Is Ryerson Ready to Go Google?

Is Ryerson Ready to
Go Google?
Town Halls November
14 and 25, 2011
Brian Lesser, Director,
Computing and Communications Services
Agenda
●
●
●
●
●
●
●
Welcome – Julia Hanigsberg
How did we get to this point? – Dimitri
Androutsos
Request for Proposal Update – Brian Lesser
Draft Proposal to Adopt Google Apps – Brian
Lesser
About Google Apps for Education – Brian
Lesser
Privacy – Heather Driscoll
Discussion – Dimitri Androutsos
Things We Really Worried About
●
●
●
●
●
●
●
●
Security (Remember http://hotmail.com?)
Privacy (Google Buzz? Facebook... Nooo!)
Data mining / advertising
Jurisdictional Issues (Patriot Act + FIPPA, etc)
Loss of Control (Ownership of data, config,
ability to administer and audit system, etc.)
Accessibility (Partial compliance???)
Hidden Costs
Vendor Stability, accountability, and ongoing
competitiveness of their services
Things We Were Told
"Whether you have the Patriot Act or not - it
doesn’t matter. There will always be law
enforcement methods and techniques that will
access certain types of information here, there
and everywhere."
- Dr. Ann Cavoukian, Information and Privacy
Commissioner of Ontario
http://www.slaw.ca/2011/02/26/commissionercavoukian-says-the-patriot-act-is-nothing/
Things We Were Told
"Canadian authorities can get information in the
US without a warrant and American authorities
can get information in Canada without a
warrant"
(Interception of Email in Canada w/o warrant via ministerial authorization under the National
Defence Act, Secret court to authorize access to any data via "production orders," and mutual
legal assistance treaty between Canada and the US (and other countries.))
- David Fraser, Canadian Privacy Lawyer with McInnes
Cooper
http://blog.privacylawyer.ca/2011/02/ryersonuniversity-looks-to-cloud.html
Things We Were Told
"What you should concern yourself with is the
kind of accountability that you will be able to
maintain if your Email systems go into the
cloud."
- Dr. Ann Cavoukian, Information and Privacy
Commissioner of Ontario
http://www.slaw.ca/2011/02/26/commissionercavoukian-says-the-patriot-act-is-nothing/
Things We Read
"The organization shall use contractual or other
means to provide a comparable level of
protection while the information is being
processed by a third party."
- Personal Information Protection and Electronic
Documents Act (PIPEDA)
http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-16.
html
Educational Security Incidents (ESI)
“On college and university
campuses, sometimes the
free flow of information is
unintentional.”
- Adam Dodge
Things We Read / Security in Higher Education
Things We Read / Security in Higher Education
Things We Read
What We Think at this Stage
●
●
●
●
●
●
●
●
●
●
●
Google's Security is significantly better than ours
No Data Mining or Ads for Faculty, Staff, Students
FIPPA does not prohibit foreign hosting
Privacy can be protected in the cloud
Google does not own your data and says so
Improved Accessibility (thanks http://www.nfb.org)
Ryerson configures and administers the system
Your Email address does not change
It's greener (more efficient power / cooling)
You can use Rmail if you really don't want Gmail
and more...
Goal: Collaboration Platform for Everyone at Ryerson
E-mail, Calendaring, Document Collaboration, Web
Sites, Groups, Instant Messaging and Presence,
Video Chat, etc.
● Students (undergrad and graduate): 32,313
● Continuing Education Students: 54,721
● Faculty: 2,273
● Staff: 5,045
● Alumni: 58,919
● Visiting scholars, contractors, guests: 1,000
Large and diverse population with diverse needs
●
Request for Proposal
●
●
●
Purchases over $100,000 require public competitive
bidding.
Even if you sign up for a free service but think you
might need to purchase things later. (i.e. more
storage.)
Ryerson Policy: http://goo.gl/JSAIO
Request for Proposal
●
●
●
●
●
●
Published on merx.com
Reference Number:
226301
Solicitation Number:
JS-RFP-28-2011
Posted: 2011-08-22
Revised: 2011-09-14 (Vendors needed more time!)
Closed: 2011-10-03
Request for Proposal – Questions #1.
●
●
●
●
●
●
●
Company Market Space, Presence, Reputation,
Stability and Value-Added Benefits
Interfaces and Platform Support (native clients, OS,
mobile synchronization)
Sharing & Groups
Personal Information and Visibility
Delegation and Proxy Access
Deletion of Accounts and Data
E-mail, Calendaring, Contact Management &
Collaboration Features
Request for Proposal – Questions #2.
