In today's world of mobile devices and remote work, it's crucial for organizations to have the ability to remotely wipe company data from managed endpoint devices. This Universal Endpoint Management control is all about defining, implementing, and evaluating processes, procedures, and technical measures to make remote wiping possible. It's a powerful tool that can be a lifesaver in situations where a device is lost or stolen, but it's also one that should be used with caution.
Where did this come from?
This control comes from the CSA Cloud Controls Matrix v4.0.10 - 2023-09-26, which you can download from https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4. The Cloud Controls Matrix (CCM) is a comprehensive set of controls designed to help organizations assess the security risks associated with cloud computing and to guide them in implementing best practices.
Who should care?
This control is particularly relevant for:
- IT administrators responsible for managing and securing endpoint devices
- Security professionals tasked with protecting company data on mobile devices
- Compliance officers ensuring adherence to data protection regulations
- Business leaders concerned about the security risks associated with lost or stolen devices
What is the risk?
The primary risk that remote wipe capabilities help mitigate is unauthorized access to sensitive company data on lost or stolen devices. Without the ability to remotely wipe a device, an attacker who gains physical access to it could potentially access confidential information, leading to data breaches, intellectual property theft, or reputational damage. Remote wipe functionality can help prevent these adverse events by ensuring that company data can be promptly deleted from a device if it falls into the wrong hands.
What's the care factor?
The care factor for remote wipe capabilities depends on the sensitivity of the data stored on managed endpoint devices and the consequences of that data being compromised. For organizations that handle highly sensitive information, such as financial institutions, healthcare providers, or government agencies, the ability to remotely wipe devices should be a top priority. Even for companies with less sensitive data, the reputational damage and potential legal repercussions of a data breach make remote wipe an important consideration.
When is it relevant?
Remote wipe is most relevant in situations where:
- Employees use mobile devices (smartphones, tablets, laptops) to access company data
- Devices are used outside of the office and are at risk of being lost or stolen
- The organization handles sensitive data that could cause significant harm if compromised
On the other hand, remote wipe may be less relevant for:
- Organizations that do not allow company data to be stored on mobile devices
- Devices that are used exclusively within a secure office environment
- Companies with data that is not particularly sensitive or valuable
What are the trade-offs?
Implementing remote wipe capabilities does come with some trade-offs:
- It requires an investment in endpoint management software and infrastructure
- Employees may be resistant to the idea of their devices being remotely wiped
- Accidental or malicious triggering of remote wipe could lead to data loss and productivity disruption
- Remote wipe may not be effective if devices are not connected to the internet
How to make it happen?
- Choose an endpoint management solution that supports remote wipe functionality, such as Microsoft Intune, VMware Workspace ONE, or MobileIron.
- Define clear policies and procedures for when and how remote wipe should be used. This should include criteria for triggering a remote wipe, approval processes, and documentation requirements.
- Configure your endpoint management solution to enroll all managed devices and enable remote wipe capabilities. This typically involves installing a management agent on each device.
- Test your remote wipe functionality regularly to ensure it works as expected. This can be done by enrolling a test device, triggering a remote wipe, and verifying that all data is successfully deleted.
- Train your IT staff on how to initiate a remote wipe and what the procedures are for doing so. Also, educate your employees about the remote wipe policy and what they should do if their device is lost or stolen.
- Monitor device status and be prepared to initiate a remote wipe if a device is reported lost or stolen, or if unusual activity is detected.
What are some gotchas?
- Ensure that your endpoint management solution supports all the device types and operating systems used in your organization.
- Be aware of any regulatory requirements around data retention that may impact your ability to perform remote wipes.
- Consider implementing a selective wipe capability that only deletes company data, rather than a full device wipe, to minimize impact on employee personal data.
- Make sure that devices have a reliable internet connection so that remote wipe commands can be received and executed promptly.
The exact permissions required for remote wipe will depend on your specific endpoint management solution. For example:
- Microsoft Intune requires the "Wipe managed company app data (preview)" permission, which is part of the Device administrator role (source).
- VMware Workspace ONE requires the "Device Wipe" permission, which is part of the Console Administrator role.
What are the alternatives?
While remote wipe is a powerful tool, it's not the only way to protect company data on mobile devices. Some alternatives include:
Explore further
For more information on remote wipe and related security controls, check out:
- CIS Control 13: Data Protection - Outlines best practices for protecting sensitive data, including remote wipe (link)
- NIST SP 800-124 Rev. 2: Guidelines for Managing the Security of Mobile Devices in the Enterprise - Provides guidance on securing mobile devices, including remote wipe (link)
?