07/07/2014

Supreme Court Exposes Limitations of MDM Solutions

by ZixCorp


We’ve long alluded to the fact that mobile device management (MDM) has its limitations for both businesses and their employees. But hey, don’t take it from us….hear what the Supreme Court had to say in its recent ruling against cellphone searches without a warrant.

In the opinion statements, Chief Justice John G. Roberts rejected the argument that evidence won’t be able to be preserved by the police due to phone wiping or encryption:

Remote wiping can be fully prevented by disconnecting a phone from the network. There are at least two simple ways to do this . . .

He then goes on to describe the two ways:

First, law enforcement officers can turn the phone off or remove its battery. Second, if they are concerned about encryption or other potential problems, they can leave a phone powered on and place it in an enclosure that isolates the phone from radio waves.

The last bit describes the use of Faraday bags, which the Court goes on to explain in more detail.

(As a side note, it’s true that shielding the phone within a Faraday bag would prevent a remote wipe. However, such a technique would not prevent encryption from rendering the data unreadable.)

The bottom line – even the Supreme Court realizes that “wiping a phone” (the primary security defense used by MDM) is easy to circumvent and can’t be relied upon with a high degree of confidence.

While many IT admins may look towards remote wiping as a tool for BYOD security, it shouldn’t be the main piece of arsenal. At the end of the day, there are alternative methods of protection, such as keeping corporate data off the device and disabling access if the phone is lost or stolen.

What’s your take? Is remote wiping an effective or overrated security practice?

Posted: 7/7/2014 12:00:00 AM by Global Administrator | with 0 comments
Filed under: BYOD, Court, device, Industry, Legal, management, MDM, mobile, Privacy, SCOTUS, Supreme


Recent Posts

10/16/2018

New Email Attack Shows How Hackers Can Hijack a Legitimate Email Thread

by Guest Blogger David Bisson

View Blog Post

10/04/2018

Unified Search Is a Seamless Solution for Increasing Regulatory Burden

by David Wagner

View Blog Post

09/26/2018

What the NIST Small Business Cybersecurity Act Means for You

by David Wagner

View Blog Post