A. Email is considered “utility” computing. It is a mature, well-established essential service. It is regarded as a utility in the IT industry, just as we regard water and power as utilities. E-mail is no longer considered a ‘core’ IT service, and so it is best to outsource it to providers that deal with email exclusively so they can provide the ultimate up-to-the-date standard of service, versus U of T having to spend much needed resources to compete with big providers.
A. No. This is the case for almost all email, regardless of the provider. Just as is true today, if private communication is desired over email you should use PGP encryption with your email program, or a plugin in Firefox. Alternatively, put the document somewhere in a secure web site and send a link in the email rather than the document itself.
A. Email is, by nature, insecure. Outsourced e-mail is at least as secure as the current campus email service, and arguably more secure. While in transit, email is often unencrypted and could be intercepted. You should always assume email is not private. This is true for all email services.
When you check your email, the outsourced e-mail services provides a secure connection from your web browser and/or email client. This encrypts the data between you and the email servers while you view it or collect mail. This is the same system that banks use to secure your connection for online banking.
A. The new e-mail service is controlled by the University although it is operated by the outsourcing company. UofT contracts with the provider on your behalf and your relationship is with UofT. We will continue to create and delete accounts, managing the service with a vendor-provided portal. At the same time, the vendors manages the hosting, including server uptime, spam- and virus-filtering, and data integrity. So the vendors helps reduce both the school’s infrastructure cost and frees the IT department to take on other strategic initiatives.