computing (ACAC). We also reviewed the letter from the dissenting member of ACAC regarding other options.

We accept the recommendation of the ACAC to retire the RMail service.

The ACAC consulted widely on this issue. The committee provided a thorough rationale for this recommendation and has determined that Gmail is a more secure working environment than RMail. The suggested alternatives to RMail were found to be neither practical or cost-effective. The recommendation includes a series of next steps leading to the gradual retirement of the RMail system.

Closing the RMail system will reduce the risks of successful attacks on email accounts and the people who own them at Ryerson University. The ACAC and CCS have been involved in ongoing efforts to improve cybersecurity at Ryerson and remain committed to minimizing the risks of successful attacks.

We want to thank the committee for their contributions and continued efforts.

Dr. Michael Benarroch
Provost and Vice President, Academic

Deborah Brown,
Vice-President, Administration and Operations

Ryerson University

On April 9, the Advisory Committee on Academic Computing (ACAC) voted six-to-one to recommend that Ryerson’s RMail service be closed in favour of using Ryerson’s Gmail service. The following is the final text of the recommendation. In addition to the letter of recommendation a more informal alternative proposal was requested from the dissenting voter. It is also reproduced below. Both the letter of recommendation and alternative suggestion were provided to the provost and vice-president academic and to the vice-president, administration and operations on April 10, 2019.

Letter of Recommendation to close the RMail service

April 9, 2019

Introduction

The Advisory Committee on Academic Computing (ACAC) initiated a consultation process beginning November 13, 2018 regarding the possibility of shutting down the RMail system in favour of using Ryerson’s instance of Gmail. The consultation included:

1. one mass mailing to the entire Ryerson community followed by two mass mails to all RMail users;
2. use of the https://email.blog.ryerson.ca/ site to post the emails and to solicit feedback;
3. a set of surveys (http://email.blog.ryerson.ca/2019/04/06/is-it-time-to-shutdown-rmail-survey-results/);
4. a town hall on March 12, 2019 and March 21, 2019 attended by a total of 11 people;
5. a compilation of anonymized email responses.

The primary impetus for the consultation was concern regarding the security of the RMail system. Despite significant efforts by CCS, the system has not kept pace with the increasing sophistication and persistence of attackers. Gmail has demonstrated much better security in part because of Google’s security investments and in part because the size of the Gmail system provides Google with unparalleled threat intelligence.

During the consultation there were several concerns and objections raised to shifting from RMail to Ryerson Gmail accounts. These were:

1. reluctance to change systems because the change would be disruptive – especially regarding learning and adapting to a different system;
2. objection to using Google because people don’t trust Google to protect their privacy (because Google has a commercial interest in selling ads based on people’s behaviour or because people believe U.S. law enforcement and intelligence agencies have direct access to Google’s systems);
3. reluctance to change systems because RMail works better for some people;
4. Gmail is not accessible in some countries such as China where it is blocked.

Changing Systems

Gmail’s web interface is significantly different from RMail’s web interface and does require time to adapt. In some cases it may appear that Google is not able to do some things that RMail does. However, in every case we’ve investigated the same tasks were possible but had to be done differently. People who use email software on their computers instead of the Web interface would be less affected by the change but still must reconfigure their systems to work with Gmail. These differences mean that online information, training and consulting will all have to be available to RMail users before a change is made. The change cannot be made quickly without sufficient lead time.

Objections to Google

Based on the emails received, the surveys, and the town halls there are a small number of people who very strongly object to using Google’s services. They do not believe that Google’s enterprise service offerings and Ryerson’s agreement with Google mean Google will protect their privacy and data. For some of them, Google’s consumer services are an example of surveillance capitalism and Google’s enterprise services are unlikely to be any different.  

When Google Apps for Education was first adopted by Ryerson a full privacy impact assessment was completed. The assessment included the Patriot Act in the U.S. and is available online:

Email and Collaboration Tools Privacy Impact Assessment

Recent email.blog.ryerson.ca posts discuss what has changed since then. Essentially Google has improved its resilience to nation-state spying, improved its overall security posture, and discontinued scanning related to showing ads in all its email services. (Ryerson does not use Google’s consumer Gmail system and ads have never been available in Ryerson accounts.) While people strongly object to using Google the committee has not found a factual basis for these objections. On the contrary, Google’s Enterprise services are independently audited for privacy and security:

https://gsuite.google.com/learn-more/security/security-whitepaper/page-5.html

As almost all work-related correspondence is now in Gmail there is no advantage to offering another system to people for regular Ryerson work purposes. When people have special needs for end-to-end encryption, anonymity or other features to communicate securely with people outside Ryerson, there are specialized and freely available email services available to them. A frequently cited example in our consultation was Protonmail.  

