Lehigh Gmail: The security advantage

You are here

In October of 2006, Google released Apps for Education, which provides managed email (in addition to a suite of other applications such as Calendar and Drive) at no cost for educational and nonprofit institutions. Many universities have transitioned to Google's solution for mail and other cloud services. Seventy-four of the top 100 U.S. universities use Google Apps for Education, including Princeton, Brown, Northwestern, Georgetown and Vanderbilt. (1, 2). For several years, Lehigh has made Google Apps, including Gmail, available to faculty, staff, and students. Last year, all students were migrated smoothly to Lehigh Gmail.

For those of you who haven’t heard of or aren’t familiar with Lehigh Gmail, here are some features that it provides:

  • •Unlimited mail space (no quotas!)

  • •Powerful spam protection and filtering

  • •99.9% uptime

  • •No ads

  • •LU email contacts integration (Lehigh Phonebook directory)

  • •No configuration needed

  • •Access from any device with a web browser

  • •Faster, easier email indexing and searching

As Lehigh Gmail becomes more prevalent on campus, many staff and faculty have questions and concerns about migrating to Lehigh Gmail. Why did the university make the decision to offer Gmail? Are there privacy/security concerns? What are the advantages over Lehigh's own mail server? In this article, the Library and Technology Services Information Security & Policy Officer, Keith Hartranft, offers some background and perspective on Lehigh's move to Gmail.

Andrew Januszak (AJ) - Can you give me some background on why Lehigh University made the decision to use Google Gmail?
Keith Hartranft (KH) - A main reason for offering Gmail is that it means a phished account doesn't affect the entire system like it does when an account on our internal servers are compromised. Outsourcing our email to Google allows better communications across all accounts and better protection for the community where an individual compromise won’t impact the entire community. When an account in Gmail is hacked, only that account is affected--not the rest of the Lehigh email community. Overall, the collective intelligence--through all of the customers and educational institutions served by Google means we get much better protection from spam and email containing malware. From a storage perspective, the unlimited storage resources Google provides far exceeds what Lehigh is able to provide.

AJ - What are some advantages and features of Lehigh Gmail that you like?
KH - Gmail users receive fewer malicious email messages--less spam, phishing, and viruses, for example. A much smaller number of these get through to Lehigh Gmail users. If someone using Gmail in our community marks a received email as spam, Google will analyze it and start filtering those out very quickly for the Lehigh Gmail community. We directly benefit from the other universities and institutions using Gmail, as the messages that they mark as spam or malicious will be filtered out and removed before they reach our community.On the flip side, Google puts rules and controls in place--rules like maximum number of emails that can be sent in a 24-hour period. Some of these rules can be overridden by our system administrators, but they require planning and communication prior to sending.

AJ - Are there other schools/institutions using Gmail?
KH - Yes--74 of the top 100 U.S. universities and many more non-profits currently use Gmail as their sole email provider.

AJ - How much privacy do we have when we use Lehigh Gmail?
KH - Google revised many of their commercial rules for their Apps for Education suite with respect to advertising and mining personal information. If you read through their Apps for Education policies, you’ll find they aren’t selling or sharing data with third parties. There are also no ads in Google’s Apps for Education Suite, which is what Lehigh uses. With this in mind, it’s important to say that organization or corporate email is never private. For the most part, anything that’s discoverable or viewable in our legacy email servers is discoverable in Gmail. Encryption is the only way to send and receive email securely.

AJ - What would you tell somebody who is hesitant in switching over to Gmail?
KH - I think what folks will really like is the reduction of spam, phishing, and malicious email that they typically see. It drops quite a bit. If they’re receiving a lot of junk, it’s a real benefit, and saves them time asking whether or not a message is spam or junk.

AJ - Anything else you’d like to say about Lehigh Gmail?
KH - What I would tell users, and this goes back to my earlier statement about the community--email is seen as a vital service at Lehigh and many other institutions. We have come to a day and age where single compromises can negatively affect an entire community in a crippling way. Google is much better equipped as an email provider than we are. Email, as a tier 1 critical resource at Lehigh, is outsourced to Google as a vital communication service to take advantage of the weight of their combined collective intelligence. I understand the concerns about ads and privacy and Google has dialed that back considerably for the educational community. Their transparency in their search warrants, their reluctance to allow spying by the U.S. government, their recent setup of their own security and analytics lab to benefit the community, and their stance with China and censorship--I look at it and come to the conclusion that we could do far worse. They’ve taken more stances that better protect community privacy and prevent censorship and monitoring than folks give them credit for.