The Advisory Committee on Academic Computing (ACAC) and Computing and Communications Services (CCS) are initiating a consultation process with the Ryerson community regarding the future of E-mail and collaboration systems for Ryerson.
The consultation is a result of:
- difficulties Ryerson has experienced in maintaining an E-mail system that is competitive with cloud services from Google, Yahoo, and Microsoft and systems commonly used in business;
- lack of a university-wide calendar and scheduling system for faculty, staff, and students;
- limitations in the Blackboard system – especially regarding collaborative tools;
- the challenges of offering other collaboration tools at a scale that can accommodate the needs and evolving expectations of all students, faculty, and staff.
In past years, ACAC and CCS has investigated various options for renewing Ryerson’s E-mail system. The costs to replace the R-mail system with a Microsoft Exchange-based system was estimated at roughly $1.5 million, even before improvements in storage capacity were considered. If the storage capacity of the system were brought in line with cloud offerings the cost would have been significantly higher. At the time there seemed to be little appetite on the part of everyone involved in the discussions for expenses on that scale. In the current economic climate there may be even less appetite for making large expenditures to renew our in-house system. In addition other collaborative systems are required beyond E-mail and calendaring including systems such as blogs, wikis, document sharing, online voice and video, and instant messaging. While CCS does provide services in some of these areas they are not designed to scale so that everyone can freely use them. Nor are they accessible in a unified portal experience; these systems are currently stand-alone.
An important trend in the university space is to move E-mail and collaboration services to one of the two free cloud-based services hosted by either Google or Microsoft. These services offer a rich range of collaborative services and features that are very difficult to match with in-house systems. For example they frequently report over 99.9% uptime, very large storage quotas, and integrated instant messaging, voice, and video services. In Canada, Lakehead University and Wilfred Laurier have outsourced their student E-mail and collaborative systems to Google. The University of Toronto is working on something similar for student E-mail, and the University of Alberta has completed negotiations with Google to host all their faculty, staff, and student E-mail and “Apps for Education” accounts. U of A’s agreement with Google prohibits data-mining and advertisements.
In light of this ACAC and CCS will:
- Investigate the benefits, costs, and risks of using a cloud service from a provider like Google or Microsoft versus locally hosted services;
- Engage the Ryerson community in a consultation process regarding options for improving E-mail and collaboration services;
- Recommend to the Provost and Vice President Academic, and to the Vice President Administration and Finance, how Ryerson’s E-mail and collaboration systems should be improved or replaced.
This web site is a first step in starting a broad dialog at Ryerson about the future of E-mail and collaboration tools at Ryerson. We hope to provide more information here and hope that members of the Ryerson community will also contribute posts and comments to this site.
As part of the broad community consultation, Ryerson’s Privacy and Cyber Crime Institute will be co-sponsoring a symposium on February 24 with us on Exploring the Future of E-mail, Privacy, and Cloud Computing at Ryerson. Our current working agenda for the conference is:
|9:30 – 10:00||Welcome and Introductions||Why are we doing this?
– Brian Lesser, Acting Director, Computing and Communications Services, Ryerson University
|10:00 – 11:00||Keynote: Will we have Privacy in the Cloud? … Only if we embed it, by Design: Implications for the Future of Privacy||Privacy by Design (PbD) has witnessed phenomenal growth in the past year, culminating in it being made an International Privacy Standard last October. What over a decade ago was an approach to integrating universal privacy principles into user-centric information and communications technologies, has since grown to encompass business processes, physical spaces, information architectures, infrastructures and ecosystems. PbD’s holistic, proactive and innovative approach to assuring privacy in the Information Era is now globally recognized. Dr. Cavoukian will discuss current trends, and applications of Privacy by Design in the emergent cloud computing space.
– Dr. Ann Cavoukian, Information and Privacy Commissioner, Ontario
|11:00 – 12:00||Privacy and the Cloud for Universities and the Real World.||In the last few years, universities and others have looked skyward as a response to managing IT costs and providing world-class services. Companies like Google, IBM, Oracle, Microsoft and Apple are now looking to the cloud to put leading-edge computing power into the hands of users. Surrendering direct custody of data and migrating student, customer and business information to the cloud raises significant and complicated privacy and security issues. David Fraser will cut through the fluff and paranoia associated with the cloud to provide a clear-eyed view of what the issues are and how they can be addressed.
– David Fraser, Partner, McInnes Cooper
|12:00 – 1:00||Lunch|
|1:00 – 2:00||Vendor Presentations||Online Services for Education from Microsoft: Live@Edu and Office 365 for Education
-Karen McGregor, Industry Solution Specialist – Education, Microsoft
Google Apps for Education: Securing EDU Data in the Cloud
-Steven Butschi, Strategic Accounts Manager, Google
|2:00 – 2:30||Privacy and Academic Freedom in the Age of Cloud Computing||As university employers make communications and vital university services available only through electronic means, they must take every reasonable action to protect the privacy of academic staff, as privacy and academic freedom are closely interlinked. That interlinkage will be discussed, and recent challenges faced by academic staff in protecting their privacy and academic freedom will be examined.
– James Turk, Executive Director, Canadian Association of University Teachers
|2:30 – 3:30||Panel Discussion||Moderator:
|3:30 – 4:00||Next Steps for Ryerson||– Dimitrios Androutsos, Chair, Advisory Committee on Academic Computing, Ryerson University|
Location: George Vari Engineering and Computing Centre
245 Church Street. Room ENG 103.
View 245 Church St in a larger map.
We hope you can join us!