Access from China and other countries

CCS has found that some Ryerson systems – such as our Central Authentication Service – are not always available from all networks in all countries. Therefore there is no 100% solution to this problem. However, for China and some other countries CCS can inexpensively setup a series of proxy systems that provide access to Ryerson’s locally and remotely hosted services internationally. Unlike Ryerson’s current solution to this problem, the proxy services do not require installation of software on user’s computers and introduce less latency.

Recommendations

The committee recommends the following:

1. No new RMail accounts be created after this proposal is formally approved and announced on the consultation site.
2. RMail users be given until July 31, 2019 to delete any email they do not want copied to Google.
3. Beginning on August 1, all RMail accounts will be gradually moved to Google so that all accounts are moved before August 15, 2019.
4. CCS provide updated training, online information, and consultation services to assist with the transition from RMail to Ryerson Gmail accounts.

-Brian Lesser,
Chief Information Officer
Chair of the Advisory Committee on Academic Computing

Alternative Letter

If Ryerson is willing to give faculty members any choice of what email platform they use, and thus the ability to opt out of Gmail, one potential solution might be keeping just an edge email system and small mailbox server on‐premise.

As we understand them, the primary arguments against having a choice for email systems primarily revolve around the University’s inability to effectively secure the alternate system and the cost of maintaining and supporting a second system. Given these considerations, a possible option that might accomplish the goal of minimizing the monetary investment and security risks associated with having a secondary system on premises could be a small hybrid Exchange and Office 365 deployment. To many at Ryerson, there are no valid arguments for everyone not going to the Gmail system, however, we have not heard from a silent majority of the faculty members that are still on RMail. There have been countless complaints about the move to compel everyone into a one‐size‐ fits‐all solution including, but not limited to:

• workflow changes between the two systems – email interactions are still some of the primary functions that faculty members use when communicating with colleagues and other collaborators
• storing their email in a Canadian jurisdiction
• accessing their emails in countries where Google is explicitly banned giving users the freedom to choose where they store sometimes‐privileged information

In addition to the concerns affecting faculty directly, there are at least two institutional concerns:

• having all of your investment and resources in one Cloud provider
• limiting the opportunity for the University to explore other Cloud options in the future

One of the primary issues with the current solution is a lack of any hybrid cloud/on‐prem option and the inability to choose the data centre within which your data will reside ‐ it is effectively an all‐or‐ nothing situation (if we eliminate RMail completely without allowing for other options). By maintaining a passthrough edge server in Toronto, we can eliminate email storage (using RMail), on‐ premise phishing attack/spam filter services and have the edge simply act as a forwarder to each respective Cloud‐hosted email system. Mail flow would be directed to the appropriate provider depending on where the user’s mailbox is located (as is done now by Ryerson’s edge servers). To meet the security requirements set out by the University, we would insist that the email goes through the Cloud spam filtration system (Gmail or Office365) to reduce the risk of viruses, phishing attacks, and spam. This would provide faculty members with an alternative rather than requiring everyone to use a Gmail account when there is some strong opposition. An on‐premises Microsoft Exchange server could be deployed and connected to the Cloud on a CCS‐managed virtual server. To minimize the cost, the Cloud instance would be the default mailbox location unless explicitly objected to by faculty members. Those concerned with having their email stored and hosted in remote data centres / off‐site could have their email housed on the local exchange server. The on‐ prem server would have no uptime guarantees or built‐in redundancy and would merely exist to meet the needs of certain academics to have their email stored on‐premises.

If ultimately, the decision is made to not host email anywhere on‐premises at least the users will have some recourse over what commercial organization they choose to store their data with.

As part of the consultation regarding the future of RMail three simultaneous surveys were conducted between January 21, 2019 and March 8 2019. The three surveys were sent to three different groups:

The survey results have been provided to the Advisory Committee on Academic Computing and will be reviewed prior to making a recommendation regarding the future or RMail.

This blog post was originally sent via email to Ryerson students, faculty and staff currently using RMail. We encourage you to join the discussion in the comments section below.

