undefined | Better HN

0 pointsnness2y ago0 comments

They're likely speaking of their liability should a employee's laptop, containing sensitive information, ever be stolen or re-sold (or simply, left in the hands of an ex-employee with a grudge.)

It would be difficult for a IT department to guarantee, for sure without replacing the internals of the device, that the device doesn't contain sensitive information. Probably easier from an inventory and IT security perspective to just capture every device than try and coordinate with individuals to reformat, etc.

(for the same reason, some companies outright destroy old devices instead of reselling.)

0 comments

dangus2y ago

I think it's actually a really easy guarantee on modern laptops from a technical standpoint, but that doesn't matter if there's a compliance requirement or contract they signed with major customers.

ghaff2y ago

There are a lot of customer requirements around mobile device management and the like that arguably don't make a lot of difference for any employee wanting to work around them. But they're there so companies need to follow them.

Karunamon2y ago

I know that Macs can give that level of assurance. One click from the MDM can brick the machine out to the point where it cannot even be booted from external media without a code, and another trashes the encryption keys and does a factory reset.

qbasic_forever2y ago

That's bizarre or just shoddy IT. Every major platform has remote wipe and self destruct capabilities, control over full disk encryption, etc. I guess they let people bring their own devices and just not follow solid IT practices?

flakeoil2y ago

Well, to properly erase (multiple overwrites and erase) I suppose IT would need to get the computer back for a while so it can fully complete without the employee removing the IT tool which can handle this removal.

Secondly, would you want to have a computer which your previous employer can wipe your disk at any time?

So all in all probably a good thing for both parties.

qbasic_forever2y ago

If it's full disk encrypted then wiping and rewiping doesn't matter as much. As soon as the keys are trashed the data might as well be all zeros. Remote wipe is the whole point, it's not a goodbye gift to the employee... it's protecting company secrets. Wipe it and tell people to trash the machine as e-waste or send it back, it doesn't matter anymore.

hbn2y ago

They can't remote wipe it if you don't connect to the internet.

qbasic_forever2y ago

Which is why you have short lived (less than a week) certs that have to be renewed only by access to the corporate network before you can even power on and unlock the machine's drive encryption.

j / k navigate · click thread line to collapse

0 pointsnness2y ago0 comments

They're likely speaking of their liability should a employee's laptop, containing sensitive information, ever be stolen or re-sold (or simply, left in the hands of an ex-employee with a grudge.)

(for the same reason, some companies outright destroy old devices instead of reselling.)

0 comments

dangus2y ago

I think it's actually a really easy guarantee on modern laptops from a technical standpoint, but that doesn't matter if there's a compliance requirement or contract they signed with major customers.

ghaff2y ago

Karunamon2y ago

qbasic_forever2y ago

flakeoil2y ago

Secondly, would you want to have a computer which your previous employer can wipe your disk at any time?

So all in all probably a good thing for both parties.

qbasic_forever2y ago

hbn2y ago

They can't remote wipe it if you don't connect to the internet.

qbasic_forever2y ago

Which is why you have short lived (less than a week) certs that have to be renewed only by access to the corporate network before you can even power on and unlock the machine's drive encryption.

j / k navigate · click thread line to collapse