- Centralizing E-mail and Calendaring at the University of Alberta
- Student eMail at U of T is changing! (updated February 7, 2011 with Report #4 which mentions negotiating with Microsoft)
- Information and Privacy Commissioner of Ontario
- Privacy By Design
- David T.S. Fraser’s Privacy Law Resources
- Google Apps for Education
- Microsoft live at edu
- MyLaurier WebMail FAQ
- University of California at Davis decides not to go with Gmail for Faculty and Staff
- Michael Geist on Outsourcing.
I could write at length why Google should be preferred to Microsoft, but I will summarize it as follows: better security, better functionality, higher ease of use. I currently use gmail as my email client whether on campus or off, have done for years and am 100% completely satisfied.
Finally!! Maybe then I can actually use my @ryerson.ca address without it filling my inbox monthly. Not to mention the collaboration tools would be great.
I like what was said on the UofA summary page. “The Canadian Privacy Commissioner’s office has stated that privacy risks from the US Patriot Act are no greater than the risks from domestic or other foreign law enforcement bodies”
Gmail and Google please. Aren’t they working in the same building as the Ryerson DMZ?
Great idea! Blackboard has always seen heat  over pricing, stifling innovation and glacial development progress. Obviously university committees are buying their software, I’m sure they’re good in the sales arena and they can easily succeed by buying up or suing competition but there are other very viable options. Google Docs, Moodle  and Sakai  are all working to improve the education experience. A university can’t afford to limit its student experience and learning by providing them unreliable, slow, expensive and feature deficient software.
Unfortunately the free Google Apps for Education suite isn’t the single answer for all the current software problems. Arizona State (for example) has been using Google Apps for Education for email and student collaboration since 2007  to save $.5M/year on email and collaboration, yet they’re still paying $2M/year in licensing for Blackboard. There’s no overlap of services because currently without serious customization and development Google Apps can’t be used for student administration, coursework presentation, course and student management or sophisticated (timed and corrective) testing. But it’s a start.
In the collaboration sphere, the one advantage I’d like to see right away, that would make a HUGE difference in how I complete collaborative assignments would be to have instructors create or just administer group documents within Google Docs. That one tiny change would enable real time collaboration, chat, and change tracking. Change tracking is the killer feature here. By having the instructor create the document or have permission to view the document they can see who added what, who jumped in at the last minute just to throw their name on the cover sheet, and who is really driving the success of the assignment. That can really take teaching and evaluation to the next level.
Google Apps doesn’t do everything. However it is a free start to a better solution. Hundreds of organizations currently use their services successfully and Ryerson should too. To solve the LMS problem concerning Blackboard, Ryerson should be contributing to and using a system like Moodle or Sakai. It only makes sense for a university, full of the brightest and most enthusiastic young minds to both use and contribute to an open source project it can actually use on a daily basis. Ryerson can help improve education worldwide by contributing and will at the same time benefit from a global force of developers consistently improving a modern system. There are other commercial offerings like the new and interesting Classleaf  but that company was started by a serial entrepreneur who will likely exit to Blackboard the moment they show him a cheque. Blackboard is by no means asleep at the wheel , but the competition is certainly gaining on them, and there’s a brighter future in using an open solution.
Steve, the issue at hand at the moment is email. Yes, it would be nice if there were something that could be an LMS & an email system, and be as usable as, say gdocs or gmail. But that ain’t gonna happen.
My understanding is that Bb will be eliminated at some point, but that’s a separate story.
Yikes. My links didn’t work. Here they are:
 Higher education needs a tech makeover
 The evolving LMS market
 Blackboard (and other closed LMS systems) make university a rip-off
 Sakai Project
 Arizona State Case Study
 Not your grandfather’s blackboard
Is anybody else concerned that Google offers these services for “free”? As the saying goes: If you’re not paying for it, it’s because you’re the product…
Usually that’s right, but Google makes a ton of money from offering the same service to businesses. I think it’s an investment that’s worthwhile: Student uses Google Apps all the way through school, starts his own business and thinks of Google Apps first. Same deal if said student joins a company instead, the first idea they have will be: “Why aren’t we using Google Apps?”
I asked Google representatives this question: “Why do you offer it for free”.
I was told that it is done for two reasons: #1) The founders created Google from a University project and it essentially was created by the fact that they were Stanford Students. This is one way for them to instill that and give back to the Educational community. #2) Exactly what Steve has said just above.
Personally, I’m less concerned with which platform is chosen rather than that all communication be consistent for every class.
The number of effective inboxes that I have to continuously check increases exponentially with the number of classes I take. This is especially true of online courses.
Email is only one of the methods that Ryerson as an institution and instructors/students use to communicate with each other, the blackboard system provides a number of communication tools that, I find, hamper communication rather than support it. For example, some professors communicate through announcements, some put announcements within deeper levels of the blackboard system (ie, on the assignments page) , some through documents attached to some page 3 layers deep in blackboard, some through announcements that are sent as emails (helpful), blackboard’s internal messaging system (painful), and other’s within blackboards bulletin board system.
I feel that the most important consideration for an email platform should not be which is most cost effective or private but most importantly that which allows for an effective funneling of information into one easy to find location (preferably a truly singular email inbox).
An important take away from this is that the locus of communication shouldn’t necessarily lie embedded, six pages deep, within my.ryerson.ca
My recommendation is: focus on making communication better. Which platform you choose is of very little importance to me, and I can comfortably say that the rest of the Ryerson community would agree that anything is better than what we have now and they likely care just as little about your choice of platform. What we do care about is receiving better communication – from the school and from our courses. That is platform independent.
