Tip

Remote wiping: Tools and practices to protect corporate data

With the rush to embrace mobile technologies and the productivity gains which come from employees being connected 24/7, companies are fighting a battle between improved productivity and increased security and privacy risk. As the mobile space matures, more vendors and platforms are offering options to protect corporate data by enabling

    Requires Free Membership to View

remote wipe scenarios.

Remote wipe is a must-have security feature for any company allowing users to synchronize email to mobile devices.

Remote wiping works something like this: Jill, a product owner for XYZ Development, carries an iPhone with her everywhere she goes. Her full corporate email account is synced to the device, which is locked with a complex alpha-numeric passphrase. Jill's email includes numerous threads covering proprietary intellectual property (IP) related to the company's next-generation application. Jill makes a major career decision to leave the corporate world and join a small consulting firm specializing in Agile project management. She wants to keep her iPhone, so for her last few days she maintains a low profile and doesn't voluntarily share her plans. At the end of her last day, access to her company account is terminated -- but all that email data is still on her phone. The following day, the IT director realizes Jill hasn't volunteered her phone. Worried about the potential release of IP, the director initiates a remote wipe. The email account on Jill's phone attempts to initiate another sync, and the remote wipe command is sent from the server to the device. In seconds, all data on Jill's phone is erased and it's returned to factory condition.

Remote wipe is a core feature in two main corporate mobile email sync strategies: native sync and container applications. Native sync uses ActiveSync for Exchange access within the default mail applications on the platform. Container applications are applications with strong container functionality such as Good from Good Technology or NitroDesk's TouchDown. Remote wipe is a must-have security feature for any company allowing users to synchronize email to mobile devices, whether they are personally-owned in a BYOD environment or corporate issued.

There are two major limitations to the remote wipe technology. The first is a privacy issue. Users treat mobile devices as an extension of their personal life, regardless of who originally procured the device. Employee iPhones are full of pictures documenting their baby's first steps or their daughter's college graduation ceremonies. The remote wipe is brutally thorough. It doesn't simply delete email and calendar items, it initiates a whole-device destruction of all data, corporate or personal. Negative repercussions of a remote wipe begin with employee frustration at losing personal data but can quickly escalate to legal action, although, to date, no case has been heard.

The second problem with remote wiping is that it only addresses data on the device. With Apple's iTunes, users can store device images locally and now in iCloud. Google Android users have cloud storage options as well. Remotely wiping data from the device may stop the honest user from leaking corporate information, but a committed user would be able to re-access the data relatively easily.

A lot has been written about the added value of mobile connectivity, and many employees love the "always connected" lifestyle. Still, companies need to weigh the advantages of supporting mobile connectivity against the likelihood of data loss.

This was first published in January 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

Do you think remote wiping is a reliable security precaution?

John Overbaugh
What's your opinion?
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.