Viewpoint: No eMail left behind


Cary offers myriad ways for campus IT leaders to protect student information.

Colleges and universities have come to rely on electronic communication as a way to quickly collaborate, exchange ideas, and share data. For the more than 10,000 students, faculty, and staff at Pepperdine University, sharing information digitally–often in the form of large documents, media files, or data files–is a key function of the learning process and critical to our institution’s success.

For example, faculty at Pepperdine frequently collaborate with faculty at other institutions, sharing large data sets and running analysis on that data.  From the student perspective, instruction at Pepperdine University is highly collaborative and team oriented; many student projects involve collaborating on large media files.

Exchanging files in student work groups is particularly challenging for the almost 4,000 fully-employed students in the graduate schools, who often have no chance to meet in person until class time.

University departments, such as campus planning, communications, and human resources, often have to transfer large files. The files for campus planning and communications are typically very large images for architecture, print, or video media.

The files transferred by human resources or the academic administration frequently contain data that is legally required to be encrypted in transmission, and yet the partner company or government agency receiving the file must be able to easily decrypt the file on receipt.

eMail, being easy to use and familiar to most people, is often the obvious choice for sharing files. However, the increasing size and volume of information being shared is taking its toll on eMail network bandwidth, driving up storage costs and slowing servers. The typical response is to institute file size limits for attachments.

This means that many files are too large to be practically transmitted as normal attachments, yet the standard enterprise alternatives to eMail are often arcane and just as insecure.

As a result of impractical attachment size limits, users will turn to other creative ways to share large digital files. For many, Instant Messaging, P2P, and USB sticks have become default file transfer methods.

Institutions must provide secure alternatives to these insecure methods of transferring confidential information, including student and employee personal information, research data, and academic work. Otherwise, they will place themselves at risk for a security breach and find it impossible to document compliance with legal requirements for transmitting such data.

Fortunately, significant advances have been made in eMail-based file transfer technology, elevating it above a tool for simply sharing large file attachments.

In addition to providing a fast and easy way to collaborate, secure file transfer technology such as that offered by Accellion minimizes the impact large file transfers have on your eMail network. It also reduces information security risks associated with the use of insecure workarounds like those mentioned above.

Concerned about eMail growth and the related increase in storage costs, security for confidential documents and data, and the simple need for business agility, in 2008 our Information Security department deployed the Accellion Secure File Transfer solution.

The Accellion solution was initially offered to a small group of staff members during a pilot roll-out. Files as large as 5 gigabytes were shared during testing (the Accellion solution allows users to share files up to 50 GB).

After realizing the numerous benefits we could achieve using the Accellion solution, we expanded the rollout campus-wide to all faculty, staff, and students.

From an information security perspective, implementing the solution has greatly reduced the risks associated with eMailing documents, as we now have an easy way to encrypt sensitive documents and ensure that only authorized recipients can download the files.

We also have the ability to track and audit all data entering and leaving the university via the system. This system has become a cornerstone technology, helping users comply with the university’s information classification and protection policy.

From an IT perspective, we have reduced storage costs and increased the performance of our messaging servers by moving away from having attachment files stored in perpetuity in an eMail inbox. The Accellion solution gives us a low-cost device that has good, recyclable disk storage. We have adopted a 60-day expiration policy for attachments, which solves 99.5 percent of our needs.

Our old method of using eMail attachments had associated costs with enterprise storage on a storage area network, multiple backups over 30 and 60 days according to our backup profile, and writing to tape for disaster recovery.

The Accellion solution has replaced those storage needs, and the IT department can now reallocate its storage budget to other areas.

There are, of course, additional costs savings associated with the reduction in shipping and courier services that have accelerated the payback period. There are also the obvious environmental benefits of reduced reliance on shipping such as lower CO2 emissions.

The most rewarding benefit for our IT mission to support teaching and learning is that we have made it much easier for our students to collaborate with each other and faculty. We consider this a significant technical and academic advantage for Pepperdine and our students.

Enterprise-level secure file transfer technology should be considered an important and necessary component of every academic institution’s security and compliance strategy.

Our solution thoroughly addressed all of our storage and security issues and has the flexibility to change and grow with the new technologies deployed at the university.

I encourage IT and information security departments to look into the benefits of a secure file transfer solution for your students, faculty, and administrative departments.

Kim Cary is chief information security officer at Pepperdine University in Malibu, California. He has 20 years experience in information technology, from classroom educational technology and faculty training/consulting to bringing up the entire infrastructure for a major new campus. He has spent the last five years applying this broad perspective to security systems, training, and policy.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Oops! We could not locate your form.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.