As a segway, I agree with Dave Mason, Ryerson should stop wasting millions on contracted software when you have: an entire school of computer science students at your finger tips, a highly talented group of business students to manage it, and an entire school to test it – all willing to work hard for good grades putting it together. As FutureShop saved millions by getting their employees to build their website – so can Ryerson use it’s internal resources to build something phenomenal. TRSBM has already turned their SIFE program into a course that can be used to recieve credit towards education through an ENT course, the same could and should be done for other programs as well. This is just one (of many) example(s) of something the university could do on its own through internal cooperation.
I enjoyed reading your advice to focus on communication but just want to respond on the idea that students working for grades could save the University a lot of money.
Ryerson’s students are here to learn. Most are not Ryerson employees and I don’t believe we can reasonably expect large numbers of Ryerson’s Computer Science and Business students to take on too much responsibility for creating robust, secure, and scalable IT services for the University.
That doesn’t mean there isn’t a role for students. For example the Ryerson Mobile system ( see http://ryerson.ca/rmobile ) has seen significant contributions from students in the CPS 630 course and we have hired Computer Science and Image Arts students to work on Ryerson Mobile. If we’re fortunate we will have students in CPS 630 working on both Ryerson mobile and http://ryecast.ryerson.ca this year. In CPS 630 its up to the students to choose a project of interest – Ryerson doesn’t tell them to work on our systems. Many prefer to work with IBM, RIM, and other companies.
CCS also hires a small number of students on co-op and in summer positions to work on small web applications. For example a School at Ryerson with a complex prerequisite system has asked us to write a small Web application to help their students understand the downstream implications of course selections. After students on contract help us build that, we’ll work with the Registrar’s office to see if it might be helpful in some form for other students.
Perhaps more to Dave’s point, there are no shortages of architectural and usability problems in Blackboard and RAMSS. We are working on replacing the Blackboard portal right now with the open source uPortal system. That won’t replace the Blackboard learning management system (LMS) though.
I hope the Email & Collaboration Tools Consultation process we’ve started will include a discussion about LMS options – including open source software like Sakai and Moodle and what advantages they may offer us.
I certainly don’t think of myself as a technophobe….. but am I the only one deeply concerned about privacy and academic freedom here?
I don’t generally use Blackboard – I’m more likely to roll my own. I’d much rather we used some open product like Moodle. Surely we can find the resources to use open software to install and support our own versions of the systems we need. Certainly the University’s experience with contracting out leaves me profoundly unimpressed – in 3 words: RAMS, eHR, Blackboard… 10’s of millions spent for some of the worst software I’ve ever seen on the web.
I do not want my email, or that of my colleagues with whom I correspond available to 3rd parties – be they law enforcement, military, or “only” companies like Google – especially foreign. As far as I can tell the Canadian Privacy Commissioner said something quite different from what is implied by the UofA statement. In the best source I can find, she says that the USA Patriot Act isn’t likely to be the first way some body would try to get access to private data. While that’s probably a safe comment in some contexts, if there were to be another attack on the USA similar to 9/11, all bets would be off, and the Patriot Act would be invoked by the FBI/HomelandSecurity to mine every database they could get their hands on.
Please, please, please, let’s find a Made In Ryerson solution to this problem. (I have concerns about how much Oracle, for example, could get their fingers into Ryerson personnel and student data, but email and course discussion bleeding into foreign hands gives me the heebie-jeebies.)
For further information, see Michael Geist’s take on Outsourcing.
Well… The Ontario Commissioner will be at the Symposium so we can get her comments on this directly…..
What then of an “opt-out” of using gmail for those feeling uncomfortable with it.
Let’s face it, you’re colleges are probably forwarding their email to hotmail or gmail as it is. It’s safe to say that any email you send out can probably be look upon by some third party. http://twitter.com/bdlesser/status/26436104232112128
Opt out for those who don’t want it, and the rest can go to a google apps for education account.
I asked for those forwarding stats last August. On top of the 4174 undergraduate students who forward their mail to another provider, 2627 continuing education students and 184 full-time instructors also forward their mail off campus.
So as you’ve said, one problem with E-mail is that you never really know where the mail you send ends up. Just because you send it to a ryerson.ca address doesn’t mean it stays on our servers.
I think that’s one reason people may not be satisfied with an opt-out option. If most Ryerson accounts were to move to Microsoft or Google’s servers the odds would only increase that copies of E-mails from a person who opted out would end up in the cloud.
For some the point may be moot because you never really know what the recipients of your mail are going to do with it. They may forward it to other people without your knowledge or simply reply to your note but include other recipients.
I think this degree of paranoia is completely overblown. You really trust any other company or organization more than Google? They’re a publicly traded company with millions and millions of users and fierce competition ready to take over any ground they give up. Not only can they not afford the negative press or a class action suit, they’re the most carefully watched company in the world strictly because they handle everyone’s data. They’ve repeatedly refused the U.S. government access to user data. If you consider how much they have to lose, you can quickly see how it’s in their best interest to stay on the good side. Reinventing the wheel for the sake of data privacy is a waste of time and resources. Who’s to say every member of the Ryerson IT staff is more trustworthy than anyone else?
While I was interested to read the part of your comment about what Google has to lose if their service is not trustworthy I was disappointed to read your characterization of Dave’s concerns as paranoia.
I think we should welcome the expression of concerns about the Patriot Act. I hope it helps to open up a broad discussion about privacy risks that includes information about Canada’s anti-terrorism legislation and reciprocal information sharing agreements between law enforcement organizations in Canada and the United States.
The goal of this consultation is not to rubber-stamp anything. It is – in part – to consult widely with the Ryerson community. We want to encourage participation. Characterizing someone’s concerns as paranoia, or as having some degree of paranoia, just makes that more difficult. I hope the dialog here will be both informative and respectful of other people’s perspectives and contributions.
