Is Remote Wipe still relevant in a modern Backup Strategy?
“Do you support Remote Wipe?”. We still get this question. And it is usually clear that the prospect is running down a checklist of things someone gave them to ask – or they’re simply looking through a competitor’s datasheet and rattling off the bullets they see in there.
“Do you have Bitlocker?”, I ask him. “Yes”, he beams proudly. “90% of our laptops run Windows 10. And we’ve got Bitlocker turned ON for all of them”.
“So, you have Bitlocker?“, I ask him. “Why do you still worry about Remote Wipe?”
It was clear to me he hadn’t connected the dots. But he isn’t alone.
Let’s break this down to understand what Remote Wipe does, and what a Full Volume Encryption technique like Bitlocker accomplishes.
Remote Wipe is a feature that allows an enterprise administrator to remotely trigger erasure of data on a laptop computer – usually, one they suspect of having been stolen.
What is Remote Wipe?
Remote Wipe is a feature that allows an enterprise administrator to remotely trigger erasure of data on a laptop computer – usually, one they suspect of having been stolen. It is a DLP (Data Leak Prevention) method to prevent or minimize a breach of a computer that may have ended up in the wrong hands.
The “wiping” or data erasure requires a local program on the system. And most laptop backup solutions require a backup agent resident on the system. And so, over the years, Remote Wipe became something that backup companies appropriated as a feature and marketed to customers.
The mechanism is simple. In the backup administration console, an administrator identifies the laptop they suspect as having been stolen and mark it for “remote wipe”. The next time, the stolen system is online, and the backup agent software on the machine connects to the backup server, it is informed to immediately “wipe” or erase itself. The backup agent resident on the system then does the needful.
It’s a neat method in theory – but has a number of pitfalls that make is far less effective in practice.
One important consideration is the time between when the theft occurs and the time the administrator decides to mark the device for “remote wipe”. This lag could be hours, days or in some unfortunate cases – several weeks. An adversary intent on stealing corporate data usually has plenty of time to execute on their sinister plan by the time the user reports the laptop stolen and an administrator marks it for wiping.
One important consideration is the time between when the theft occurs and the time the administrator decides to mark the device for “remote wipe”.
Most thieves are also smart
Remote wipe must be executed by the backup agent resident on the stolen system. For it to do that, it needs to connect to the backup server at least once after the administrator marks the system for “wiping”. A smart adversary who knows this (and by now most of them understand how this works), will simply not bring the device online. This is possibly the most common reason Remote Wiping doesn’t work in practice.
In order to get around this, backup solutions have come up with an alternative approach. As an administrator, you can enable an “automatic wipe” on devices which don’t connect to the backup server in a certain number of days – take your pick – 5 days, 1 week, 15 days etc. So, no need to designate a system for wiping – it will auto-wipe after a certain number of days of playing truant.
Wise? Not even close.
Consider the situation where an employee is on holiday. Or in the hospital. Or say they are working on a project which requires them to use a different device for a month or so. This method would simply auto-delete the data on their primary device!
If you pick too small a time interval, you risk losing employee data. Pick too large a time interval, and you’re giving the adversary more time to steal and copy data off the device.
Well, could such users who are not using their laptop temporarily inform the administrator ahead of time and have their laptop taken out of the auto-deletion policy? Sure, I guess so. But how likely is that to happen? Anytime IT administrators let employees make their own decisions on data protection, the success rate is < 25%.
Is the data really wiped?
There are also questions about the efficacy of such remote wiping. Unless the backup agent has the capability of doing a forensic wipe of the data – which takes time, a technically savvy adversary could retrieve the data even after a wipe operation. This depends on several factors such as the level of sophistication of the wiping technology, the type of disk (HDD vs SSD) etc. But, it is possible that a an adversary equipped with the right tools has a reasonable chance of accessing data off an older model HDD or an SSD – even after a remote wipe operation.
Full Volume Encryption
Full Volume Encryption (or Full Disk Encryption) provides much of the same benefits from a Data Leak Prevention standpoint, but with more predictability and much less room for error than a Remote Wipe.
The idea is simple. Encrypt all data on the laptop’s disk drives using a key – which can be used to unlock it only when the authorized laptop user logs in. So, if the wrong user gets access to the corporate device, they simply will have a brick in their possession. All corporate data is encrypted and is beyond their reach.
Does this slow down the laptop when the user is working on it? Not at all. Most FDE solutions do a one-time sweep to encrypt all existing data on the drive and after that, they encrypt incremental data changes on the fly. Most users don’t even know or remember that they’re running an FDE solution on their laptop. In most cases, they can even continue to work on their laptop while the initial encryption sweep is taking place.
The advantages with this method are multi-fold.
- No special action is required to mark a device stolen in order to activate protection.
- The stolen laptop doesn’t have to be online in order to activate protection.
- And the protection is complete.
Most FDE software will give you the choice of encryption algorithms to use – and by using something industrial strength such as AES-256 an IT Administrator can render even the most determined attacker, completely helpless.
FDE solutions have been around for a long time. But what makes choosing that approach even more of a no-brainer now is that Microsoft is effectively giving the feature away as part of their Windows OS. Bitlocker is now a built-in feature in all versions of Windows if you’re running a Pro, Enterprise or Education version.
A concern some businesses have with FDE solutions is what if they face a situation where the encryption software malfunctions and they’re unable to recover the data? Or what if the user forgets the password to decrypt?
If you have Macbooks, Apple has FileVault which essentially performs the same function as Bitlocker does on Windows.
A concern some businesses have with FDE solutions is what if they face a situation where the encryption software malfunctions and they’re unable to recover the data? Or what if the user forgets the password to decrypt? While these cases are rare, they are worth considering – but that’s exactly why you run backup software! If you have a safe and reliable backup, you can simply recover your data by restoring it.
So, if you are evaluating endpoint backup solutions – ask the right questions for sure, but don’t bother yourself asking about legacy features existing backup vendors continue to list on their datasheets.
At Parablu we specialize in building data management solutions like Backup. We offer solutions that are hosted as well as on-premise – so we know these pros and cons really well. Our unique solutions can also integrate with existing subscriptions you have like Microsoft 365 or Google G-Suite and save you a ton in terms of the storage costs associated with Backup.
Write to us at firstname.lastname@example.org to learn more.