The Mother of all Web Apps

At the end of the day email has become the application for communications … I’ve written in the past about how much it drives me crazy and based on some of the comments I received related to those posts it convinced me I’m not alone.  You can say what you want about blogs, wikis, and other new-school communication, work-flow, and content management tools but they do not even come close to matching email on many levels.  Here at PSU email is the mother of all web apps … I am sure it is the same on most campuses.  Here’s an example … we have noticed that students are changing the way they are interacting with the machines in our labs … instead of spending hours at a machine they are spending something like less than seven minutes — they are doing the following three things checking email, updating their Facebook entries, and logging into ANGEL.  BTW, the email part is the only thing we actually “own” end to end.

I am becoming more and more amazed at how much time and energy we all put into managing enterprise email across higher education.  Clearly it is the communication standard on all of our campuses.  Many of the people I know here at PSU are making a switch that is of great concern to me from a host of perspectives — they are forwarding their email into whatever free service they use.  Most of them are on Gmail, but some are sitting in Yahoo.  I can understand that the features associated with something like Gmail is very interesting, but the fact that people are opening themselves up to the potential security issues associated with free email services is alarming.  I think at this point we’re all going to have to really think about it all.  I am not alone in this concern as I hear it more and more … this morning the New York Times ran a story about it that is worth reading.

I am wondering why so many people do this and what should we be doing about it all.  Any thoughts?

10 thoughts on “The Mother of all Web Apps

  1. They do it because institutional webmail blows chunks. If you want to access your email on the road, you have to hobble yourself to try to use a clunky webmail UI that often shows spam and other irrelevant crap before any actual content, and doesn’t provide adequate tools to deal with it all. GMail kicks the crap out of SquirrelMail and friends. Until that changes, people will prefer their own email services. How strange is it that if people aren’t happy with an institutional service, they’re more than able (and willing) to go ahead and use their own… Hopefully LMS is next…

  2. The GMail question is one looming at our institution –
    we currently do not provide email accounts to students, and many students have been migrating from various service providers to GMail. With the question of providing @institution.edu accounts for students looming, the ASU solution of relying on Google Apps for Education to provide @institution.edu email accounts for all members of our community has been brought forward as an alternative to homespun management:
    http://www.asu.edu/news/stories/200610/20061010_asugmail.htm

    We’ve been attempting to clarify the security issues at stake here, but are left largely with speculation & differences of opinion, with a scarcity of hard fact. As a medical school, we have perhaps an additional level of concern, re potentially confidential medical information seeping into users’ email.

    I’d be interested in hearing others’ takes on the matter – other institutions looking into this as a possibility.

    Will Taylor MD
    National College of Natural Medicine
    Portland, Oregon

  3. As someone seeing this only from a user perspective, I think I am a little old-school on this. I want to access my email offline when I want, so I actually forward my gmail account to my psu.edu account and use OS X mail app to read mail from those two accounts plus my .mac account. I like it and it gives me a lot more control over spam filtering. I also allows me to have massive email archives on my local machine that (as far as I can tell) I never look at. Go figure. Myabe the new iPhone will make me see the value of forwarding my mail out to a free service, but for now I like it the other way.

  4. Cole, I agree with D’Arcy – in my experience, Webmail is the application I’ve had the most problems with at PSU while at PSU. From sporadically deleting emails to not downloading things, Webmail has a slew of issues. From talking to students who actually still use Webmail (it’s rare in IST), I don’t think v2 fixed any of these – it just put a fancy AJAX shell on them. Forwarding my email to IST’s Exchange server was a great change and really improved the way I handle email @ PSU.

  5. Lots of good stuff here — thanks particularly for the New York TImes article. I think it’s reasonable to say that the article lays out the mainstream view of this shift. And wow, what a view it is. To get my thoughts on the table right up front, a great PSU business professor once told his class that if one is fighting something that is currently taking place, then it’s already too late. As far as the migration to free email web services, I think we can all agree that this ship has sailed. Down to some specific gems from the article though:

    –> “Joe Fantuzzi, chief executive of the information security firm Workshare. ‘[After forwarding their email to a web service] They could do anything they want. They could be giving secrets to the K.G.B.'”
    * Is this quote from 1982? How in the world does somebody with this kind of paranoia/Cold-war mentality become a chief executive of an information security firm? Oh wait…

    –> “The Web mail services may also be prone to glitches. Last month, Google fixed a bug that caused the disappearance of ‘some or all’ of the stored mail of around 60 users. A week later, it acknowledged a security hole that could have exposed its users’ address books to Internet attackers.
    * As opposed to those in-house e-mail apps that aren’t, “prone to glitches”? Please.

    –> “[Google’s] automated software does scan messages in Gmail, looking for keywords that might generate related text advertisements on the page.”
    * What solid enterprise e-mail system doesn’t have automated e-mail scanning? Though the results might be used for purposes other than generating targeted ads, the principle is the same. Isn’t the pot calling the kettle black here? Or is it that all animals are equal, but some animals are more equal than others?