I too believe I’m far from being a technophobe, and also I agree that I wouldn’t want my email easily at the access to the FBI/CIA and so forth. Not to say there would be anything in my email that they would be interested in.
Though regardless whether we are using gmail or the matrix email facilities, any email that is sent to an address outside of this University the FBI/CIA already have access to. Even sending emails to users within the university (ie an @ryerson.ca address) isn’t guaranteed to be sent outside of the University as users commonly forward their emails to offsite accounts such as @hotmail or @gmail.
We have to realize that Ryerson’s Internet connection connects through several nodes within Canada and then passes through the trunks coming up from the United States. Email that is sent across the web is transfered from mail server to mail server is typically done unencrypted. Therefore I am quite sure that the CIA/FBI have already tapped (on American soil) few the major internet trunks that connect Canada to the States all under the cover of the Patriot Act.
With this said it would be better to advise those that use email to do so with the full understanding that their email could be read by someone else than they expected.
I think the way to go is to use Google for email and replace the ryerson webmail. I personally setup my ryerson email on gmail. Its more functional and accessible, it has more features and you can integrate with your calendar. I have used the Google Apps in a business settings, it is much better than MS exchange. Google is free and has more than 7gb of free space. I think the ryerson email has only 500mb. The google apps combine other collaboration tools which is really useful when doing group work and we have tons of that already. The blackboard framework is good for certain aspects such as looking up grades, RAMSS. However I am pretty sure there is or will be a solution to still have those features.
Let’s not forget that the issue at hand is *not just e-mail*….there’s a whole cartload of collaborative tools that faculty, staff, students and administration use and or want that CCS currently cannot provide or cannot provide effectively. Any choice of future system will have to take into consideration the landscape of what is needed, i.e., mobile phone integration, social network stuff (e.g., twitter), video broadcasting, etc…
I find it very interesting that there is so much discussion regarding cloud services. Dozens even hundreds of school and universities (and governments too) throughout the US, Europe, and now Canada are taking advantage of the cost savings, reliability and connivence of cloud email and document management. The fact is, cloud computing is simply the easiest and best way to offer services such as email, and it is only going to become more popular. Failing to embrase a new technology can only deprive the Ryerson Community of the cost savings, features and benefits that hosted services provide.
I am not ignorant of the fact that these new services are not without a few drawbacks, however many tools offered by companies such as google are in a constant state of flux and are regularly being updated and improved. Google Docs, Email, and Calendar feature sets are already significant improvements over our current services provided through RMail and Blackboard. While a services such as those google provides would not replace all Blackboard functions (yet) one can expect that it will only be a few years until we can completely replace a blackboard course schell with a smilar cloud service. Until then we can enjoy the best of both software applications (there is still money to be saved by making the switch.
As for the fact that google uses your data. This could be a concern to some individuals that manage confidential information via their email and online document services. However if we take a closer look at current technologies, our email while secure, is far from perfect. If you are transferring or sending data that extremely sensitive, one might suggest you would be better off using an encrypted service or transferring your information in person. As it is, Google has a fairly decent track record for privacy (as Tech companies go). I might also point out that a few of the same folks that have privacy concerns are some of the same folks that fail to use proper passwords for their accounts and often forward their Ryerson Email addresses to their home/priviate accounts (these accounts are often hosted on cloud storage anyway). Complete data privacy without the use of strict encryption is nothing more that a happy thought.
Hopefully I have presented a few valuable idea and food for discussion. I look forward to hearing everyones comments.
James M. Manson
Cloud Computing Consult
You wrote “As for the fact that google uses your data.” The Google Apps for Education service is different from their standard Gmail and Apps offering. They do not data-mine your mail in the Apps for Education service. Google has signed agreements – for example with the University of Alberta – that prohibit data-mining and advertising.
Regarding encryption, by default reading and sending mail to Google is encrypted.
Let’s also not forget that Google has NO ADVERTISING on the Google Education suite. So Advertising and data mining are strictly “off”.
@Brian, thank you for the clarification
I suppose I was addressing a more general concern in regards to cloud services. There is always of course the worry that policy and rule of law may change, and so it remains important to be aware that high levels of data security when communicating digitally is a very difficult feature to promise, with any service (cloud hosted or otherwise).
James M. M.
First, kudos to Ryerson and Brian to launch i) a serious investigation, and ii) a consultation of the community at large. A terrific start, for sure.
One solution is to outsource the delivery of the required services. At this point, I heard of Microsoft, Google and ORACLE as potential suppliers of turnkey solutions including email, calendaring, and office products in a cloud computing environment. There may be other competitors. For example, Revolution Linux implemented a large scale thin client deployment for a GTA-based school board, which might as well include email (on Zimbra?).
Google has a few advantages that I am aware of.
1) Google is accessible directly from the ORION backbone (no consumption of Internet bandwidth).
2) A number of Ontario school boards are already on Google Apps (e.g. York Region DSB), hence a good number of students have been using these services (including email, calendaring, office suite big 3, virtual folders) for a couple of years in the course of their studies.
3) Google Apps (e.g. Google docs) have pioneered (and possibly created) the on-line office suite market
4) There is good documentation available, such as this interesting webinar explaining how Notre-Dame University saved millions of dollars: http://www.youtube.com/watch?v=PuteocMftek
Microsoft and Oracle have also recently launched new on-line office products. Apparently, the latter would be able to supply cloud services from national servers (which would cancel the US Patriot Act objection). On the negative side, some universities (like Western?) have decided against Google precisely because of the US Patriot Act and the resulting privacy concerns. The Ontario Ministry of Education is extremely cautious to that respect.
