How to Be Sure You Securely Remove Data from Corporate iPads

ipad_and_tablet_data_securityThe widespread adoption of tablet computers into business environments has created exciting new opportunities for mobile productivity. It has also raised new concerns for the safe and secure disposal of these tablets when it is time to upgrade them. The IT asset disposition (ITAD) process for laptops, desktops, and servers is well established, but tablet computers present unique challenges that many companies fail to anticipate.

Unlike most laptop and desktop computers that use magnetic drives, tablets store information in solid state drives (SSDs). This method of memory storage allows tablets like iPads to be small and lightweight while still having significant storage capacity. The technology that enables SSDs to be so useful for mobile devices also presents a problem for data sanitization or destruction.

Even if your company stores the bulk of its sensitive information in a private or public cloud, when you have enterprise-wide tablet use, it is inevitable that important data will be present on at least a portion of the tablets you have in circulation. Industry regulations mandating data security are unconcerned with where data is stored, but they are very concerned with keeping it secure. When you combine the risk of regulatory penalty with the damage that a data breach can do to the financial health of your company and its public reputation, the importance of iPad data destruction becomes clear.

The best way to securely remove data from all of your company’s tablets, regardless of how many tablets you have in use, is to implement a process. In addition to using the right technology, an effective iPad disposal process must include the following steps:

1. Include tablets in your asset management system

Every tablet used for business must be included in the same ITAD process as all other assets. Ensure that when a user is upgrading or no longer needs a tablet that it is turned over and tracked for data sanitization. This step is crucial, because if a single tablet is left out of the data destruction process, it could make you vulnerable to violation in a security-compliance audit, or worse, a data breach.

2. Determine the Sensitivity of Your Data

Just like with other data storage devices and media, the sensitivity of the data stored on your tablets will dictate how they are disposed of. Most organizations want to reuse or resell the tablets, so will want to wipe the drives. However, if your tablets contain or access data that must never be leaked, under any circumstances, the only option is to destroy the device completely, which of course eliminates the potential for resale. Determine the nature of your stored data before you select a method for disposing of it.

3. Organize Your Tablets

Keep your tablets separate from any other IT assets you may be disposing of, and keep a careful log of them.  Small devices can easily be misplaced or removed. This also helps to ensure that none of them are overlooked or in the data sanitization process or damaged in storage or transport. If you are doing the data sanitization internally, it may also necessary to organize the tablets by type if your company makes use of more than one. The process for iPad data destruction is different than Android or Windows 8 data destruction. All three tablet operating systems include firmware tools for returning the device to factory settings, but the steps for accessing and implementing them differ. In order to make the process run as efficiently and reliably as possible, it is smart to keep each type of tablet separated.

4. Document the Data Destruction Process

Create a detailed record of the data destruction process and validated success of the wipe for each one of your tablets. It is important to have this documented trail in order to demonstrate compliance with regulations like HIPPA and PCI should you ever be audited. This systematic and documented approach also helps you to verify that all your tablets have made it through the data destruction process.

A certified ITAD vendor that has specific experience with tablet computers can help you to develop, refine, and implement this data destruction process. If you have never dealt with iPad disposal before, or simply do not have the in-house resources to manage the process, this device-specific expertise is invaluable. If data security is one of your top concerns, we reccomend you check out this free PDF on what you need to worry about to minimize your risk during the IT asset disposition process:

More From Our Blog...