AV俱乐部

 

Continuing the cloud conversation

Part II

- March 10, 2011

Dwight Fischer
Dwight Fischer

Part II

This is the second part of our two-part conversation with Dwight Fischer, AV俱乐部鈥檚 chief information officer and assistant vice-president of Information Technology Services. When we left the conversation, we were discussing how individuals鈥 idea of privacy is changing as they do more and more of their work on-the-go, with mobile devices, wireless connections and services such as Gmail and Hotmail.

It鈥檚 more than just a changing 鈥減erception鈥 of privacy that鈥檚 at play when considering outsourcing email or other services data. We have legal obligations towards privacy and data security.

Yes. Nova Scotia is one of three provinces in Canada, along with Alberta and British Columbia, that passed stricter privacy legislation after the U.S. Patriot Act. [ed. note: He鈥檚 referring to PIDPA, the Personal Information Disclosure Prevention Act]. That does place limits on what we can do with information, specifically with regards to U.S.-owned servers. However, if it can be demonstrated that a viable Canadian alternative does not exist or is cost-prohibitive to use, exceptions may and have been made.

There seems to be this fear that if we outsource our data to an American company, the U.S. government can just walk in and get information if they want. David Fraser [McInnes Cooper partner and expert in cross-border law and intellectual property] talks about this a lot, and makes an important point: the Canadian government can do this too. And if the American government really wants our data under the status quo, and has a just cause to do so, they鈥檒l do so through the Canadian government.

The whole fear of the United States government walking into these companies and getting your information is overstated.However,if they want it and they have just cause, they can get it already.

But we can鈥檛 just throw up our hands and say, 鈥榃e can鈥檛 do anything about this, let鈥檚 just abandon privacy.鈥

No, but we have to come to terms with how little of what we do is truly 鈥渟ensitive鈥 information that needs to be held to such a strict standard. If we were so concerned about it, we wouldn鈥檛 be using email, we wouldn鈥檛 be using Blackberries and iPhones. If you look at all of the communications in your email box, how much of it is sensitive, versus how much is mundane, ordinary communications?

We鈥檙e asking the wrong questions. Rather than worrying about who is looking at our private email, the question should be 鈥榃hat are we sending in email that is so private and sensitive?鈥 For instance, if you are sending student grades, or highly sensitive documents, you may want to rethink to whom and how you are sending them. We cannot control the security of that transmission once you hit 鈥榮end.鈥

Just as important: despite our best efforts, is that data on our end really as secure as it could be if we had a top-tier, world-class professional organization looking after it, rather than a university with IT resources stretched in innumerable directions and priorities?

So you鈥檙e saying that these companies can offer better security than we can?

Absolutely. This is nothing against our IT staff, but these companies have small armies of the best IT and security experts in the world. They鈥檝e got more phishing resources, more virus research, and more incentive to stay abreast of the trends and competition.

All of that said, we realize that there are still many who may be skittish about using these services. As we look at them, we will provide an 鈥榦pt-out鈥 solution, either through a simple email and messaging or the ability, for students, to enter an email of choice. Those details will need to be arranged, but we also realize they are very important to some.

Additionally, we are developing an enterprise document repository for the sensitive materials that should not be conveyed in email. This is part of an overall strategy to help protect and maintain much of our core work and research data.

The University of Alberta just announced its arrangement with Google, the first major Canadian university to do so. How closely are you watching that deal?

Very closely. And it鈥檚 not just us鈥攅very university CIO in Canada is taking notes. The University of Toronto is in negotiations with a provider for student email. University of New Brunswick, Universit茅 de Montr茅al...they鈥檙e all looking in this direction to see if it can work for them. And hundreds of U.S. schools are already there. We鈥檙e hardly on our own in considering this option.

And Alberta is one of the three provinces that has strict privacy legislation. Now, it鈥檚 not the same legislation as ours, but the U of A鈥檚 arrangement with Google鈥攚hich took 15 months to negotiate, doing the due-diligence鈥攑rovides us with a good starting point should we go down the external provider path.

They鈥檙e estimating that the change will end up saving the university $2 million.

Exactly, and that鈥檚 the other point here鈥攃ost savings. We do use open-source e-mail software at Dal, but we have to maintain and upgrade it. Our biggest hard cost is storage. When we had that large email seize-up happen two years ago, we purchased an additional $300,000 in storage. To keep pace with what people need, we鈥檇 need another $300,000 in the next year. Then there are services we have to pay for like Notify Link and Meeting Maker, which costs us a combined $75 per person per year, just to link our calendar system with their mobile devices.

Yet the real cost is what we鈥檙e not doing! For example, we could be providing more support and innovation in the classroom, video conferencing, research and data, mining data for improved information services, better web pages and tools to help people manage it effectively. We鈥檇 like to avoid having our IT staff babysitting older technologies when new ones are needed; not chasing hordes of phishing, malware and other lascivious internet crap that has evolved to the be bane of some IT staff's role; not having to tell people their storage capacity is tapped; not needing an IT professional to help you connect to email and calendar and hope it all keeps working. No, we need our smart and talented IT staff focused on more valuable technologies.

Our strategy is to start playing more to the new and less to the old. Technology change occurs too fast. Your IT staff should be positioned middle- to leading-edge鈥攏ot bleeding, but leading鈥攊f we are to deploy and utilize technologies that differentiate AV俱乐部.

So what is the decision process for selecting a new email and communications system?

An RFP review team currently reviewing vendor proposals. We鈥檒l be using feedback from a campus survey and weighting the features most desired against them. Once finalists are selected, we will bring them to campus for information sessions for everyone to attend. We expect to provide the President鈥檚 team of senior administrators with recommendations by end of April.