The Beginner's Guide to MDM

Learn how to protect and manage your mobile devices with this step-by-step guide covering everything from planning groups and creating policies, to reporting.

Download Now
Device Management

3 Things You Should Know About Remote Wipe

“Remote wipe” is a term you’ll hear a lot when it comes to smartphones and tablets, especially regarding security, loss and theft. The idea behind it is that if a device is lost or stolen, someone can send a command that will completely remove stored data. That protects the company’s valuable assets and reduces the risk of breach or compromise.

Since a data breach costs an enterprise on average $3.62 million, aggressively wiping a phone is pretty good business sense. With this in mind, it’s worth taking a few minutes to understand remote wipe and the implications it has for your smartphone.

1. Remote Wipes Require Power and a Network Connection

Since “wipe” is a command that is sent to a device, it has to be turned on, connected to the network, and able to receive the protocol. If a device is lost at an airport, it may be easy to wipe. On the other hand, if someone wants to keep the device from being wiped, it’s easy to power it off, shield it or pop out the SIM card.

This means that when a device goes missing, it’s important to let your IT department know about it as soon as possible, as the window for wiping can be very small. When a device is intentionally stolen, it can be a matter of seconds before data is compromised.

2. Remote Wipe Is Not Monolithic

Today’s phones and management systems have a wide variety of options for remote erasure. In certain cases, it can be used to send the device back to factory reset status. In others, it can be subtler. For example, some setups have “enterprise wipe,” which only deletes the applications and data that were installed by the company, leaving personal data untouched. Phones that have a container setup such as Samsung Knox Platform for Enterprise may only have the enterprise profile wiped out, since your organization is more concerned with those assets.

One of the ideas behind enterprise wipe is that it can be used when someone leaves the company without properly deregistering their own smartphone. In that case, they may still be storing personal data, so just deleting the enterprise data makes more sense. However, when a device is lost or stolen, corporate information could be scattered in various folders, so a full wipe is more foolproof.

Mobile Security Is Crucial

icon of a documentWhite Paper

Find out why Samsung devices are some of the most secure available in this white paper. Download Now

Another variation of erasure is often called “KeepAlive.” With KeepAlive, the device must check in with the company’s MDM/EMM tools over the network every so often. If the device goes missing for too long, then it will automatically take action, such as a complete device reset. The idea behind KeepAlive is that if your phone is stolen and then disconnected from the network, data will still remain protected.

KeepAlive isn’t universally used, and can have some false positives if the MDM/EMM system is disconnected for too long. However, it’s another tool for your IT manager, and if they’re using it, you should be aware of it.

3. You May Not Be Able to Opt Out

Wiping is generally included with all MDM/EMM tools, so no matter which one your company is using, they probably have some level of erasure capability on your smartphone. If yours is corporate owned, then you should expect that they can clear it at any time.

In the case of BYOD, you still may be giving IT admins the ability to remotely wipe your phone out. Your organization installs an EMM/MDM agent or anti-malware tools on your phone, this will enable comprehensive management capabilities.

However, even if the smartphone is just connected to one company application or service, they still have remote and enterprise wipe functionality. When you enroll in those services, a screen pops up telling you that this is part of the package. But if you’re going quickly — or if someone in IT is doing this — you may not quite have realized what was installed.

Generally, there is no way to both have full access to your job’s services and prevent your IT administrator from having a wipe capability. For some people, these types of functions can seem a little excessive. Yet from the business’ point of view, it’s an important measure to protect their valuable informational assets.

A remote wipe policy is used by IT managers to help manage the risks presented by easily lost or stolen mobile devices. As an end user, understanding what remote wipe is capable of is beneficial if you find your technology compromised, and may be the right solution.

Learn more about what you can do if your phone is lost or stolen.

Posts By

Joel Snyder

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

View more posts by Joel Snyder