Tuesday, May 18, 2010

Two universities rethink Gmail migration plans

The University of California at Davis (UCD) and Yale University were considering moving their email systems onto Gmail, but both have put those plans on hold for the moment. The CIO of UCD, Peter Siegel, said that he was not prepared to risk the security or privacy of the school’s 30,000 faculty and staff.

Yale has delayed a more general migration to Google apps, including Gmail, citing security and privacy concerns over cloud-based management of their data. Michael Fischer, a computing professor, said that
Google stores every piece of data in three centers randomly chosen from the many it operates worldwide in order to guard the company’s ability to recover lost information — but that also makes the data subject to the vagaries of foreign laws and governments, Fischer said. He added that Google was not willing to provide ITS with a list of countries to which the University’s data could be sent, but only a list of about 15 countries to which the data would not be sent.
So there is a concern that the personal data of students and faculty is being stored outside US jurisdictions. However neither UCD or Yale ruled out migrating to Google cloud applications once there was adequate transparency for the protection of data.


dre said...

I'm all for a balance of transparency and data protection. However, you're going too far by saying that GMail or Google storage is at risk while the data is at rest.

"Data in motion" presents much more of a risk. The way that Google stores the data is very safe and secure. It's basically perfect security.

In Google storage, files have random names and the data is ciphered (albeit in a meaningless way). The data is also scattered. There are more rules and regulations around separation of duties and job rotation for the roles that engineers who would have access to these disks than anywhere else in the history of the world. Google's process is flawless and allows them to provide amazing automated capabilities that precludes the need for full disk encryption (even BitLocker has disclosed many vulnerabilities uncovered through penetration-testing over the years -- no crypto system is flawless, even the ones that are formally verified).

You are mistaking curiosity with paranoia.

Dr. Luke O'Connor said...

The post is reporting on two universities that are delaying migration to Gmail, both of which have talented IT security people on their faculties. If they have baulked at the migrating then I can only assume that the "perfect security" of Google's storage is not as transparent and obvious as you say, or the storing of data at a collection of undisclosed international locations is not acceptable.

Don't mistake caution with disbelief.