Upload
gong688665
View
213
Download
0
Embed Size (px)
DESCRIPTION
Erasure Method for Mobile Devices - Understanding the Options by Type of Device
Citation preview
1/21/2016 Erasure Method for Mobile Devices Understanding the Options by Type of Device IT Asset Knowledgebase
http://itak.iaitam.org/erasuremethodformobiledevicesunderstandingtheoptionsbytypeofdevice/ 1/3
Erasure Method for Mobile Devices – Understandingthe Options by Type of Devicein Disposal Management April 26, 2015
By Ryan Laber & Steve Manalac, Arrow Value Recovery
The proliferation of smartphones and tablets within the enterprise is prompting many asset managers and otherIT professionals to examine their data destruction strategy. According to a recent Gartner report, by 2017 themajority of endpoint data breaches will shift from personal computing to smartphones and tablets. Of thosebreaches, 75% will come from mobile application misconfiguration. This will challenge the reliance on remote,applicationbased erasure strategies used by many today.
Selecting the right data destruction approach depends on your organization’s aversion to risk, the technology youdeploy and the resources at your disposal. In this article, we’ll offer key considerations that should inform yourdecisionmaking and assist in the pursuit of the best solution for your enterprise.
Evaluating Risk Levels
Risk assessment methods offered by the National Institute of Standards and Technology (NIST) have not changedin recent years, but data erasure recommendations for mobile devices have received a needed revision. For thoseunfamiliar with the risk categories identified by NIST, a review of Special Publication 80053, Security and PrivacyControls for Federal Information Systems and Organizations, will offer data categorization based on the impact ofits breach. The risk categories assigned by a risk level of low, medium and high can be leveraged in policymaking throughout the management and disposal of databearing assets.
Erasure methodologies have recently been updated with the completion of the first revision to NIST 80088,Guidelines for Media Sanitization. Published in December 2014, this revision includes protocols for mobile devicesand offers organizations technical criteria for erasure utilities. Since the technique applied to mobile devices isdifferent from standard magnetic overwriting to hard drives, enterprises should consider incorporating thespecifications into policies, documentation, contracts and training for both internal use and that of vendors.
Destruction Methods
Due to the lack of standardization between mobile devices, what may seem a standard approach to erasure canrender significantly different results. For example, hardresetting an iOS device cryptographically removes keysthat decipher data. But for Android devices, a hard reset may only reset settings and leave user data readable. Mobile device management (MDM) vendors, encryption, hardresetting, cloudbased application hosting anddevicelocking each have their strengths and weaknesses. Adding to the complexity are Bring Your Own Device(BYOD) policies and user environments that allow differing operating systems with dozens of version releases. When selecting a destruction method, it’s worthwhile to understand what happens to the device with eachapproach.
Reset Settings
This feature will return all device settings back to the factory defaults but retain all user data. Settings includewallpaper, ringtones, fonts and other user preferences. Any information recorded to the unit, such as photos,texts and emails, will remain. This approach does not typically destroy user data.
Hard Reset
The term “hard reset” is not strictly interchangeable among the various operating systems.
For Apple devices, the “Erase All Content and Settings” option implements a cryptographic erase that overwrites
1/21/2016 Erasure Method for Mobile Devices Understanding the Options by Type of Device IT Asset Knowledgebase
http://itak.iaitam.org/erasuremethodformobiledevicesunderstandingtheoptionsbytypeofdevice/ 2/3
the encryption key with a new one and forces the device to download and install the latest firmware. Althoughthe data remains on the device, it’s encrypted. Thirdparty tools may be used to overwrite addressable areas forfurther security.
For BlackBerry devices, the “Security Wipe” option overwrites all user data. Additionally, if “ContentProtection/Encryption” is enabled, the device performs a scrub of the BlackBerry device memory.
For Android devices, the “Factory Data Reset” option typically resets all settings and removes all file pointers. Thedata is not usually overwritten. While later versions of the Android operating system support encryption, some donot enable it by default. The dozens of makes and models that carry the Android O/S make systematic encryptionand erasure difficult to implement consistently. Some independent data erasure utilities have dedicatedengineering teams to design software that can address each make and model, but careful screening should beundertaken to ensure each of your device types have been researched properly.
For Windows devices, the “Reset Your Phone” option clears all settings and overwrites user data. Most Windowsdevices cannot be encrypted natively on the device. Like Android, there are different manufacturers, each withdifferent limitations and capabilities, which makes the results of this reset dependent on the device.
It’s also worth noting that each of these methods requires the device to complete the reset process. Commonissues include insufficient battery life, poor connectivity for firmware updates, competing thirdparty applicationsand user error.
MDM and EMM
MDM and enterprise mobility management (EMM) are terms given to the general administration of mobile phonesand tablets, including business software applications and security policies. MDM is now considered a part of theoverall EMM environment. To manage data, an application is downloaded to the device that installs policies andprofiles that are managed by a central server. A common service of the EMM is “containerization” of confidentialdata. The container records information using an encryption key that, once removed, makes the recovery of datavery difficult. Savvy users may find methods to store data outside the container, and policies should be designedto limit this activity.
Device Lock
As mobile device theft grows, locking features have risen in popularity. The most common is the “Find MyiPhone” (FMiP) security feature from Apple. It enables users to identify the location of their mobile device in theevent that it is lost or stolen. FMiP also gives one the ability to remotely erase the device, prompt an alternatephone number to contact if lost, and make an audible sound if lost in your home or office. The feature uses GPS,WiFi and carrier data to identify the location and perform remote actions. It is integrated into iOS 7 and 8 andcan be turned off or on. If enabled, the user can log in to the iCloud website via any device to track and issuecommands. If FMiP is enabled, it cannot be unlocked for use without the original password. Not only does thispose a deterrent to theft, but it also significantly impacts the unit’s secondary market value.
Connectivity Considerations
Since mobile devices can maintain cellular and WiFi connectivity, they carry additional risks during disposal.
Activation Check
Occasionally devices are retired with a service plan that remains active. This most commonly occurs on tabletswhose cellular connection is managed by a corporate office versus a smartphone line which typically transfers to auser’s new phone. Until the service is canceled, organizations may pay for unused lines. An activation check, bythe organization or its disposition provider, can catch these active lines so they may be terminated.
Cloud Sync
1/21/2016 Erasure Method for Mobile Devices Understanding the Options by Type of Device IT Asset Knowledgebase
http://itak.iaitam.org/erasuremethodformobiledevicesunderstandingtheoptionsbytypeofdevice/ 3/3
Many devices are enabled with a cloudsyncing feature that backs up user data. If the cloudsync profile is notremoved from the device, data may be pushed back onto the unit after its retirement. When sync profiles havenot been terminated, these devices pose a data security risk even if erasure has been attempted.
An Auditable, Documented Process
Much like other databearing technology, mobile device disposition should follow an auditable, documentedprocess of data destruction. There are far too many stories of employees leaving retired devices unattended,stolen equipment or inappropriate trashing of hardware by disreputable vendors. Either your staff needs to followa process of risk assessment, method selection and documentation, or your disposition vendor should becontracted to do so.