On a MITIE forum, Sam explained how his school weighed up the benefits and risks and chose to adopt Gmail throughout.
Sandor preempted this in June with a compilation of articles highlighting the school’s vulnerability when a critical service is outsourced to an organisation subject to foreign law such as the US PATRIOT Act, whose product roadmap is not public, and whose viability depends on a relatively new business model that has already undergone dramatic technology-triggered changes.
Now, how to weigh up this risk? And what about the threat of sniffers on the internet between your school and your correspondents?
Whatever mail system we use, we do need an Exit Plan: what to do if our licence suddenly is revoked, and how to prepare for that day. That said, I can see how own-your-own mail-server is no longer compelling.
Attractions of having your own mail-server on site: | The benefit may be illusory because: |
Sniffing outside the site will not capture any communication between onsite users; | All users will access email from home or away, through unknown computers and ISPs; |
There is little opportunity for sniffing between your mail-server and your ISP; | It is only one hop from most major ISPs to a Google server; |
Sniffing only captures messages that are still in transit at the time of the attack, so is less rewarding than an attack against a mail-server; | Google has stronger commitment and resources (legal and technical) to protecting their data store than any school; |
Users can choose to never put their password into an offsite (i.e. untrustworthy) browser. | All users will access email from home and away, through unknown computers and ISPs. |
The school controls the spam-filter rules; | Gmail filters are magically good; |
Any subpoena for mail must be served directly on the school, and will be known to the school. | Planning for and complying with a subpoena on a school server is disruptive and costly. |
School mail is unlikely to be caught up in a discovery process related to a vendor/provider. | Investigation of copyright compliance or child protection is relatively more frequent. |
Internal mail may still work on-site even when cut off from the internet. | Gmail is still accessible externally, even when the school internet trunk is cut, and on-site, dozens of users are carrying browser-equipped mobiles phones. |
The school holds the backup tapes and controls the archival policy, independent of Google’s commercial interest or fortunes. | As long as Google offers the service (BIG GOTCHA THERE!) they continuously replicate to international data centres and automatically restore corrupted data. |
The school can set mail quotas as high as it likes – given sufficient HDD space. | Many schools cannot afford to match Google’s 7 GB mail per user. |
On-site, attachments are joined to messages at LAN speed. | Off-site, attachments are joined to messages at a fraction of the WAN link speed. Google’s trunk is bigger than any school’s. |
All on-site users can use the Outlook client and everyone can use the the outlook web interface off-site. | Gmail interface excels. |