Privacy is not the only concern, data ownership is another one (e.g. what are the rights of the supplier on our emails). Persistence (e.g. ability to delete an email forever), jurisdiction (e.g. which court would rule) and net neutrality are other related issues. The U.S. government has been working on some Terms of Service for social media and free web services.
Whatever solution seems to be the most appropriate, it would be strongly advisable to follow open procurement rules, letting all vendors compete on equal footing. To get the best bang for the buck, no vendor-specific technical specification should be “hardcoded” into the requirements. Last June the Superior Court of Quebec created a precedent when it found the Government of Quebec guilty of favouring Microsoft in a software procurement. Last December, Mme Courchesnes, Chair of the Treasury Board, announced both a bill and a policy framework making the consideration of Free/Libre Open Source Software (FLOSS) a mandatory step. If FLOSS is cheaper while meeting the requirements, then it should be used to save taxpayers’ money.
FLOSS is everywhere. According to Gartner, more than 85%-100% of organizations are using some form of FLOSS. Black Duck Software found that, in average, 22% of an organization’s software asset is licensed under a FLOSS license. Google runs on Linux servers (without mentioning Chrome & Android), Oracle owns Java and OpenOffice.org, and Microsoft used to include BSD-licensed software in Windows. From a technical standpoint, with cloud computing it does not matter to the buyer (users) what is under the hood, as long as it works, anyway.
However, FLOSS opens another option for Ryerson, other than the traditional procurement and outsourcing route. This other option consists in investing in its IT staff and to create a FLOSS Center of Excellence that will manage the entire IT infrastructure based on FLOSS.
Why is it desirable? Ryerson is a university that counts with a well established Computer Science department, an ITM departement, and the DMZ (the icing on the cake really). FLOSS not only lowers the licensing cost to $0 forever (stability), but it opens an option for the university community to modify the software, converting the IT infrastructure in an amazing lab for researchers in Computer Science, business and sociology to showcase their latest innovations. The other good news is that local companies are knowledgeable in FLOSS, hence support and expertise is available as needed (and if Ontario is not enough, there is Quebec). Finally, FLOSS permits economies of scale. If UofT, for example, were to switch to the same system, staff and expertise could be shared (if not implementations). When a university develops a subsystem, the partners will benefit from it.
This has been working for Sakai and Moodle, two very popular LMSs which have been continuously improved to better suit professors’ and students’ needs. If these FLOSS ecosystems have been growing peacefully, innovation is disputed through patent fights in the proprietary software world. Blackboard has been aggressively fighting against Desire2Learn (a Canadian company) and other LMS-providers with its patents, but it took a pledge not to attack FLOSS providers (as long as FLOSS is not bundled with proprietary software).
FLOSS has thousands of packages relevant to teaching and learning at university level. Beyond LMSs, office suites respectful of ISO standards (e.g. LibreOffice), solid statistical packages (e.g. R), software development tools (e.g. Eclipse, gcc), languages (e.g. PHP, Java), 3D design software (e.g. blender), and thousands of common FLOSS packages, Big Blue Button does webconferencing for higher education, and Asterisk does VoIP.
Europe has funded studies focusing on FLOSS from different perspectives such as cost, quality, implementation, and migration (e.g. COSPA, FLOSSmetrics, Qualipso, EDOS, MANCOOSI). There is a good body of knowledge to draw from for this study.
It is hard to beat free, specially when free means also more freedom to harness the software, to modify it and to distribute the modifications. I would argue that the question is manifold. On one hand, Ryerson’s user experience should be optimized. On another hand, the use of taxpayer’s money should also be optimized. There is a case to look for cost savings opportunity and also to justify investments that are aligned with the university mandate.
We live and compete in a knowledge economy. Building a centre of excellence would start a virtuous circle of home-grown innovation, capitalizing on knowledge and fostering its diffusion (the two key missions of the university). On the contrary, outsourcing would start a vicious cycle, relinquishing our potential knowledge to a vendor, with the additional promise to pay an undefined amount of money to run software the university would not control at any point, leading further down the road to more vendor lock-in and a weaker bargaining power in future procurement stages.
Some of you may find this landmark U.S. court of appeals decision from December heartening:
News Summary: Police must obtain search warrants before perusing Internet users’ e-mail records, a federal appeals court ruled in a landmark decision that struck down part of a 1986 law allowing warrantless access.
Appeals court: Feds need warrants for e-mail (CNET News)
Appeals court: warrant required before Feds can read e-mail (Ars Technica) http://arstechnica.com/tech-policy/news/2010/12/appeals-court-warrant-required-before-feds-can-read-e-mail-mail.ars
Email protected by Fourth Amendment, says appeals court Landmark privacy shocker (The Register)
Federal Court Protects E-mail Privacy (Ink.com)
The Fourth Amendment doesn’t protect Email as much as You might think (ZDNet)
Text of decision: http://www.eff.org/files/filenode/warshak_v_usa/6th_circuit_decision_upholding_injunction.pdf
I just wanted to say that I think a “made-in-Ryerson” solution is a very bad idea. Such a solution guarantees that we will always be five years behind what is available elsewhere, and – more importantly – that we will continue to be incompatible with systems used by colleagues at other institutions – and the rest of the world.
Only five years? Over five years ago (March 2005) Yahoo introduced a 1 GB quota for everyone using their free E-mail service. Last summer (2010) we increased Rmail quotas to 1 GB for faculty, staff, and graduate students. We didn’t have the capacity to do the same for undergrad students who we increased from 250 MB to 500 MB.