When Gmail first became available at Ryerson, approximately 57 per cent of RMail users moved to using a Ryerson-provided Gmail account. Since then, newly arriving faculty and students have overwhelmingly opted to use Ryerson-provided Gmail accounts. The following graph shows the percentage of people who opted to use Gmail every month since 2013:

The spikes above 100 per cent represent people switching from RMail to Gmail in order to maintain an alumni account.

Gmail use steadily climbing

In the last year, without counting alumni accounts, the average monthly opt-in rate for Gmail has been 93 per cent. As a result, the number of Gmail users has steadily increased over the last six years.

As of November 2018, 90 per cent of all active accounts are in Gmail. That’s 83,602 active accounts in Gmail and 9,508 accounts in RMail. (Most RMail accounts are student or old department accounts.) Based on current opt-in rates, we expect the trend to continue until approximately 93 per cent or more of Ryerson’s email accounts are in Gmail.

Gmail is where Ryerson’s work-related email is stored

When an RMail user writes to someone else at Ryerson, they are more than likely writing to someone using Gmail. As such, using RMail does not prevent work-related email from making its way into Gmail.  Even when writing to another person using RMail (or another email system), there is no way to stop that person from copying or forwarding that email to someone else’s Gmail account. What’s more, 19 per cent of instructors using RMail forward all their mail to an email system outside the university. Based on the very high adoption rate of Gmail at Ryerson, it is now the primary place where work-related emails are stored.

For anyone who stayed with RMail because they didn’t want their email to be stored on Google’s servers in the United States, this may be discouraging news. But then again, the advantage of storing data in Canada may never have been quite what people hoped for.

Only in Canada?

When Gmail was introduced at Ryerson, some people were concerned about email being hosted in the U.S. This concern was later reinforced by early reporting of Edward Snowden’s leak of National Security Agency (NSA) files. The first reports (about PRISM) in the summer of 2013 claimed that the NSA had direct access to Microsoft, Google, Apple, Yahoo, and Facebook’s servers. It sounded like the NSA could access anything in their data centres at any time. A week after the initial reports, it turned out that wasn’t the case. See for example the Washington Post article, Here’s everything we know about PRISM to date.

On the other hand, it turned out that a system located in the UK and managed by Britain’s Government Communications Headquarters (GCHQ) in partnership with the NSA was intercepting transatlantic communications between data centres belonging to Yahoo and Google. In response, Google implemented strong encryption for all their data centre communications and now encrypts all data while it’s stored and inactive. Wikipedia has a good summary of the project MUSCULAR surveillance program.

Since 2013, nothing significant has changed regarding the risks of hosting email with Google in the U.S. Given reciprocal law enforcement agreements between the U.S. and Canada, and Canada’s laws which largely mirror the provisions of the Patriot Act, hosting email in the U.S. does not expose that data to significantly greater risk from government access than if it were to reside entirely in Canada. If a U.S. intelligence or law enforcement agency wants Canadian data that they don’t already have, they can ask for it from a Canadian intelligence or law enforcement agency. “Canada has a ‘secret court’ that allows ex parte applications for warrants, including sneak and peek warrants.” Canada also has “warrantless wiretap powers for international communications” like they do in the U.S. For more on this, please read:

• Don’t use the Patriot Act as an excuse from IT World Canada
• Edward Snowden says Canadian spying has weakest oversight in Western world from CBC News
• Communication Security Establishment’s cyberwarfare toolbox revealed from CBC News

I thought Ontario’s Information and Privacy Commissioner summed up this state of affairs well at Ryerson’s 2011 Symposium on Privacy and the Cloud: “Whether you have the Patriot Act or not it doesn’t matter. There will always be law enforcement methods and techniques that will access certain types of information here, there and everywhere.” Read the privacy commissioner’s full quote.

Thinking about risks

While hosting data in the U.S. doesn’t, by itself, significantly increase privacy or security risks, that doesn’t mean we don’t have to look closely at those risks. Privacy and security were important factors in Ryerson’s selection process, as outlined in the Is Ryerson Ready to Go Google? blog post, that led to negotiating an agreement with Google. You can also read about our Email and Collaboration Tools Privacy Impact Assessment.

One reason we selected Google was because of their excellent work on securing their systems and pushing back against law enforcement requests for user information. You can read a little bit about Google’s security in my previous blog post, Comparing the security of RMail and Gmail.

In the end, RMail isn’t offering the protections people hoped it would. It isn’t keeping mail out of the U.S., or from Google’s servers, and it isn’t protecting mail as well as Google does.

How would a transition to Gmail work?

