One of the most common features touted by the Mobile Device Management (MDM) solution providers is the ability to remotely wipe a lost or stolen device.
One of the most common features touted by the Mobile Device Management (MDM) solution providers is the ability to remotely wipe a lost or stolen device. This capability lets the administrator send a command to the software installed on the device to wipe the data and apps on the gadget whenever it connects to a network. While a useful attribute,
this feature presents its own complications.
Why is wiping required?
Wipe is required to protect the corporate data on a device. Well, not really protect, but remove. With small form factors and the propensity of the owners to carry them everywhere, smart devices are fairly easy to lose, or get stolen. Losing a device means losing the data that is in it. While you may be worried of losing all your contacts and the pictures that remind you of the wild times, your company has bigger fears. Your device had multiple corporate applications, with the password saved. This means that anyone who has it now has access to internal enterprise systems. That cannot be allowed, period. Therefore, we wipe.
But then again, is it required?
To debate on the applicability of remote wipe, we have to first understand the use-cases. The only scenarios under which you would part with your precious shiny little companion are when someone else believes that they have the right to use it without paying for it, and flick it, OR, you were too busy staring the beautiful girl on the bus, and when you decided to get off on her stop, you left the little fellow on the seat.
Now lets try to figure out what happens next. If you lost your device, someone will find it. Now, one of 2 things will happen. It the may happen that person is a good Samaritan, and will try to locate you and return the device, or submit it in some lost and found, where it is unlikely it will ever see the light of the day. A more likely chain of events is that the person believes in “finders keepers”, and decides to use the device. In such a scenario, most likely, the first thing that the person would do is to do a factory reset, and clean the device to make it his own. In the first possibility, if you get your device back, you would not want it to be blank. In the second case too, wiping is made redundant by the reset.
Let us now consider the situation where you are the victim of the most common of the human vices, greed. There are 2 reasons why people steal other people’s stuff – to use it, or to sell it. In both situations, the device must be cleaned to be of use.
There is however, the remote possibility that you are a target of carefully plotted corporate espionage, and the data on your device will be misused. In such a situation, wiping is required. However, this situation is rare, and people indulging in such activities will not be novices who will have their plans thwarted by an MDM tool. Your device will probably end in a Faraday cage with no remote access.
What can go wrong?
If remote wiping is done in haste, and the employee gets the device back, you will not hear the end of it. Also, if the device is BYOD, the liability of the loss of data is on the enterprise. On the other hand, time is of essence when dealing with crooks, and therefore laxity in action might lead to huge losses.
