Feature
|
WhatsApp / Signal
|
Sentinel
|
|
Cost
|
Free to use.
|
Sentinel requires an annual licence, the investment is justified by enhanced security, features and compliance tools.
|
|
Immediacy
|
Immediate communication if contact data is available; attractive for quick, off-band communication between small groups when an incident hits. Needs apps to be installed (most people have WhatsApp)
|
Instant setup of secure Video Crisis Rooms (VCRs) with guest link to add people. Rapid communication without requiring user registration in the first minutes. No apps are required to be installed to join a VCR call.
|
|
Familiarity
|
Widely used; users are generally familiar with the interface.
|
No is training needed for a VCR call. Designed for security with an intuitive interface; may require minimal training for use of extended features.
|
|
Security
|
End-to-end encryption; however, group messages are accessible to all members, and metadata may be collected.
Members may save message threads in unencrypted backups, posing a security risk. Video conferences cannot be recorded, and therefore there is no record of the conversations. (Unless using 3rd party screen recording apps)
|
Sentinel employs industry-leading encryption of messages in transit and when data is at rest (stored); all communications and documents are scanned for malware in real-time before sharing is allowed.
Video conferences are recorded by default and encrypted and stored on servers dedicated to the organisation and only accessed by Admin grades.
|
|
Compliance & Auditing
|
WhatsApp and Signal lacks any centralised oversight to meet compliance standards; messages can be deleted and made to disappear.
There is no central record maintained across chats or videos, making legal compliance, auditing and post-incident reviews impracticable.
|
Sentinel maintains centralised logs of all actions, chats and video conferences. The logs are accessible only to administrators with the correct credentials and protected by multi-factor authentication.
Sentinel supports regulatory compliance and post-incident reviews.
|
|
Group Membership Control
|
There is no central management control; individuals can join or ask to join groups without security verification, posing potential security risks.
The onus is on the owner of the group to check the identity of all members and that they are current members.
That is not a valid security strategy as it places responsibility on unqualified people, and it is open to mistakes.
|
Centralised user management ensures only authorised personnel can access specific groups; receive mass notifications, access key documents and be members of chat and Video Crisis Rooms. The system automatically updates joiners and leavers with API to Active Directory or HR databases, but without dependency on authentication.
Staff with permissions can instantly invite external experts into a VCR for immediate assistance without any need to register, but they cannot access chats or chat history, nor documentation without registration and verification.
|
|
Privacy
|
Joining groups requires sharing personal phone numbers; limited control over personal data visibility.
Users frequently expose their contacts’ mobile numbers to WhatsApp and Signal, which can be viewed by others without consent
|
Sentinel allows external participants to join a VCR without disclosing personal contact details.
When registering on the system, the user can select what personal details to make public. They can participate by name only, but the system admin has verified they are bona fide.
|
|
Document & File Sharing
|
Supports sharing of files and media; There is no control of what is shared and to whom, and there is no centralised logging.
“WhatsApp automatically performs checks to determine if a file is suspicious, to ensure that the format is supported on WhatsApp and doesn’t crash the app” However, WhatsApp do not claim 100% malware scanning.
|
All shared documents are scanned for malware; Any file containing malware is quarantined and the admin alerted to investigate.
Detailed logs track document sharing and downloads. If in appropriate files are shared, the Admin can delete files.
|
|
Backup Encryption
|
Whilst chats are E2EE, backups of chats can behaved by users in unencrypted or encryption forms depends on individual user settings. It is not possible to centrally enforce that all backups are encrypted.
Hackers can gain a rich insight by accessing unencrypted chat records
|
All backups of chats and video calls (VCR) are fully encrypted and stored on company central servers; No individual device backups are permitted.
|
|
Video Conference Recording
|
No recordings of one-to-one or group calls are stored or able to be stored by the users. There is therefore, no audit log capability.
|
Video Conference Rooms are recorded by default and recordings held on company servers for access with the right credential/permissions.
|
|
Call Transcription
|
Transcriptions of video calls are not available on WhatsApp. But the iPhone and now Android have recently introduced recording on standard calls and this may extend to WhatsApp in future.
The capabilities of recording increasing the risk of sensitive information leakage.
|
Transcriptions of VCR calls are stored centrally, encrypted at rest, and accessible only to authorised administrators for audit, compliance and training.
|
|
Mass Notification
|
Mass notification requires large groups to be established and then push notifications sent to the members. They are limited to group members; they cannot send alerts to non-members.
|
Sentinel supports mass notifications to all staff or limited groups of stakeholders via multiple channels (email, SMS, phone, voice and push notifications).
Communication with external parties in a cyber attack is vital for suppliers and customers.
|
|
Phishing & Social Engineering Risks
|
WhatsApp users are under constant attack from phishing attacks due to open group access and lack of user verification. It is up to the user to correctly identify the bad actor.
WhatsApp, in particular, frequently places private and company chat side by side and is therefore open to new attack vectors
|
Sentinel is a closed ecosystem with verified users; it reduces the risk of phishing and unauthorised access.
Compartmentalisation and multilevel permissions ensure that sensitive data is protected. YUDU Sentinel conducts regular penetration tests and is ISO 27001 certified.
|
|
Analytics & Logs
|
There are no centralised analytics or logging available; It is very difficult/impossible to track conversations and decisions made during incidents.
|
Sentinel has a comprehensive logging of all actions taken by staff and logs of all communications, emails, SMS, Chats and Video Crisis Rooms, providing legal compliance and thorough post-incident analysis is essential for learning and improving response.
|
|
Branding & Customisation
|
Both Signal and WhatsApp and generic social media applications with no corporate branding or customisation.
|
Sentinel provides branded applications with single sign-on capabilities between Sentinel apps. Where regulations or telecom technology permits, messages such as SMS are own-branded to provide authenticity to the recipient.
|
|
Metadata Handling
|
WhatsApp Collects and stores metadata, which may be accessible to third parties. Signal has extensive metadata collection, but less than WhatsApp.
- Phone number: Essential for registration and finding contacts.
- Profile picture and "about" information: Displayed to your contacts.
- Contact list Community, group, and broadcast list information: Records of your participation in these features.
- Device type, model, and operating system
- IP address
- Usage patterns: How frequently you use the app, the duration of your sessions, and your activity within the app.
- Internet connection information
- Location Information
- Transaction data
- Service-related information: Information about how well the service is working.
- Interaction with businesses: If you engage with businesses using WhatsApp
- Data sharing with Meta: Some information, like your phone number and IP address, is shared with Meta.
|
Sentinel collects minimal metadata collection and only data that is required to provide the service.
All Metadata is not shared with YUDU Sentinel but stored on the dedicated company servers under the control of the client and not shared with third parties.
|
|
Data Residency
|
Data storage locations are determined by the service providers; users have limited control over data residency.
|
Data stored in specified jurisdictions, complying with legal and regulatory requirements.
|
|
User Control Over Personal Data
|
Limited control over personal data visibility; personal information is visible to all group members.
|
Users can control the visibility of their personal information; administrators have oversight while maintaining user privacy.
|