Are we relying too much on full device wipes?Solved

Ah, the old reactive remote wipe method. We’ve all been there. 

Here is the harsh reality: if a coordinated bad actor steals a corporate laptop or phone, the very first thing they do is pop out the SIM card and kill the Wi-Fi. If your entire neutralization strategy requires a live network ping, you’ve already lost the data. 

In the enterprise world, you have to assume the device will never check in with your MDM again. You need to move away from reactive wiping and start using proactive neutralization. 

• Offline Compliance Actions: Set your policies so that if a device hasn’t checked in with the server in a specific number of hours, it automatically locks down or cryptographically shreds the corporate container. No internet required. 
• Containerization: Stop trying to manage the whole device on BYOD. Sandbox your corporate apps. If the device goes rogue, the encryption keys to that specific sandbox are revoked locally.

Relying solely on a full wipe is a flawed approach. Real security happens before the device is even stolen. 

I completely agree with @annemie, but I want to add a massive warning label from the legal and compliance side of the house! 

@emersyn, since you mentioned you have a messy mix of BYOD in your fleet, please be incredibly careful with full-device remote wipes. If you wipe a personal phone and accidentally delete three years of a user’s family photos or personal crypto-wallets because they lost their device at a coffee shop… you are opening your company up to a massive liability nightmare. 

A true data neutralization strategy respects user privacy while protecting corporate assets. As Dave mentioned, containerization (like Android Work Profile or Apple’s User Enrollment) is your best friend here. When you trigger a wipe, it should only execute a Selective Wipe. This destroys the cryptographic keys tied to the corporate partition. The company data turns into unreadable gibberish instantly, but the user’s personal data remains completely untouched. 

Read up on cryptographic shredding. It’s much faster and cleaner than a traditional binary overwrite wipe, and it perfectly aligns with the incident response frameworks mentioned in your link.