A transition to Gmail would most likely happen in a series of steps:

1. To begin with, the option to use RMail for new accounts would be removed. All new accounts would be created in Gmail.
2. A three-month transition period would be provided so RMail users could download and/or delete any mail they don’t want moved to Gmail. During this period, anyone who is ready to move to Gmail can do so by opting-in to Ryerson Gmail.
3. After three months, all RMail accounts would be moved to Gmail.

While a move to Gmail may be a little disruptive for some RMail users, email client software like Microsoft Outlook and Mozilla Thunderbird can continue to be used.

In the near future, a survey will be shared to understand any concerns you may have about moving to Gmail. We’ve already heard some great feedback. For example, Gmail is blocked in China and some other countries. How will students working at a distance access their Ryerson email account? Some people who have used both systems have found they are more productive using RMail. Some don’t trust Google or have a strong preference that the university locally host its own email system. This is all valuable information for the Advisory Committee on Academic Computing to consider.

Yours truly,

-Brian

Brian Lesser
Chief Information Officer
Ryerson University

In July 2017, I received an email from a professor reporting a spear phishing attack against Ryerson. He was one of the 500 people targeted with a message asking them to log in to a Ryerson site that wasn’t actually set up by Ryerson. The attacker had created a copy of the RMail login page on their own server so they could capture Ryerson usernames and passwords.

While the attacker sent the message to 500 people, only the 14 people who were using RMail ended up with the message in their inbox. The remaining 484 active accounts were all on Gmail. Google’s email filters correctly identified the message as a phishing attack and diverted it to their spam folder.

CCS’ response to the spear phishing attack

In response to the attack, Computing and Communications Services (CCS) blocked access to the attacker’s website from Ryerson’s network. We also detected that seven people visited the malicious site. Eventually, CCS contacted the 14 people who received the email with information about what to do if they had entered their Ryerson password on the fake site.

Overall, had all the recipients been protected by Gmail, the risk of compromised accounts would have been much less and CCS’ follow-up work would have been unnecessary.

Phishing and malicious link alerts

Gmail not only diverts phishing messages into your spam folder, but also inserts a warning and removes the malicious link to prevent you from clicking on it.

Here’s an example of a phishing email received in a Gmail account in January 2018:

For comparison, this is the same message as received in an RMail account. Notice that hovering over the malicious link shows it leads to the attacker’s server and not to a Ryerson site:

Detecting malware

Despite significant effort by CCS to improve RMail’s security, it’s been difficult to match it with Gmail’s ability to detect malicious email attachments. Google’s anti-malware system automatically runs many types of executable files and allows the code to execute inside simulated PC and Mac environments.

Running these files allows Google to detect malware without relying on file signatures which only works if there is a match to a specific malware type. CCS has attempted to set up a similar service for RMail but doing so caused long delays in delivering email and was less effective at detecting evasive malware than a similar cloud-based service.

Two-factor authentication compatibility

RMail does not work with Ryerson’s two-factor authentication system as the software used to provide the RMail service does not support Ryerson’s Central Authentication Service (CAS). CAS is the system you use to log in to the my.ryerson portal and systems like Gmail, Google Drive, eHR, D2L Brightspace and RAMSS amongst others.

Since CAS is also the system that provides two-factor authentication, the same issue does not exist for Gmail, which works with CAS. To increase RMail’s security, we’re investigating requiring RMail users to log in to one of our firewalls using two-factor authentication before logging in to RMail. While the two logins may be a hindrance to RMail users and would require additional work on CCS’s part, at least RMail accounts would be better protected.

Operating on a global scale

Overall, Gmail is much more secure than RMail and other locally-hosted solutions. Part of the reason for this is due to Google’s ability to operate at a scale that allows them to detect and respond to attacks quickly and effectively.

At the 2018 Google Next conference, Google announced that they:

• support 1.4 billion monthly active Gmail users, including 80 million students;
• stop 99.9 per cent of spam and phishing attacks; and
• block 10 million bad messages per minute.

Why does this matter?

Occasionally, someone will tell me none of this really matters because they aren’t going to be fooled by phishing attacks and know better than to open most attachments. I wish that’s all there was to it. The truth is that RMail is a security liability.

Compromised RMail accounts can be used by attackers to send very convincing phishing and other malicious emails to other people at Ryerson. Those emails can be injected into existing email discussions and will deceive just about everyone. This phishing technique has been successfully used at other universities to compromise accounts as part of payroll diversion attacks.