●
●
●
●
●
●
●
Anti-Spam, Virus Protections, and Open Relays
Protocols and Standards
Integration with Ryerson's Identity Management
System
Authentication
Integration with Other Systems or Applications
Capacity (storage, message size, etc.)
Accessibility (AODA, Screen Reader testing,
VPAT, etc) Collaboration Features
Request for Proposal – Questions #3.
●
●
●
●
●
●
●
●
●
Support & Services
Performance and Availability
Documentation
Migration Plan
Exit Strategy and Data Liberation
Access to Data and Disclosure
Privacy and Security
Privacy policies and procedures
Legal Jurisdiction
Request for Proposal – Questions #4.
●
●
●
●
●
●
●
Auditing and Reporting
(By third party or Ryerson)
Forensics and Investigations
Data Ownership and Retention
System Logging and Data Integrity
Data Security and Breach Notification
Opt-out E-mail Service Options
Green Initiatives, etc...
50 Pages, Spreadsheet of feature questions (74),
and Pricing Matrix
Request for Proposal – Microsoft, Google, etc
●
●
●
●
Nothing else we've seen is as capable as Google
and Microsoft's services.
Google vs Microsoft – It's a wash except for cost.
Microsoft charges for Faculty and Staff document
sharing and collaboration. Charges are substantial!
Google Won.
Request for Proposal – Hosting in Canada
●
●
Hosting everyone in Canada – HUGELY Expensive!!
Only Faculty and Staff in Canada – still millions!
Question: if cloud security, privacy, etc, are good
enough for Ryerson students, corporations, and
governments, then why not for Ryerson's faculty and
staff?
Question: why does anyone think CCS are miracle
workers and can do it all for less?
DRAFT Recommendation
●
Full Text:
http://email.blog.ryerson.ca/
●
For your review
●
●
●
●
Should we do this?
Are we missing something?
What do you think?
Let's talk about the draft recommendation...
In a Nutshell - 1
●
●
●
●
●
●
●
Google Apps For Education
No Data Mining & No Ads
Keep username@ryerson.ca
Provide Rmail opt out
Better Security
Privacy risks: no worse over all better protected
If we tried to do all this in house for everyone, it
would cost tens of millions.
In a Nutshell - 2
●
●
●
●
Fair Notice: Your data will reside in foreign
jurisdictions and will be subject to the laws of those
jurisdictions, including the Patriot Act.
Enables you to make an informed decision about
messages to send via Gmail and the information you
store with Google.
Faculty and Students may elect to use Rmail instead
of Gmail but you can't have both.
You need to make informed decisions what you
send via Rmail or Gmail.
In a Nutshell - 3
●
●
●
●
●
●
Everyone gets Google Calendar
Calendar may include your class schedule and
significant events
Everyone has access to all other Google services
(except Gmail if you opt out).
Web Authentication done at Ryerson.
IMAP and other services may require you present
your Ryerson password to Google.
Google will provide Ryerson with SAS 70 type 2
compliance reports. (Says they are doing what they
say.)
Google Apps For Education
●
●
Gmail and Calendar
Google Docs
●
●
●
●
●
●
Online document editing and
collaboration
Spreadsheets, Presentations,
Forms, Drawings...
Google Sites
Google Groups
Google Talk, Google+ and more...
http://www.google.com/apps/intl/en/edu/
Brief Demonstration
●
●
●
Real-time document editing
Forms
Drawings
Platform for Everyone at Ryerson
1. Everyone on the same calendar system
2. Everyone able to share and collaborate on
documents, spreadsheets, presentations, etc.
3. Retire GroupWise
4. Opportunity for departments to retire their Email and
Calendar systems
5. Opportunity for Ryerson to add value. For example,
class schedules and significant events in your
calendar
Even if Everyone Agrees – Lots More To Do
1.
2.
3.
4.
5.
Detailed Privacy Impact Assessment
Financial Risk Assessment
Security and Integration Analysis
Validate Accessibility Compliance
Negotiate Contract that Protects Ryerson and its
Community
6. Negotiate a Contract with System Integrator
7. Notifications, Migration, and Opting Out
8. Can we get all that done before Fall 2012?
Privacy
Heather Driscoll
Information and Privacy Coordinator
Office of the General Counsel and Secretary of
the Board of Governors
Is Ryerson Ready to
Go Google?
Discussion
Town Halls November
14 and 25, 2011