Understand the differences and what is the safest option for your company
When a company manages teams in different countries, especially within a remote and distributed work model, a key question arises:
How safe is it to store a computer that is still locked by MDM compared to a completely erased computer under the NIST 800-88 standard?
While both methods offer security, they are not equivalent. Understanding the difference is essential for making the right compliance, data protection and technological risk decisions.
1. What is a computer locked by MDM?
A device locked by MDM (Mobile Device Management) remains associated with the organization through platforms such as Apple Business Manager or Android or Windows business solutions. This involves:
- The equipment cannot be activated by a third party.
- If someone restores it, they request corporate credentials again.
- The company maintains full ownership control over that device.
- Unauthorized use is prevented even if the device changes hands.
It's a very secure mechanism from the point of view of access and ownership, but it has a key limitation:
the computer keeps all the information it had before it was stored.
While that information is protected by the MDM lock, it's still technically recoverable with forensic tools. And since the device was not formatted, the company cannot ensure that there are no vulnerabilities that, in advanced scenarios, could be exploited if someone gained physical access to the hardware.
2. What is a NIST 800-88 secure deletion?
The NIST 800-88 standard is the most used international reference for sanitizing devices before storage, reuse or disposal.
Its methods (Clear, Purge or Destroy) ensure that:
- Computer data cannot be recovered, even with forensic techniques.
- The device is completely clean of sensitive information.
- Good security practices required by IT, Security and Compliance areas are complied with.
It's the most robust approach when the primary objective is to protect data and eliminate the possibility of information leakage.
¿Nuevo en el tema?
Si recién estás montando un proceso de gestión de activos IT, empezar por el DSN es lo que más fricción te ahorra a futuro. Más que una buena práctica, es la fuente de verdad a la que van a apuntar todos los demás procesos.
Understand the differences and what is the safest option for your company
When a company manages teams in different countries, especially within a remote and distributed work model, a key question arises:
How safe is it to store a computer that is still locked by MDM compared to a completely erased computer under the NIST 800-88 standard?
While both methods offer security, they are not equivalent. Understanding the difference is essential for making the right compliance, data protection and technological risk decisions.
1. What is a computer locked by MDM?
A device locked by MDM (Mobile Device Management) remains associated with the organization through platforms such as Apple Business Manager or Android or Windows business solutions. This involves:
- The equipment cannot be activated by a third party.
- If someone restores it, they request corporate credentials again.
- The company maintains full ownership control over that device.
- Unauthorized use is prevented even if the device changes hands.
It's a very secure mechanism from the point of view of access and ownership, but it has a key limitation:
the computer keeps all the information it had before it was stored.
While that information is protected by the MDM lock, it's still technically recoverable with forensic tools. And since the device was not formatted, the company cannot ensure that there are no vulnerabilities that, in advanced scenarios, could be exploited if someone gained physical access to the hardware.
2. What is a NIST 800-88 secure deletion?
The NIST 800-88 standard is the most used international reference for sanitizing devices before storage, reuse or disposal.
Its methods (Clear, Purge or Destroy) ensure that:
- Computer data cannot be recovered, even with forensic techniques.
- The device is completely clean of sensitive information.
- Good security practices required by IT, Security and Compliance areas are complied with.
It's the most robust approach when the primary objective is to protect data and eliminate the possibility of information leakage.
