Remote Device Sanitization in a Work-from-Home, Distributed Era
Traditional, onsite methods for securely erasing data fall short in light of today’s increasingly distributed workforce and multi-data center infrastructures. The work-from-home reality means that enterprise IT doesn’t have physical access to most employee laptops and desktops, a trend that won’t change anytime soon. Likewise, having IT staff travel to different locations to sanitize data off of servers in a multi-location decommissioning project is highly inefficient.
Shipping such company assets with data on board to a centralized location for erasure is risky. If a device is lost or intercepted on the way, company data or personally identifiable information (PII) could be compromised. Organizations could also be exposed to financial risk in the form of fines and penalties for regulatory noncompliance, as well as financial liability and reputational damage in the case of a breach.
Instead, enterprises must be able to efficiently sanitize assets in place over the network, wherever they are located, to protect data from exposure.
Whether it’s one laptop or thousands of servers, Blancco equips organizations with the ability to sanitize IT assets on-prem or at-home from a remote connection, meeting the increased need for data protection within fast-paced, global operations. This capability provides enterprises with greater data security, broad support for international erasure standards, global compliance certifications and a tamper-proof audit trail.
Remote erasure of IT assets plays a role at multiple points in the device lifecycle, including:
- Repurposing equipment, such as the laptop of an employee leaving the company or an application server being prepared for a new use
- Device end-of-life, whether as a result of data migrations, normal upgrade and refresh cycles, or component failure—anytime devices must be prepared for disposal, resale or donation
- Break-fix and repair, when an IT asset must be returned to the original manufacturer for repair or replacement
- Active data lifecycle management, to ensure that when devices are in active use, data that is no longer needed is removed at regular intervals to minimize risk of data leakage, breach, or other exposure (for more on active file erasure, see our post, “Managing the Data Lifecycle of Your Organization’s Assets.”)
Verified Sanitization Provides Enterprises with Security and Compliance Assurance
Software-based data erasure securely overwrites data from any data storage device via optimized erasure algorithms. These algorithms use different patterns for the overwrite, then verify that the erasure has occurred, thus preventing overwritten data from being accessed. While other commonly used data destruction methods (such as reformatting, data wiping and data deletion) prevent data access to varying degrees, data erasure does two things in combination that these methods do not:
- Data erasure ensures that the data itself is rendered irretrievable, not just the pointers to the data.
- Data erasure verifies that the desired results were achieved.
Because enterprises typically use a wide range of drive and device technologies, it’s important to know that the right methods are applied to the right equipment for proper results, including when data storage assets are miles away from technicians. Secure remote erasure will verify the overwriting methodology has been successful and that data has been removed across the entire device according to the erasure standard chosen.
For endpoint devices in particular, secure erasures are easily executed by non-technical staff, then subject to verification to ensure true data sanitization.
Secure Remote Erasure Covers IT Assets Across the Enterprise
Whether it’s one laptop or thousands of servers, Blancco equips organizations with the ability to sanitize IT assets on-prem or at-home from a remote connection, meeting the increased need for data protection within fast-paced, global operations.
Deploying Blancco remotely can be adapted to your specific enterprise requirements. Across servers, desktops and laptops, multiple options exist for deploying, controlling and automating the erasure software.
Management tools built into enterprise servers—such as the Cisco Integrated Management Controller, HP Integrated Lights Out (iLO), IBM Integrated Management Module and Integrated Dell Remote Access Controller (iDRAC)—enable Blancco software to be installed directly on the target server for secure, remote, in-rack erasure over the network to support different relevant use cases:
- Blancco Drive Eraser sanitizes drives.
- Blancco Virtual Machine Eraser provides secure erasure for virtual machines and hypervisors.
- Blancco LUN Eraser sanitizes Logical Unit Numbers (LUNs) through data erasure.
- Blancco File Eraser destroys data at the file level.
These usages deliver benefits across the enterprise, including cyber security and compliance with data protection regulations such as GDPR. The process is highly scalable, and Blancco customers have used it to erase thousands of servers simultaneously.
Laptop and Desktop Machines
Blancco secure remote erasure on client computers lets IT teams draw on familiar enterprise approaches and use common network tools to erase data from employee devices—no matter where the employee device is located. The typical process is as follows:
- Package the erasure software in an executable file using the Blancco PreInstall utility, for installation on the remote laptop or desktop computer.
- Push the file to the target machine over the network using Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager, or SCCM), Active Directory or a remote desktop session.
- Manage the erasure process remotely using Blancco Management Console (BMC), Blancco Intelligent Business Routing (IBR), Endpoint Configuration Manager, Microsoft Intune, ServiceNow or programmatically using API integrations.
- For laptops and desktops based on Intel vPro technology, a Blancco Drive Eraser ISO file can be deployed using Intel Manageability Commander, which supports both in-band and out-of-band use and integrates with Microsoft Endpoint Configuration Manager.
Remote Device Erasure Protects Data and Increases Data Security
Across use cases, Blancco remote erasure securely eliminates data from laptops, desktops and servers without requiring a technician to be present at every device location.
Instead, with flexible deployment methods, erasures can be carried out by endpoint device users or from a centralized location. This means devices can be sanitized before leaving corporate custody, protecting the business by dramatically reducing the chance of inadvertently disclosing sensitive information.
And, as with all Blancco data sanitization solutions, remote erasure of IT assets result in a tamper-proof, digitally signed certificate of erasure, supplying an unbroken chain of custody and the confidence that devices are immune from unauthorized data access.