While I understand the allure of a MadeAtRyerson solution, I too am against such a solution. The HR needs to keep such a system afloat, and updated, and maintained as browsers, OSs, etc change would be HUGE.
Much better to take advantage of services, like google apps for edu. It’s cheaper, the service will be more reliable (no offence to CCS, but Google is far larger and better equipped than is CCS), and they are properly motivated to remain competitive. None of these would be true for a MadeAtRyerson solution.
This study may be of interest, too:
Cloud deployments blocked by execs over privacy concerns
Antony Savvas, Computerworld UK | 21.01.2011 kl 15:49
Top executives are blocking firms’ migration to cloud computing, according to research from the non-profit IT Governance Institute (ITGI).
The research found that 40% of C-level executives were blocking cloud deployments, with 50% of these executives concerned about data privacy as a result of going into the cloud. A further 47% were fearful about cloud security.
In addition, 35% were worried about their legacy infrastructure investments as a result of cloud migrations.
The study polled 834 executives from 21 countries, divided almost evenly between business executives (CEOs, CFOs and COOs) and IT executives (CIOs and heads of IT).
Of the executives who use or plan to use cloud computing for IT services, 60% of these were non-mission critical services.
Ken Vander Wal, international vice president of information security organisation ISACA, said, “Emerging technologies such as cloud computing can be managed effectively by integrating good governance over IT.
“Assessing the value of current investments, building consensus among stakeholders and mitigating risk with third-party providers all require a comprehensive governance framework, for organisations to be sure they are doing the right things and doing things right.”
The IT Governance Institute (ITGI) is the research affiliate of ISACA.
Copyright 2009 IDG Magazines Norge AS. All rights reserved
My question is: are these executives well-versed in the actual computery bits? Or are they just being safe?
Finally, folks have come to accept that we can’t keep using this archaic Ryerson-Matrix email system indefinitely.
There can be much said about the Google vs. Microsoft debate.
But from what I’ve gathered in the past 8 years, Google, is by far the best option! The company of former Standford University students has really lived up to its motto: “Don’t be evil”.
Congratulations to the CCS folks for finally waking up and realizing the unmet needs of the Ryerson community.
The mere thought that outsourcing email is being considered is frightening!
Firstly, this is a serious issue with respect to students’ privacy. Sure, most of them might be forwarding their emails to these services already as some of you are so quick to point out. But this is not about these students, it’s about the rest (even if very few) who count on us to uphold their privacy and their right to have their personal information fall under Canadian legislation, not the Patriot Act! It’s one thing to choose to throw away your privacy, it’s another matter entirely to have someone else do it for you. And I find that thought disgusting.
And it’s not just about student privacy: we also do research here!!! In some instances, I am contractually obligated to uphold the confidentiality of the work I do and the data I handle. If students or my colleagues or even my research collaborators want to do away with their privacy and/or compromise confidentiality, it is their choice. But I take my privacy and the confidentiality of my data very seriously and outsourcing email is simply not acceptable.
The point is, if you find that your inbox is too small and Ryerson webmail is crappy, you can still choose to forward to Google or Microsoft (or collect it locally with IMAP or POP3) if you want, but forcing everyone else to do it too is just not appropriate.
So you seem to think that because you use Ryerson’s matrix e-mail that your messages and data being sent and received are secure? Unless you’re encrypting then you are greatly misinformed.
What about the case where two professors are discussing something confidential between themselves? Both connect to RMail via a secure/encrypted channel and their messages never leave Ryerson’s servers? Or, if they communicate with professors at other Canadian Universities and research organizations that have not outsourced and where all traffic travels along CANet? (I’m not sure that CANet routes are all in Canada. I’ll have to check.)
Since Email messages have to be decrypted to be read there is no perfectly secure system. But, I think CBeau is concerned about the Patriot Act and possible legal actions in other jurisdictions and wants options that are relatively more secure. That seems like a pretty reasonable thing to me.
So I think one issue is, given Canadian anti-terrorism legislation that bypasses the courts and information sharing agreements between law enforcement agencies in the US and Canada, and the way Google/Microsoft run their services vs. how we run ours, on balance which approach better protects privacy?
It is irrelevant whether the rules in Canada or the US are ‘better’. The point is that, as a Canadian, I expect my privacy rights to be those afforded to Canadians, not to US citizens. Furthermore, as I Canadian, I have a say in legislation/government (through vote and protest) whereas I have no say in american politics and law making.
I’m curious to know if there has been any exploration regarding third party encryption tools or solutions that might work in connection with cloud tools (even on a per user scale). Such services could be made available upon request to those individuals that felt data stored on their account was sufficiently sensitive (or as mentioned above, required legally) to be secured from the potential prying eyes of service providers or even administrators. One tool/technology that may address some of the above concerns is Postini Encryption Manager (available in conjunction with Google apps I believe). Providing this service does generate additional costs, however it may manage some of #CBeau concerns that her communications comply with previously signed confidentiality agreements.
Yes, we’ve been looking at some options but need to do more. We have purchased Sophos’ end point security and email appliance software and so will take a close look at this:
I’m no expert on email encryption options but I understand that some email encryption options can be painful to use. We’d want something that doesn’t discourage use when it is needed. It would be nice if it doesn’t break the bank too!
I realise that having an easy/convenient way to encrypt mail messages would make it more likely that encryption would be used and provide a higher level of confidentiality/privacy.