Seven years ago, running RMail in parallel with Gmail didn’t seem that risky. CCS already had in place both open source and proprietary spam and attachment filtering systems that worked reasonably well. But a lot has changed since then—the internet has become an increasingly hostile place. RMail has fallen behind and we don’t have the capacity to protect it in the same way Google can protect Gmail.

References

Of course, there is much more to Gmail security so I have provided references for those who may be interested.

• Electronic Frontier Foundation’s Encrypt the Web Report
• New Built-In Gmail Protections to Combat Malware in Attachments
• Understanding differences between corporate and consumer Gmail threats
• Protecting You Against Phishing
• A reminder about government-backed phishing
• G Suite Security and Trust (Scroll down to get to the content.)

Readers may also be interested in our first blog post for this consultation, “Is it time to shut down RMail?”.

Yours truly,

Brian Lesser
Chief Information Officer
Ryerson University

This blog post was originally communicated via email to Ryerson students, faculty and staff currently using RMail.

This blog post was originally communicated via email to students, faculty and staff at Ryerson University. We encourage you to join the discussion in the comments section below.

Ryerson is conducting a consultation to inform recommendations on the future of the RMail system at the university. Over the next 10 days, subsequent messages and a survey invitation will be emailed directly to current RMail users and also posted on our Email & Collaboration Tools Consultation blog for discussion.

Everyone in the Ryerson community is welcome to share thoughts on this topic whether or not they are current users of RMail.

Why hold a consultation?

In November 2011, the Advisory Committee on Academic Computing (ACAC) recommended adopting Google Apps for Education—now called G Suite. Since then, 93 per cent of the Ryerson community have chosen to use Gmail at Ryerson instead of our older RMail system. At the time, ACAC recommended re-evaluating the use of RMail after two years:

“The RMail system is not expected to provide the capacity or quality of service of GMail. After two years Ryerson will re-examine the use of RMail as an opt-out option—especially to explore if there are better ways to mitigate any risks of using a provider in a foreign jurisdiction and to review the quality of service offered by RMail.”

Seven years on from ACAC’s recommendation, it’s now time to consider if Ryerson should shut down RMail and move entirely to Gmail.

Cybersecurity concerns with RMail

There are two important reasons to consider shutting down RMail at this time:

1. Email-based attacks have become more sophisticated with greater implications for recipients. RMail is now significantly less secure than Gmail.
2. The growing use of Gmail at Ryerson means almost every work-related email that was sent to or from an RMail account is now stored in someone’s Gmail account. Using RMail does not mean your email content is prevented from being stored in Gmail.

Ryerson’s safeguards from Google tracking

Ryerson’s agreement with Google has never permitted data mining or web and application tracking. As such, Google has never been (and is still not) able to track your Google services usage while you’re logged in to your Ryerson Google account.

What’s more, over the past seven years, Google has continuously made G Suite more secure. They now strongly encrypt all data at rest and in transit and have worked consistently to better protect Gmail accounts from phishing attacks. Google not only disabled ads in G Suite for Education but also shut down the scanning process that enabled ads.

Would you switch to Gmail? Have your say

In the next 10 days, we will post more information about the challenges of trying to secure RMail, the growing use of Gmail at Ryerson and how we might eventually migrate accounts from RMail to Gmail.

Please visit the Email & Collaboration Tools Consultation blog to share your thoughts on the idea. As part of this consultation, we plan to survey RMail users to make sure we understand any concerns they may have about moving to Gmail.

Please also feel free to write to me directly about this proposed change. ACAC will review the response from the Ryerson community before making a recommendation on the future of RMail.

Yours truly,

Brian Lesser
Chief Information Officer
Ryerson University

The following documents comprise Ryerson University’s Privacy Impact Assessment (PIA) of Google Apps for Education.

Ryerson began a community consultation process in January of 2011 regarding the future of email and collaboration systems at the university. A full description of the goals of the consultation are available in the introduction page of this site.

The first major event of the consultation was the February 24, 2011 symposium on Exploring the Future of E-mail, Privacy, and Cloud Computing at Ryerson. Video of the entire symposium is available online as are the presentation materials. The symposium – including the Information and Privacy Commissioner (IPC) of Ontario’s presentation – had a significant impact on how we approached assessing the risks of cloud-based and locally hosted email and collaboration systems. Dan Michaluk, a partner at Hicks Morley, posted this article about the IPC’s presentation: Commissioner Cavoukian Says the Patriot Act Is “Nothing”. Shortly afterwards Ryerson began to develop, with the assistance of the IPC, its own PIA methodology based on the principles of Privacy by Design.

