Is storing a device locked by MDM the same as storing a computer with a NIST 800-88 deletion?

Understand the differences and what is the safest option for your company

When a company manages teams in different countries, especially within a remote and distributed work model, a key question arises:
How safe is it to store a computer that is still locked by MDM compared to a completely erased computer under the NIST 800-88 standard?

While both methods offer security, they are not equivalent. Understanding the difference is essential for making the right compliance, data protection and technological risk decisions.

1. What is a computer locked by MDM?

A device locked by MDM (Mobile Device Management) remains associated with the organization through platforms such as Apple Business Manager or Android or Windows business solutions. This involves:

• The equipment cannot be activated by a third party.
  
  
• If someone restores it, they request corporate credentials again.
  
  
• The company maintains full ownership control over that device.
  
  
• Unauthorized use is prevented even if the device changes hands.
  
  

It's a very secure mechanism from the point of view of access and ownership, but it has a key limitation:
the computer keeps all the information it had before it was stored.

While that information is protected by the MDM lock, it's still technically recoverable with forensic tools. And since the device was not formatted, the company cannot ensure that there are no vulnerabilities that, in advanced scenarios, could be exploited if someone gained physical access to the hardware.

‍

2. What is a NIST 800-88 secure deletion?

The NIST 800-88 standard is the most used international reference for sanitizing devices before storage, reuse or disposal.
Its methods (Clear, Purge or Destroy) ensure that:

• Computer data cannot be recovered, even with forensic techniques.
  
  
• The device is completely clean of sensitive information.
  
  
• Good security practices required by IT, Security and Compliance areas are complied with.
  
  

It's the most robust approach when the primary objective is to protect data and eliminate the possibility of information leakage.

3. MDM Lock vs NIST 800-88: Key Differences

4. What's the safest option?

It depends on the objective:

• If the priority is that no one can use the equipment, the MDM lock is sufficient.
  
  
• If the priority is to ensure that there is no recoverable data, erasing NIST 800-88 is mandatory.
  
  

However, for many organizations, there is a third alternative that combines both layers of protection.

‍

5. The safest combination: locked and turned off equipment

A device locked by MDM, stored properly and completely turned off is extremely secure.
As long as it has no power or connectivity, there is no possible attack surface to breach it. And, even if the data is technically recoverable, access to them would only be feasible using advanced techniques and with the equipment physically turned on or manipulated.

Therefore, for customers who want to keep the device linked to their MDM, the following is clarified:

It's safe to store a locked computer as long as it's turned off.
What cannot be guaranteed is the deletion of data, because the device was not formatted.

Conclusion

• MDM protects access, but doesn't delete data.
  
  
• NIST 800-88 deletes data, but doesn't block ownership.
  
  
• Both methods are safe, but they don't serve the same purpose.
  
  
• The right choice depends on the company's security policy.
  
  

At Bord, we work with both models according to the needs of each customer, ensuring safe storage, traceability and standardized processes throughout the region.

‍