This seems relevant… might be worth asking the Microsoft rep about it…
Microsoft cloud data breach heralds things to come
There was an accidental data leak in a Microsoft’s cloud services and we can expect more in the future
By: Keir Thomas, IT World
December 23, 2010, 02:29 PM – PC World – What might be the first major cloud data breach happened Wednesday. Microsoft announced that data contained within its Business Productivity Online Suite (BPOS) has been downloaded by non-authorized users.
You’d better get used to this kind of thing because we’ll be seeing a lot more of it in the future. All any of us can do is pray we’re not a victim.
The knee-jerk reaction might be to blame hackers, but that’s not so here. The breach was down to an unspecified “configuration issue” in Microsoft’s data centers in the United States, Europe and Asia. The Offline Address Book component of BPOS, which contains business contact information, was made available to non-authorized users in “very specific circumstances,” according to Clint Patterson, the poor guy at Microsoft who’s having to apologize for the mistake.
The problem was fixed two hours after being discovered (how long was it open before that?), and to Microsoft’s credit it has tracking facilities in place that allow it to clean up the mess by contacting those who downloaded the wrong data.
However, the whole affair will feel like a stomach punch for anybody considering cloud adoption in the coming year–especially those considering Office 365, Microsoft’s major cloud offering that ties into its Office suite.
As far as I can see, there are three basic threats that could lead to data leakage when it comes to cloud computing offerings from any vendor:
1. Misconfiguration of cloud service software, or bugs within the software;
2. Hackers stealing data, for fun or profit;
3. Employees being careless with data.
The third issue is nothing new, and employees with access to any sensitive data have always had the opportunity to pass it accidentally on to the wrong people. Think about all those e-mail disasters where the wrong attachment was sent, or where e-mails were accidentally forwarded to the wrong parties.
Mix humans and computers together, and there will always be issues.
However, cloud computing presents unique opportunities to mess up royally. Many cloud services make it very easy to share data with either individuals or the entire Internet. This is part of the reason cloud services exist; they allow collaborative working.
You can guess what might happen. It’s late at night and a tired employee intends to share “Invite to Xmas party” with the world, but accidentally clicks the share button on the “Quarterly accounts 2010” document. What procedures are in place to monitor these kind of shares? Would it really be the case that the first you heard of it was when one of your clients held back the giggles and politely informed you?
Misconfiguratons and bugs are perhaps a minor concern because, hopefully, cloud software goes through massive testing before it’s unleashed. And software companies never, ever make release buggy releases. Right?
Let’s move quickly on.
The threat from hackers is undoubtedly the biggest concern. Hackers are the most intelligent and devious people on the planet. Nothing will stop them. Even hackers who aren’t that intelligent or devious can cause a lot of trouble.
Having your data on your own servers, on your own premises, presented a physical barrier to hackers. Some hackers overcame even this, of course (Just Google the social engineering exploits of Kevin Mitnick), but mostly the situation was safe by design.
Encryption isn’t the final word. Even encrypted data has a history of being compromised, usually due to bugs in the encryption software.
All of this means that, if your business is going to put data into the cloud, you will have to factor in the very real possibility it will be made public at some point. It will happen. It’s just a matter of when, and what damage will be caused.
It would be interesting to visit the offices of Microsoft, Google, and others to see if they eat their own dog food: Does Google rely on Google Docs for all of its hypersensitive business data? Somehow I suspect not, although I look forward to being proved wrong.
There are laws in place covering data breaches, requiring companies to enforce reasonable security systems, but none of that amounts to a hill of beans once the data has escaped the cloud. And should stolen data be turned into a bit torrent, as appears to be the fashion at the moment, there’s absolutely no chance of discreetly cleaning up by getting the data back from those who stole it.
So many issues hang over cloud take-up that it’s hard to believe that some are referring to 2011 as the year cloud computing becomes mainstream.
Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and hisTwitter feed is @keirthomas.
See also: Microsoft Office vs.Google Docs: A Web Apps Showdown (July 2009)
According to recent reports by McAfee and Symantec, the Web is emerging as a primary platform for attacks. Question: where is it safest to keep your email messages and sensitive documents?!
Symantec MessageLabs Intelligence: 2010 Annual Security Report (Dec 2010)
Media Coverage: Botnets, Web threats take center stage in security report
McAfee Threat Report (Nov 2010)
Media CoverageMcAfee Reports Malware at All-Time High
Don’t forget to consider access and availability issues:
Geist: Location Matters Up in the Cloud (04 Dec 2010
These just out from NIST: the first document is probably worth a look:
New NIST Guidance Tackles Public Cloud Security
2 Other Special Publications Focus on Cloud Definitions, Virtualization
February 2, 2011 – Eric Chabrow, Executive Editor, GovInfoSecurity.com
The National Institute of Standards and Technology Wednesday issued two drafts on cloud computing, including the first set of guidelines for managing security and privacy in the cloud and another on cloud computing definitions. NIST issued new virtualization guidance, as well.
Special Publication 800-144 (Draft): Guidelines on Security and Privacy in Public Cloud provides an overview of the security and privacy challenges for public cloud computing and presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment.
SP 800-145 (Draft): The NIST Definition of Cloud Computing is a result of several years of documentation of cloud computing terminology by NIST researchers.
In case you haven’t had to take a look, the University of Waterloo has the results of their study into replacing their E-Mail with either Google Apps or Microsoft Life@Edu posted online. It’s a bit dated (from 2006), but it still has some interesting information.
Hm. 1.5 million? nowdays a harddrive is around $100 for a terabyte, just buy some bandwidth and get students in Computer Science and ITM to setup a open-sourced mail server, I recall postfix was pretty reliable.
Most of the discussions at the Advisory Committee on Academic Computing have been on providing E-mail, Calendaring, and other Collaboration tools for the University. So the scale of what is being discussed is more than the E-mail transport.