In March of 2011 we began collecting detailed requirements for email and collaboration tools from the Ryerson community that resulted in a Request for Proposals (RFP). Significant sections of the RFP were devoted to accessibility, security, privacy, ownership of data, mail opt out options, legal jurisdictions, and the Patriot Act. The RFP was posted on August 22, 2011 and closed on October 3rd.

Following a lengthy and detailed evaluation of the proposals, the Advisory Committee on Academic Computing (ACAC) voted unanimously to recommend that Ryerson adopt Google Apps for Education for use by students, faculty and staff. The recommendation was accepted in January of 2012 and Ryerson began the process of negotiating an agreement with Google as well as assessing more deeply the impact on privacy, financial risk, integration and security of Google Apps for Education.

The following documents comprise the Privacy Impact Assessment that resulted from this process.

Google Apps for Education became available at Ryerson in October of 2012. Support and other information related to Google Apps are available online at

http://ryerson.ca/google/

-Brian Lesser

Director, Computing and Communications Services

RyersonPIA-EmailandCollaboration

Google Admin Settings – PIA 2014 – Sheet1

I am pleased to announce that Ryerson University has reached an agreement with Google to make Google Apps for Education available to all students, faculty, and staff. Google Apps is a powerful collaboration platform that includes Gmail, Google Calendar, Google Talk, Google Drive and other services.

Starting on the Thanksgiving weekend, Computing and Communications Services (CCS) will begin the process of setting up Google accounts for everyone at Ryerson. Faculty and students who opt to use Gmail instead of Rmail will have their email moved to Gmail as will all Ryerson staff. Note: your email address will not change and you will not see advertisements. (GroupWise users will receive more information via email.) If everything goes according to plan you will have access to Google Apps by October 9.

More information about Google Apps and how to opt-in to Gmail is available at http://ryerson.ca/googleI encourage you to visit the site to find out more.

The decision to adopt Google Apps for Education was made after a year-long consultation process that considered issues of privacy, security, accessibility, platform features, and cost effectiveness. More information on the consultation process is available on the consultation blog at http://email.blog.ryerson.ca. I am thrilled that the process led to the adoption of a new online working environment for Ryerson University. I hope you enjoy using it to collaborate and communicate.

Julia Hanigsberg
Vice-President, Finance and Administration 

Thank you to all who attended the Going Google at Ryerson – Privacy and Security Information Sessions. For those of you who were unable to attend, you can watch the presentation here:

https://ryecast.ryerson.ca/25/watch/2017.aspx

Many great questions about the project were brought forward, which helps us a great deal as we work on building our FAQ. If you have further questions about the project, privacy, and security, or Google Apps in general, we’d love to hear them. Please post your questions here, or email them to:

apps@ryerson.ca

If you are interested in participating as an early adopter of Google Apps in our Beta testing project phase, please email apps@ryerson.ca to be put on the list of testers.

Ryerson has selected a third party system integrator to help us implement Google Apps for Education at Ryerson. SADA Systems Inc. http://www.sadasystems.com/cloud-solutions-google-apps.php is working with Computing and Communications Services (CCS) on project planning, data migration, system integration, and community training.

The SADA team visited Ryerson on the week of April 10 and were able to help CCS validate and refine much of the CCS implementation team’s initial project planning. We are also working on a communications strategy to make sure the Ryerson community knows what to expect and where to go for help.

We are continuing to work on adding more detail to our privacy impact assessment, the financial risk assessment, integration, accessibility and security assessments which are all key pieces as we move ahead with negotiating an acceptable agreement with Google.

Our initial plan is to migrate to Google in three steps:

1. Alpha Testing: move some CCS staff to Google
2. Beta Testing: move early adopters (volunteers) from across the University to Google
3. Migrate faculty, staff, and students to Google in September

This timing is only preliminary! Until an agreement is signed with Google, and we have done more testing, we will not know if we will be able to start the migration process early in the Fall term.

Faculty and Students will have the opportunity to opt in to Google’s Gmail service or continue using Rmail. There is no opt out for Google Calendar or the other services that make up Google Apps for Education. Our current plan is to make a form available later this summer in the my.ryerson.ca portal. Faculty and students will see the form when they log in. The form will ask them to choose between using Rmail or Gmail.

We will post more information as it becomes available on this blog.

Updated April 27 to indicate our current plan is to provide Gmail as an opt-in option rather than an opt out.