Encryption – Benefits of the ScoMIS Encryption Service / truecrypt comparison

Scomis Encryption Service – NOT AVAILABLE TO NEW CUSTOMERS

This FAQ explains some of the benefits of the Scomis encryption service and how this compares in each case to the open source Truecrypt solution.

If you would like any more information please log a call with the Service Desk

  • Support
    • Our service includes full support through the installation and use of the system
    • ScoMIS do not support Truecrypt
  • Forgotten Password Recovery
    • There are two recovery methods built into our service – the user can answer some questions and reset their password locally or telephone our service desk where we can remotely reset a password (this does not require an Internet connection)
    • Truecrypt has a recovery method requiring you to burn a CD during installation – the recovery process is not straightforward and can’t be done remotely, keeping the recovery CD with the laptop would mean the encryption can be removed easily.  Should you lose the recovery CD and forget the password, all data on the laptop would be lost
  • Ease of use
    • Our service provides SSO (Single Sign On) functionality, once the user has entered their initial password the windows logon happens automatically meaning you only need to remember one password
    • Our software package integrates the screen saver to secure the device with the users strong password during use when required
    • We have developed a maintenance utility to allow you to create and assign additional users, e.g. teachers partner who need a login to the laptop
    • Truecrypt has one password at boot time which gives the user another level of complexity when using their device
  • Ease of installation
    • We have made the installation straightforward in that you can simply double click the setup package and follow the on screen prompts with no technical knowledge required
    • Full documentation for installation and deployment has also been produced http://faq.scomis.org/kb521/
  • Safe Installation
    • We have put significant development into the installation in the form of a pre-installation test, this will not let the installation proceed if it fails so for example:
      • Can’t be accidentally installed onto a server
      • Can’t be installed onto an incompatible version of windows, e.g. Windows XP Service Pack 1, Windows 2000
      • Can’t be installed where incompatible software exists already, e.g. another encryption solution
    • Compare this to the BECTA warning over the Truecrypt installation: “TrueCrypt is a free open-source encryption software package for Windows Vista/XP, Mac OS X, and Linux platforms. Issues have been raised with the high level of complexity of the user interface and configuration processes for typical users. There is a significant probability that inexperienced users will cause irrecoverable damage to their machines/data during the installation process.”
  • CESG Certified Solution
    • Whilst BECTA currently state Truecrypt is acceptable it may be that schools are required (like other government departments) to use a certified solution at some point – our service already uses certified software in the approved configuration
    • Common Criteria EAL4 mode operation/CESG Approved: http://www.cesg.gov.uk/publications/media/directory.pdf
  • Multiple user
    • Our service allows for and requires each user to have their own username and password to maintain security
    • Multiple users can be assigned to a device but they never need to share a login
    • Truecrypt is a single password – increasing risk through shared passwords
  • Password policy enforcement
    • Truecrypt will let you install it with a simple password, e.g. password and does not enforce or recommend changing it during use
    • the Scomis service enforces a strong password policy for your users, this is another one of the BECTA recommendations on data security
    • Users are reminded and forced to regularly change their password
  • Accessible
  • Automated upgrades and maintenance
    • Our service will automatically install new versions to devices with no user intervention required
    • Truecrypt requires a full manual installation and re-installation to update to a later version
  • No end user removal
    • Only Scomis can remove the encryption once it has been installed, this gives you guaranteed knowledge that your schools data is safe
    • This removal process is automated and only requires a call to the Service Desk when required, e.g. laptop is replaced with new model
    • With Truecrypt a user may have become annoyed by the additional login and chosen to remove it themselves
  • Auditing
    • All log on attempts are logged
    • All recovery attempts are logged
    • All changes in data encryption status are logged
  • Reporting
    • Reports are available so that in the event a laptop is lost your school/DCC will be able to state as a matter of fact that the data is secure – laptop theft/lost becomes a non incident so far as the data is concerned

Last reviewed 22/12/14

Posted in Encryption, Services and tagged , , , , , .