Office of the Chief Information Officer

Exchange Project - Security Measures

Security Measures

by Matthew Haschak

Director of IT Security, BGSU

The reliance upon email communication has never been more critical.  As the University migrates to a new email system, it is important to share with you some of the security measures being implemented to ensure the confidentiality, integrity and availability of email communications for the campus community.

Spam:  Similar to the current email system, the new system is designed with multiple spam identification methodologies.  Users will still have the opportunity to review suspected spam messages and have some granular control to make the spam detection stronger or weaker.

Virus:  Similar to the current email system, the new system is designed to block certain attachments that are commonly used to spread malicious software.  Additionally, anti-virus filters provided from one of the world leaders in anti-virus technology is installed and continuously updated to detect the latest viruses.

As a reminder, while spam and virus filters will be present on the new email system, no one should rely solely on the protection of these tools.  Always question unexpected attachments, be understanding that some spam is inevitably going to make it to your inbox, and make sure your desktop anti-virus software is installed, running and updated.

Microsoft:  Microsoft Exchange is one of the most commonly deployed email systems in use today. Microsoft systems do tend to be targeted by the authors of malicious software more often than some other vendors, but with careful system management and diligence in security and software maintenance, the risks can be managed to a level comparable to other enterprise solutions. Some specific measures being taken regarding virus and security with the Exchange implementation include support of a Windows systems team to evaluate and analyze the security and performance of the Exchange servers, and to maintain current levels of software and security updates as well as multiple levels of virus scanning at both the gateway and within the tiers of the Exchange system itself.

Mobile Access:  One of the new features that the email migration will provide to users is the ability to check their email and calendar from their cell phone.  The transmission of the information will be encrypted, but it is up to the users to physically protect the phone, enable passwords to access the phone and to report immediately to ITS if their phone becomes lost or stolen.

Security Transmission of Data:  Whether you are using Outlook, Entourage, Outlook Web Access (OWA) with any web browser, or mobile phone access, all transmission of user names, passwords and content will be encrypted.  Please note that this only includes the transmission of the data, once it is stored on your system other methods for encrypting the system are necessary.

Please recognize that this is not an exhaustive list of all security measures being implemented on the new system.  Migrating to the new email system will provide enhanced features, access capabilities and improved security.  It is important to emphasize that the best way to protect information is a combination of technology and user vigilance.  For more tips on personal email security, please visit , or direct any questions about email security to

This article originally published in the Connect Newsletter Vol. 5 No. 3, March 2008.

Return to Exchange Project Home Page