May 08 2013

Automatic or Manual: An Explanation of Two Types of Remote Wiping

MDM software is vital for the success of BYOD programs in government.

No matter how careful users are with their mobile devices, accidents happen. Devices will be lost, stolen or otherwise unaccounted for. And these devices may contain sensitive information belonging to the organization, which must be safeguarded from any parties that gain access to the devices.

One helpful feature for safeguarding devices is remote locking. By authorization of an administrator, enterprise MDM software can issue a command to immediately lock a managed mobile device — preventing access until the necessary credentials (such as passwords, biometrics or cryptographic tokens) have been presented. This feature is helpful if a device was unlocked or in an unknown state when lost or stolen because implementing a device lockdown can prevent any further access to applications or data.

Another helpful feature for safeguarding devices is remote wiping. Remote wipes take two forms.


The percentage of organizations that have implemented an MDM solution.

SOURCE: Survey Employees to Target Mobility Improvements, Forrester, April 2012

The first, an administrator-issued command through enterprise MDM software, transmits to a lost or stolen device and causes it to destroy its organization-issued data and applications — securely wiping that portion of the device so that no information can be recovered from it.

The second involves configuring a device so that after a certain number of consecutive failed authentication attempts, the device will securely wipe itself.

Both forms of remote wiping achieve similar results, but the first form requires a device to be reported to the organization as lost or stolen, while the second automatically works if someone tries repeatedly to log on to a device that isn’t their own. Unfortunately, the second form wipes the entire device, not just the organizational content. Plus, if the owner of the device simply fails to authenticate several times in a row, he or she can trigger this type of wipe accidentally.

But if a device is lost or stolen and ends up in the wrong hands, a person may be delighted to have a remote wipe destroy their personal banking information, social networking credentials and other sensitive information on the phone as well. Given this possibility, remote wiping may need to be considered on a case-by-case basis.

Learn more about remote wiping and mobile security in our BYOD Security reference guide.