An important goal is to provide a secure, robust, scalable, and integrated solution for everyone. So, for example, we have looked for cost-effective storage area network (SAN) solutions that provide sufficient throughput, disk redundancy, and other features. Sadly, SAN software licensing and hardware costs are much more expensive than $100/terabyte. The same goes for fault tolerant blade-based server systems with dual power supplies, SAN adaptors and so on. Similarly, we are about to implement Email filtering appliances to better control spam.
Ouch, never mind, it comes down to stability and I guess that’s just sky rockets the cost.
Outsourcing personal stuff outside of the university is unwanted. Moreover, as a university it should be able to keep its system in house like any decent university would. Even if this is not possible, the university should try to use services within Canada that are 100% Canadian services. This is an essential service. It would be foolish to out source it. The last thing we need is the US incompetency and lack of judgment coming into the borders.
“Outsourcing personal stuff outside of the university is unwanted.”
If I have the legal language right, Ryerson acts as a custodian of the data in our E-mail and the other accounts that we host at Ryerson. If Ryerson were to outsource E-mail, Calendaring, and some Collaboration services, I imagine we would insist on retaining custody or control of the data. I believe that was part of the University of Alberta agreement with Google. So even though the data is stored outside Ryerson, the University still retains some form of custodianship or control over the data. I hope we will have a chance to hear more about what retaining custodianship means at the Symposium and hope you can attend to hear about it.
“Moreover, as a university it should be able to keep its system in house like any decent university would.”
More and more Universities are choosing to outsource. You can see a map of the Universities that have selected Google here:
For a list from Microsoft have a look here:
Both cloud services have millions of active educational users.
“The last thing we need is the US incompetency and lack of judgment coming into the borders.”
I think you are referring to U.S. Law enforcement agencies but I’d like to mention that Google and Microsoft run very large-scale operations that are more highly available, robust, and secure than the systems provided by the University sector. Their cloud services are strategic multi-billion dollar investments in a highly competitive market. They have poured massive resources into building and enhancing their services at a scale and utility that Universities simply cannot match. I’m sure issues about outsourcing to the US will be discussed at the Symposium. You may be surprised – as I was – at what you hear from the experts.
I agree with you Brian. I have been known to be displeased by aspects of American behaviour. That notwithstanding, it’s the *numbers* that matter. My understanding is that systems like gmail are more robust and more secure than Rmail currently is.
Given a proper agreement with a service provider regarding who “owns” what etc, I really don’t see what the fuss is.
Could you speak a bit more to what you meant by this comment:
Perhaps more to Dave’s point, there are no shortages of architectural and usability problems in Blackboard and RAMSS. We are working on replacing the Blackboard portal right now with the open source uPortal system. That won’t replace the Blackboard learning management system (LMS) though.
Specifically with respect to what uPortal will be replacing? I’m not sure I understand how Blackboard, the portal and LMS are exclusive from each other.
Sure. In simple terms a portal is like a shell application that provides access to many different applications via a single log in. Ryerson purchased both the Blackboard Web portal and the Blackboard Learning Management System(LMS). Today the Blackboard portal is what you log into when you visit http://my.ryerson.ca and the Learning Management System is what you use when you visit an online course inside http://my.ryerson.ca.
Blackboard’s portal product has not changed much since we first started using it in 2003. Even though we license it separately, it is completely integrated with the LMS. The Blackboard portal and LMS are basically the same software running on the same servers. If a module in the LMS slows down under load so does the portal. If the LMS crashes it takes down Ryerson’s entire my.ryerson.ca portal with it. That means that RAMSS, eHR, and other systems are not accessible until the Blackboard system can be brought back online.
When we replace the Blackboard portal with uPortal you won’t notice much of a difference. You’ll still log into my.ryerson.ca and everything will work pretty much as before. However the uPortal system will be completely independent of the Blackboard LMS. It is separate software running on a different set of servers. If the LMS crashes the portal will continue working and so you’ll still be able to use it to reach other applications like RAMSS and eHR.
We should have a beta site available soon where you can try out uPortal running on a test server.
Anyone that uses Groupwise on a daily basis would jump at the chance to use gmail.
Pingback: Symposium Webcast | Email & Collaboration Tools Consultation
David Fraser’s slides from yesterday’s presentation: http://blog.privacylawyer.ca/2011/02/ryerson-university-looks-to-cloud.html
Pingback: Symposium Presentations and Other Resources | Email & Collaboration Tools Consultation
Well looks like cloud based email is not all that after all. I would hate to be one of the 150,000 people who’s email account went poof 🙂 Might want to rethink the whole cloud thing……
You can follow Google’s progress as they work on recovering everyone’s mail here:
Their last post I read said: “…we expect a resolution for all users within the next 10 hours…
The remaining 0.012% of accounts are being restored on an ongoing basis.”
See also: http://gmailblog.blogspot.com/2011/02/gmail-back-soon-for-everyone.html
it would be awesome if it’s developed by students, I mean with more than 8500 students, I’m sure we can all contribute something right?
That won’t work. It’s a WONDERFUL principle, but there are too many pragmatic hangups. I would urge Ryerson to get as many students as possible involved in the computery side of things, but the resources needed to keep a home-brewed system up reliably, and secure, is just too much for a “volunteer” workforce to deal with.
um prehaps, 2 system where the unsecure stuff goes to home and the secure one goes to other? I mean single interface but additional API that goes to a home network so by default the message are sent as the liable source and users have option of choosing home network. I mean when I look at my email system in ryerson, half of the time it’s to communicate between classmates discussing projects and group work.