Remote wiping: Tools and practices to protect corporate data

Mobile connectivity increases productivity but threatens corporate data. John Overbaugh discusses the advantages and limitations of remote wiping.

With the rush to embrace mobile technologies and the productivity gains which come from employees being connected 24/7, companies are fighting a battle between improved productivity and increased security and privacy risk. As the mobile space matures, more vendors and platforms are offering options to protect corporate data by enabling remote wipe scenarios.

Remote wipe is a must-have security feature for any company allowing users to synchronize email to mobile devices.

Remote wiping works something like this: Jill, a product owner for XYZ Development, carries an iPhone with her everywhere she goes. Her full corporate email account is synced to the device, which is locked with a complex alpha-numeric passphrase. Jill's email includes numerous threads covering proprietary intellectual property (IP) related to the company's next-generation application. Jill makes a major career decision to leave the corporate world and join a small consulting firm specializing in Agile project management. She wants to keep her iPhone, so for her last few days she maintains a low profile and doesn't voluntarily share her plans. At the end of her last day, access to her company account is terminated -- but all that email data is still on her phone. The following day, the IT director realizes Jill hasn't volunteered her phone. Worried about the potential release of IP, the director initiates a remote wipe. The email account on Jill's phone attempts to initiate another sync, and the remote wipe command is sent from the server to the device. In seconds, all data on Jill's phone is erased and it's returned to factory condition.

Remote wipe is a core feature in two main corporate mobile email sync strategies: native sync and container applications. Native sync uses ActiveSync for Exchange access within the default mail applications on the platform. Container applications are applications with strong container functionality such as Good from Good Technology or NitroDesk's TouchDown. Remote wipe is a must-have security feature for any company allowing users to synchronize email to mobile devices, whether they are personally-owned in a BYOD environment or corporate issued.

There are two major limitations to the remote wipe technology. The first is a privacy issue. Users treat mobile devices as an extension of their personal life, regardless of who originally procured the device. Employee iPhones are full of pictures documenting their baby's first steps or their daughter's college graduation ceremonies. The remote wipe is brutally thorough. It doesn't simply delete email and calendar items, it initiates a whole-device destruction of all data, corporate or personal. Negative repercussions of a remote wipe begin with employee frustration at losing personal data but can quickly escalate to legal action, although, to date, no case has been heard.

The second problem with remote wiping is that it only addresses data on the device. With Apple's iTunes, users can store device images locally and now in iCloud. Google Android users have cloud storage options as well. Remotely wiping data from the device may stop the honest user from leaking corporate information, but a committed user would be able to re-access the data relatively easily.

A lot has been written about the added value of mobile connectivity, and many employees love the "always connected" lifestyle. Still, companies need to weigh the advantages of supporting mobile connectivity against the likelihood of data loss.

This was first published in January 2014

Dig deeper on Software Security Testing Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

John Overbaugh asks:

Do you think remote wiping is a reliable security precaution?

0  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close