Remote Wipe: A Must for Mobile Security

As more employees use smartphones and tablets to share sensitive information, remote wipe – the remotely controlled deletion of some or all of the content on a mobile device – has become a necessity in order to ensure true enterprise mobile security. According to the Wall Street Journal, mobile device management company Fiberlink Communications reported that it wiped 51,000 devices in the second half of 2013, and already 81,000 devices in the first half of 20-14.

What Is Remote Wipe? Can It Completely Erase Device Data?

Remote wipe is a method of deleting data from a device, such as a laptop computer, smartphone, or tablet. A remote wipe is usually used in the event of a data security breach, or when a device is lost or stolen. Remote wiping is usually initiated from a remote server and can be triggered by a specific action, such as a user trying to access the device, or from within the device’s settings. While a remote wipe can delete most information from a device, it will not completely erase all of the stored data. Some residual data may remain that could be accessed with forensics tools or data recovery software. Therefore, it is important to ensure that a remote wipe can completely erase all data from a device before it is recycled or disposed of.

To achieve maximum mobile security, an enterprise must be able to remotely wipe the contents of an employee’s mobile device, especially if that employee uses his/her device to store and share confidential content. Remote wipe capabilities are imperative when a mobile device:

• has been lost or stolen
• belongs to an employee who has quit the organization or been fired
• contains malware that is attacking the enterprise network or other resources

How Does Remote Wipe Work?

A remote wipe is the act of using a command to delete all data from a device. This process is typically done remotely from a separate device and can be coordinated from either the device itself or from a web-based management system. This allows the user to remotely delete data from a device that may be lost or stolen. The remote wipe command will typically overwrite all data on the device, making it impossible to recover. A remote wipe may also include the ability to remotely lock the device or remove it from the account. This helps prevent data from being accessed by unauthorized users.

Why Is Remote Wipe Important to Enterprises?

Remote wipe is an important tool for enterprises, as it enables organizations to remove sensitive data from lost or stolen devices. This is important because it can protect an organization’s intellectual property and trade secrets, as well as confidential customer information from being accessed by unauthorized users. It also reduces the risk of malicious software being installed on devices that could give attackers access to an organization’s network. Additionally, if a mobile device is lost or stolen, a remote wipe allows an organization to quickly delete corporate (read: sensitive) content and minimize their losses. Enterprises should consider such technology as a proactive approach to protect corporate data and the privacy of their customers.

Challenges With Remote Wipe

While remote wipe has clear advantages, it isn’t a cure-all for mobile security. For example, some remote wipe operations erase only part of the data on a mobile device, such as the folders and apps dedicated for business, however, other remote wipes erase the entire contents of the mobile device. This means that employees sometimes delay reporting lost devices, because they fear that, in addition to remotely wiping business data, the IT department will erase personal files such as photos. These delays leave business data potentially available to whoever finds the device and manages to access its files.

This behavior highlights a more fundamental problem: employees tend to value, even cherish, the personal data on their mobile devices while undervaluing the business data on those same devices.

Recent surveys support this cavalier attitude towards mobile security:

• 15% of mobile workers believe they have little or no responsibility to protect the data stored on their personal devices
• 59% estimated the value of the corporate data on their phones to be less than $500
• About 33% of employees who had lost their phones did not change their habits afterwards

If employees aren’t taking mobile security seriously, enterprises have to pick up the slack. Remote wipe is a big step towards achieving mobile security.

Best Practices for Remote Wipe and Secure Mobile File Sharing

Given these risks and challenges, how should enterprise IT organizations manage remote wipe operations in order to maximize mobile security? Here are four suggestions:

1. Deploy a secure container solution for mobile devices. Secure mobile containers store business data separately from personal data and make it easier for IT administrators to erase business data without affecting personal data. Secure mobile containers offer other security advantages as well, such as improved protection from mobile malware.
2. Let employees know that the organization’s secure mobile file sharing solution will never erase their personal data. This eliminates any reason for employees to delay reporting lost or stolen devices.
3. Educate employees about the importance of mobile security, namely protecting the business data on their mobile devices. Business data is often much more valuable than the $500 cited by employees in polls. Customer data in regulated industries, for example, could lead to fines costing tens of thousands of dollars or more if it were to be exposed. Other lost data, such as product plans, could lead to company losing its competitive advantage. Employees should realize that a $200 smartphone might contain data of inestimable value.
4. Track the use of business services on mobile devices. If a device known to contain business data has not accessed any enterprise servers in several weeks, chances are the device is no longer in the owner’s possession and its data may be vulnerable. Upon detecting a suspiciously quiet device, the IT department might want to contact the device owner and make an inquiry.

Secure mobile file sharing solutions, like the Kiteworks secure file sharing and governance platform, protect sensitive content stored on and transmitted with mobile devices. Capabilities such as remote wipe, secure containers, encryption of content in transit and at rest ensures mobile security and enables organizations to demonstrate compliance with rigorous data privacy regulations.

Additional Resources

• Case Study Seyfarth Shaw: Serving Clients Better Through Secure Mobile File Sharing
• Blog Post Kiteworks Mobile App Provides Senior Executives Enhanced Productivity and Security
• Blog Post Developers Beware: Poor Coding Practices Results in Poor Mobile App Security
• Video Kiteworks Secure Mobile File Sharing for Senior Executives
• Video Kiteworks Snackable Bytes: Secure Mobile App