Enterprise Mobility strategy and residual data in discarded smart devices

While you are planning to sell your old phone or tablet, generally the first thing you would do is - "Factory Reset". And then you would hope that all the files, photos and documents in the device would get deleted by virtue of that, including your personal data and profiles. But does "Factory Reset" really do the stuff it is supposed to do?

In a recent study, one of the Mobile Security vendors purchased 20 previously-owned Android smartphones from eBay. Each of them were supposedly “wiped” beforehand. But the vendor used some basic off-the-shelf software , and they could recover more than 40,000 personal photos, emails, text messages, and – in some cases – the identities of the sellers. That's a staggering number, isn't it?
Now to take this problem to a larger perspective, think about the devices an employee is using in an organization. Enterprise Mobility is broadly put into two groups these days - Employee owned device (BYOD) or Company Owned device. There are variations and different flavors to these, depending upon the kind of customization and containerization being done in the device. To get these Mobile devices safely into the corporate network and for using the corporate apps, organizations generally adopt one or the other MDM (Mobile Device Management) platforms. IT managers work out an Enterprise Mobility strategy, on which Remote Wipe (for lost or rogue devices) and Wipe out (for phasing out devices) feature quite prominently. However do the IT managers really think about the challenges on failures around these techniques on solid state drives?
The experiment mentioned in the beginning of this article looked at personal data for users, like photos, emails, text messages etc. In Enterprise scenario, the sensitivity of the residual data can go much higher than few photographs and text messages. It can be as sensitive as company secrets. The experiment highlights how vulnerable corporate data & secret can be, if the IT manager is solely depending on the standard Factory Reset or Remote Wipe features of an Android phone. A sound and thought through strategy for handling discarded devices must figure in the Enterprise Mobility strategy for any IT manager, which must go beyond the Factory reset button.
How does your organization handle discarded smartphones / tablets to protect your business secrets and details? Do share your inputs.

PS1: More on the Mobile Security vendor's experiment can be read here.
PS2: This post was also published in my Linkedin Author page - here.

Thank you for checking this article. I contribute regularly on Technology & Management related stuff. Apart from this blog, you can follow me at 
Twitter: https://twitter.com/csubhamoy
Facebook: https://www.facebook.com/csubhamoy
Linkedin: https://www.linkedin.com/in/csubhamoy

About me: I have been working in the areas of IT strategy & usage of Digital technology to deliver business growth. My areas of interest include Enterprise Mobility, Cloud Solution Architecture, Enterprise Architecture, Social Media and Big Data. I am an alumni of Indian Statistical Institute (MTech Computer Science) and also attended Harvard Business School Executive Education on Innovation and Driving Growth.

Kolkata Bloggers