Emerge Security Overview

At Groupcall we understand that the security of school data is imperative and therefore the secure access to the school’s sensitive information is central to the design of Groupcall Emerge. Emerge uses Xporter (supplied as part of the Emerge solution) and the school’s wireless network to synchronise data with the school’s MIS.

Groupcall Xporter is used and trusted in over 60 authorities across the UK to extract and securely transmit school MIS data to the local authority. The overall security of Emerge has been independently and externally approved.

Emerge Architecture

 

Emerge Two-Factor Authentication

Emerge uses Two-Factor Authentication. This means using two independent methods of identification (i.e. something you have and something you know!).

All iOS and Android devices are hard coded with a globally unique string called the Device UDID – something you have. This UDID is used to register the device with the Emerge Management Console running at the school - a simple process requiring a user to accept each device. If a device is not registered with the Emerge Management console, it will not work, even if the Emerge application was installed and a valid username and password was entered.

If your username and password – something you know -  was discovered by anyone else, they still would not be able to log on to Emerge on any device not ‘allowed’ by an administrator in the management console held securely within your school’s server.

Additionally each time an Emerge device connects to the server to collect data the username and password are (seamlessly) validated.

Emerge Encryption

Emerge has its own dedicated encryption facility, it does not rely on encryption facilities provided by the device. Sensitive data is encrypted using AES 128 (Advanced Encryption Standard) which is the government standard for the UK. Using this method, MIS information is scrambled using the UDID and username, into incomprehensible data that can only be read by the device it has been encrypted for using a unique 128-bit key; i.e. MIS data is securely encrypted, so it can only be decrypted in Emerge for that user on that device.

Emerge Remote Wipe and Deactivation

Some second line defences have been built in to the functionality of Emerge to maintain data security in the event of device loss and or personnel changes.

  • If the device is lost or stolen, Emerge can be remotely deactivated and all data wiped using third party services.
    • Apple and Google both provide services that are designed to either help you find a lost device or remotely erase it should it be lost irretrievably. There are also other third party solutions available.
  • A user can be disabled[1]; once that user connects for update the device will be automatically wiped.
  • In the event of a device being in ‘offline mode’ for extended periods, the device will automatically delete all Emerge data from the device after 5 days1.


[1] This is done within the Management Console.

Next Steps...

If you need any further assistance or get in to any difficulty, then please contact Groupcall Support. If the issue affects Groupcall Partner products you should refer to the support arrangements for that specific Groupcall Partner.

…And Finally

Have you followed Groupcall on Twitter and Facebook? Stay informed, get the latest news, updates and useful tips on all of our products!