Why I Should Care Where My Company's Mobile Devices Go.
Managing end of life technology is somewhat of an afterthought. Why? To run a company, millions of dollars are spent on the right technology. From mobile devices to mainframes and everything in between, a lot of thought, effort, time and money is put into deciding and implementing these solutions. For some reason, however, there is a significantly smaller effort in deciding what to do once it is time to dispose of the IT equipment. Even more puzzling is when it is time to upgrade or recycle assets such as mobile devices and tablets, it is basically an afterthought. The importance of disposing of all IT equipment properly can NOT be understated. When equipment is in your IT environment, the control belongs to you. Once your equipment is handed off at the end of its life, (regardless of who is liable at that point), you need to understand what is happening to it, and you need to truly trust the company that is doing it for you. So, when it comes time to dispose of your equipment, what do you and your company do? How are you sure you’ve properly vetted a disposal company? What do you look for? What questions do you ask? How do you know they do what they say they do? There are so many factors in considering a partner. It’s not so much the average cost of a data breach being $4 million and climbing, but it’s your company’s brand. The name and reputation is what is most important and what must be protected along with the data. As I stated earlier, mobile devices and tablets are an afterthought in both the disposition as well as the end of life disposition. Let’s dive into one of the main reasons this is.
There is not much security risk with mobile devices or tablets.
That is a very dangerous thought. Most companies are under the incorrect assumption that managing a mobile environment, i.e. eliminating or reducing risk, can be done by utilizing a Mobile Device Management (MDM) system like MaaS 360, Airwatch and MobileIron. While an MDM is a necessity, and it certainly helps, it still does not mitigate risk at the end of life of the device. Not only are there still risks involved, but using an MDM is not compliant with NIST guidelines – specifically NIST 800.88 Rev. 1
“Sanitization performed via a remote wipe should be treated as a Clear operation, and it is not possible to verify the sanitization results.”