Security "Bits"

Incinerating Smartphones with Sensitive Data

By Rich Campagna | June 13, 2014 at 9:00 AM

melting-byod-devicesWhat happens when remote wipe isn't quite enough to satisfy the ultra-security paranoid amongst us? Incineration, of course, and it's the latest craze sweeping the BYOD world. Well, maybe not quite "sweeping," but it's definitely happening.

I was at a conference last week and met with a CISO that previously worked for defense contractor, [REDACTED]. This person explained that when his prior employer rolled out their first BYOD program, their policy was that no classified data could be downloaded to personal mobile devices.

Obviously, email can contain classified data, and all employees were to send such data via classified email, rather than the normal corporate email system. Naturally, barely a week went by before somebody inadvertently sent classified email via the normal email system. There were several dozen people on the email distribution, many of whom had already signed on for the BYOD program and were happily toting around shiny new iPhones. Through no fault of their own, these people now had classified data on these devices, and that data had to be disposed of immediately.

For most organizations, this might be as simple as deleting the email, or at worst, executing a remote wipe of the device. Not so for devices containing classified U.S. Government data. These poor users had their devices physically taken from them (by FBI Agents for one person who resisted IT demands) and sent off for incineration.

The devices were boxed up in a steel container, locked with 6 padlocks, and placed onto a Government truck, where they were escorted to a secure incineration facility in [REDACTED]. The entire box was then removed from the truck and placed in a vat of molten metal, where they were melted down like the T-1000 in Terminator 2. I'm sure this was all done at very little cost to us taxpayers.

Crazy! Can you imagine the look on your face if someone in IT demanded that they take your phone and melt it because you happened to receive an email containing sensitive data?

I prefer to stick with Bitglass' clientless selective wipe and DLP features - all of the data security, none of the molten metal.




see all