Remote Device Data Erasure for an Increasingly At-Home Workforce

This week’s Industry Voices is a blog post from Russ Ernst, Executive Vice President, Products and Technology at Blancco, about a growing trend of remote workers increasing security risk for corporate data on company-owned PCs and laptops, especially when employees leave the organization or need equipment replaced.

Since March of 2020, we’ve seen a significant number of enterprises migrate to an increasingly remote workforce. Eighty-eight percent of organizations worldwide made it mandatory or greatly encouraged their employees to work from home after the World Health Organization (WHO) declared COVID-19 a pandemic.

And although over three-quarters of remote employees say they’re more productive while working from home, over half of all IT professionals think that remote workers present a greater security risk.

Data security is the highest priority when enterprises are managing their IT assets remotely. Forty-two percent of employees that currently have a remote work option plan to work remotely more often in the next five years. Of those remote workers, nearly all would prefer to continue working from home to some extent, while nearly three-quarters of companies plan to make working remote permanent.

A remote workforce presents a greater security risk for corporate data on company-owned IT assets, especially when employees leave the organization or need replacement equipment. This is because when data assets move outside of enterprise control for repairs, replacement or return, they face the potential for loss, theft, or other forms of data vulnerability.

Remote Device Erasure Prevents Unnecessary—and Risky—Data Mobility on In-Transit Devices

Data security best practice is to properly sanitize all data-storage assets before they move from a more protected area to a less protected one, and that includes when devices like desktops and laptops are shipped or otherwise transported from an employee’s home to any other location. This ensures that confidential or personal information is completely erased from the device, then verified and certified, protecting that asset against a data breach and reinforcing compliance with data protection regulations.

Sanitizing Devices Before Shipping Reinforces Data Security Policy, Enforces Regulation Compliance

While this also applies when reusing assets internally, enterprises should also incorporate this asset management best practice in its security policies for remote workers. When an employee is due for a new device, for instance, enterprises should require that the old device should be erased before being handed to a shipper or courier, even if the final destination is a secure facility. Furthermore, companies would do well to insist on verified and documented data erasure for their own peace of mind and for compliance purposes. Such documentation addresses chain of custody and data management issues and provides proof of data erasure to IT departments and external auditors.

Blancco solutions for remote device data erasure allow enterprises to erase data from corporate assets from any location. This ensures asset data is securely protected before leaving the employee’s home.

PreInstall Options Ease Data Security Burden on IT Staff

With Blancco Drive Eraser, this process allows for complete data security while the company-owned laptop is in transit, whether that asset returns to central IT or heads to the company’s IT asset disposition partner. The Blancco solution allows for data erasure for the full PC or laptop without the need to remove drives before shipping, sending a tamper-proof certificate of erasure to a central repository. This remote data erasure can take place with limited IT interaction and with minimal network connection requirements.

In fact, by using our preinstalled solution, IT administrators or service providers can easily enable PC and laptop erasure anywhere in the world two different ways:

  • Organizations can remotely connect to the employee asset for an immediate erasure need.
  • Or, if the organization proactively embeds the solution when preparing the device using endpoint deployment tools, its employees can perform secure erasures when required. In this latter case, there’s no need to remote control the device—the device is already set up to proceed with a fully automated erasure.

How Does Remote Device Data Erasure Work in Real Life?

The beauty of either method is that there does not need to be a technician at the employee’s home, nor does the employee need to be technically savvy to have their device erased before shipping it for repairs or return.

For example, let’s say we have a Windows 10 machine that should be erased immediately. And, let’s assume that the erasure software was not installed before issuing the computer to the home worker.

Installing Blancco Drive Eraser Remotely

Using a common secure connection, like VPN, administrators can access internal resources and directly push Blancco Drive Eraser to that employee’s specific device, no matter where the employee lives. Administrators can also use third-party remote-control software to push the application to that device.

From there, the only thing the employee needs to do is click on a shortcut icon now on their Windows 10 desktop. The shortcut will locally install Blancco Drive Eraser onto the drive, then reboot the machine. However, instead of launching the traditional operating system when rebooting, it will boot into the Blancco Drive Eraser software.

The employee can select between Blancco Drive Eraser solution or revert to the Windows operating system, but by default, it will automatically start the erasure software, decompiling it and going straight to the Blancco graphical user interface.

Executing the Device Erasure

The process continues to be hands-off after this point, providing seamless ease of operation for the home worker. Once the software is up and running, it detects the drive, starts the erasure of the drive and completes the erasure automatically. Once the erasure is complete, the software verifies the erasure, applies a tamper-proof digital signature, and sends the report to a central repository, the Blancco Management Console, where enterprise administrators or auditors can access it. If enterprise administrators choose, the process can also be set up to turn off the machine once the report goes to the Blancco Management Console.

Blancco remote device erasure is truly a fully automated process with few to no interactions from the end-user. What’s more, this process can be fully integrated within IT endpoint management platforms like Microsoft Intune or ServiceNow, making execution (and the resulting data security) even easier for IT teams.

See How Remote Data Erasure Can Work For Your Enterprise

It’s easy to see if remote device erasure is right for you. Our Blancco representatives will walk you through the process and answer any questions you may have about deployment options and available data erasure standards during a free trial.

Simply sign up for your Blancco Enterprise Data Erasure Trial to find out how remote device erasure can support your data protection and information security policies for your at-home workers.