    OK — enough beating on the New York Times article. Cole, I found the sentiment behind your message here to be out of character for you. You have always been one who has seemed to embrace creative, flexible web service solutions that solve basic problems or fill in fundamental gaps in the traditional suite of electronic communication tools. Why the resistance around free web-based e-mail services? Specifically:

    –> “Many of the people I know here at PSU are making a switch that is of great concern to me from a host of perspectives.”
    * What are some of those perspectives? Are you wearing your PSU director hat here, or is this just your off-the-clock opinion as a web aficionado? Goodness knows that folks are posting who-knows-what on their MySpace pages, Facebook entries, PASS web spaces, personal blogs, Flickr accounts, YouTube accounts, etc. Why the specific concern about e-mail per se?

    –> “[The] fact that people are opening themselves up to the potential security issues associated with free email services is alarming.”
    * I agree, but it’s also alarming that people are opening themselves up to potential security issues by not shredding personal bank and credit card statements, by not installing virus scan software and firewalls, by sharing PINs and passwords, by not securing their wireless networks, by submitting unencrypted information over the internet, by using IM, etc., etc., etc. Again, what is it about e-mail in particular that grabs your attention?

  6. Tom, great thoughts and you did a much better job actually dissecting the NYT article — maybe you ought to think about giving this whole writing thing a try! Let me start by saying that a few months ago I carried around a “so what” attitude about this topic. As I have had the privilege to be at the table with some very smart people who run our infrastructure I have learned to appreciate institutional data at a whole new level.

    Long story short — we are constantly under attack … in so many ways. PSU is an R1 research institution who competes for dollars from a whole host of agencies, foundations, and so on. Many of them require us to make available information that we would be unable to if all of a sudden all those logs and the associated data were being pushed around via Google or Yahoo.

    I am of the mind that folks are free to do what they want with their web identity — what you post in FB, MySpace, YouTube, etc is of little concern to me from an IT administrator position. With that said it does concern me as an instructor of the Information Sciences and as a Father, but as an administrator I have to look at that as a “post at their own risk” perspective. I do take time in my classrooms to talk to students about that kind of behavior, but at this point we don’t own/run FB, MySpace, YouTube, etc … we do own and run email that is provided for people to do the business of the University. For students, again it is up to them. My concerns with the use of free email services are focused on faculty and staff — people who are core to the operations of the University. Now, don’t get me wrong I have a gmail account and I use it for all sorts of stuff, but I don’t push my PSU mail through it. I just don’t trust it and I have heard horror stories of data and information getting hijacked.

    It is alarming that people leave their credit card receipts in the gas pump, or medical receipts that have their ssn on them … my post had nothing to do with that … those things disturb me as well. Ask me sometime about the chief executive of one organization I have been a part of who kept his username and password on a sticky on his monitor. I think the point here is that physical security is often the most overlooked piece to the security stack — did you lock the door this morning to the server room? Know what I mean?

    Again, thanks for the insightful comments … I would like to share more but you did notice I was wearing my PSU director hat, didn’t you? 🙂

  7. Don’t know the blog etiquette on this (newbie), but I read an article in the Economist about this issue with Goole apps for your domain and posted about it on my blog. One key argument was that there need to be an evolution of trust similar to what happened when people realized it was safer to keep their money in a bank vs. under their mattress. I am not saying you are keeping PSU data under a mattrees, but Google has a whole organization of folks thinking about how to make data safe and secure, while a place like PSU has a much more limited staff to do an increasingly difficult job. Just a thought. (It was also implied by an IT director at another R1 institution that IT directors are basically trying to protect their jobs — not saying that is what you are doing regardless of what hat you are wearing).

  8. Scott … it is an interesting perspective, but I know for a fact this isn’t about protecting jobs at the PSU level. That argument has carried water for quite some time — especially during the height of the Microsoft Certification days. I think where a lot of us are now is caught between creating services that can come close to those offered for free while still providing a layer of security that is, believe it or not, far greater than Google. Higher Education does provide leadership in the area of cyber security and I know that we (PSU) are looking out for the well being of all members of our organization in a way that Google is not. I am not saying Google is paying attention to security, but I am saying that PSU has the interests of its constituents directly in mind.

    If we were talking about a blogging platform or something along those lines I would welcome a real solution from the outside. I just think the mail question is one that is just going to heat up as we move forward. Then again, we are working on our own blog solution. Back to your closing remarks … now that I think about it, maybe I am trying to protect my job. I work hard to provide innovative solutions as they apply to education … with that perspective, if someone did it all for us I would be out of work — or have to beg Google to let me in;-)

    BTW, don’t worry about linking to your posts … it is the way of the blog world. I took the liberty of adding a link to your space here.

  9. My favorite part of all this…many students simply aren’t checking their .psu email address anymore. Forward to gmail? Nah, I just won’t even check it anymore. Unfortunately, students tell me the webmail 2.0 release is part of the reason for this.

    I’m curious to see if this trend continues, and people simply choose to *ignore* their .psu email accounts for long period of time (I’ve been down that path). Missing reminders about grades, bills, student organizations, internships…

    Why is it that all these new communication tools are becoming available, but communicating with our students via technology is becoming harder?

  10. Bart … interesting comments. I hadn’t even thought about that. You know for the 6 and half years I was part of IST I honestly never looked at my PSU mail. All of sudden I spend a year in central ITS and its all I think about 😉

    Your last question is the best one … and I have to say that the answer is one that will continue to be both elusive and evolving. Right now we can find them in FaceBook, but not tomorrow. I can honestly say it won’t be in a University controlled space anytime soon. That comes from my gut, not from data … but from where I sit it is what I see.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.