By Molly Burke
Youngstown State University will no longer allow access to Gmail or Google Drive on university-owned devices starting in fall 2024.
The new policy was introduced by Jim Yukech, associate vice president and chief information officer, and Brien Smith, special assistant to the president and former provost.
According to Yukech, the university has seen an increase in cybersecurity attacks over the past 12 to 18 months, especially through Gmail.
“Seeing that 96% of our cybersecurity attacks originate from email, that’s a real threat we need to block,” Yukech said. “One of the things that’s really been coming up is Gmail. Gmail is used extensively across campus by faculty, students and even staff.”
The policy’s purpose is to balance risk mitigation with the impact it has on campus.
“We’re always looking at ways to improve our security posture without dramatically impacting the educational process,” Yukech said. “With everything, there’s risk and then how much of an impact is that going to make on campus.”
Yukech said the policy was also created to adhere to university policies and improve network performance.
“We have compliance requirements. There’s data integrity, there’s network performance, there’s standardization of support issues, organizational policies like acceptable use — which is a board policy,” Yukech said.
Gmail and Google Drive will still be accessible through personal devices on university WiFi.
“It’s really restricted to Gmail and Google Drive because those are the software products that hold software on the device, which — if it’s malicious software — it can cause problems,” Yukech said. “If you have a personal laptop, it’s not blocked there. You’re taking on that personal risk that Gmail represents on your device.”
Anyone borrowing a device through a loaner program will still be able to access the services.
“We’re going to get some higher-end software which is less expensive than protecting the network. We can protect those laptops with a mobile iron or something like that [to] handle those viruses and infections,” Yukech said.
Yukech said Google products such as Google Documents and Google Slides will still be accessible on university-owned devices, but users will have to save their files outside of Google Drive.
“If you’re using those Google apps, a lot of those store to Google Drive. So, you would want to store that output, that file on OneDrive,” Yukech said.
Exceptions can be made for faculty and staff who require the services to complete work. Yukech said anyone can make a business case for an exemption, which will likely go through the provost’s office.
“It’ll be some type of go online, hit this link, fill out this exception, it’ll go to somebody in the provost’s office who will make a determination if that’s a valid exception. What we think will happen is it’ll be an annual exception,” Yukech said.
While exemptions can be made, Yukech said university work is supposed to be done on Microsoft products.
“We have an enterprise agreement with Microsoft and we have layers of security on top of [Office 365] and OneDrive and Outlook. So, we have layers that we’ve invested hundreds of thousands of dollars to protect that,” Yukech said. “We have a board approved policy from a year ago [in] June that says all YSU business is conducted in [Office 365] and Outlook”.
Yukech encourages those who want an exemption to adapt to Microsoft products. He said Rosalyn Donaldson, director of Information Technology Training Services, can help.
“I would urge anybody who’s thinking about an exception to contact Rosalyn Donaldson in the technology training group, and they do consultations,” Yukech said. “They will come into your department and say, ‘let me show you how we can do that in OneDrive and [Office 365].’”
Yukech said the policy will not require an approval process because cybersecurity risks are significant.
“We typically use shared governance for a lot of things, but when it comes to cybersecurity, those are things that need a little more push,” Yukech said.