FirmGuard®SecureWipe securely erases endpoint HDD, SSD, and other mass storage devices

Broom wiping zero and ones | FirmGuard SecureWipe

What is SecureWipe?

SecureWipe is a FirmGuard feature that securely erases endpoint HDD, SSD, and other mass storage devices. It is triggered remotely from the FirmGuard Portal and forensically erases all data and partitions independent of the operating system (OS).

FirmGuard SecureWipe function diagram

Benefits of SecureWipe

  • Certificate of Erasure (COE) is provided.
  • Erase command is invoked remotely from a secure portal (no physical access to endpoint required).
  • Wipe is performed at the UEFI firmware level, no dependence on operating system (OS).
  • Multiple erase methods to choose from which support efficacy and/or compliance requirements.
  • No specialized tools or utilities required.
  • Selectively wipe specific drive(s) or individual partitions on a drive.

Supported Erase Methods

Certificate of Erasure

After each wipe, a Certificate of Erasure (COE) is produced and stored in the portal to document the details of the wipe. A COE can be crucial for compliance with data protection regulations like GDPR, HIPAA, or CMMC, as it serves as proof that sensitive data has been handled appropriately and securely destroyed. The COE contains relevant information such as which specific endpoint and drive was erased, the erase method used, the administrator that performed the wipe and more.

Comparison Chart

Windows Reset SecureWipe Physical Destruction
NIST 800-88 Definition Clear FirmGuard_SecureWipe-Navy Purge Destroy
No Data Recoverable
Wipe Stolen Endpoint
Execute Wipe Remotely
Certificate of Erasure/Destruction Provided
Low Cost
Can Reuse Endpoint
Endpoint Never Leaves Client Office

Use Cases

SecureWipe can be used for a variety of different scenarios or use cases.

  • Compromised endpoint – If an endpoint has been lost or stolen, a FirmGuard adminstrator can immediately issue a wipe request and the next time the endpoint is detected the designated drive(s) will be securely erased.
  • Recycle an endpoint – Before ownership of an endpoint is transferred, a FirmGuard administrator can easily and securely erase all previous data to ensure no information is compromised.
  • Endpoint disposal – Before an endpoint is retired, a FirmGuard adminstrator can easily and securely erase all previous data to ensure that no information is compromised.

How Else Can an Endpoint be Wiped?

There are various other ways to erase the contents of an endpoint’s hard drive, but almost all of them require physical access to the endpoint. In addition, many of them are cumbersome and require some level of technical sophistication.

OS File Delete – This is the worst because just deleting a file doesn’t permanently erase it. The OS only removes a pointer to each file, leaving all the bits in place. The files are almost trivial to recover with software.

Software Utility – There are many programs (e.g., Parted Magic) to wipe a drive. They all however require physical access to the endpoint and often need technical expertise to, for example, setup a special boot disk.

UEFI BIOS Secure Wipe – This is a secure way because it doesn’t rely on the OS and many OEMs provide a mechanism to enable this from a setup screen. In some sense, this is exactly what SecureWipe does but with one major difference: no one has to be at the endpoint to execute the secure wipe.

SecureWipe helps maintain ISO and NIST compliance​

SecureWipe helps FirmGuard customers, and their clients comply with a variety of industry standards. The list below provides a detailed breakdown of compliance with specific standards including individual clauses within the standard.

ISO 27001 Clause 8.2.3
(Management of Removable Media)

SecureWipe aids in managing and sanitizing removable media, reducing risks associated with data breaches.

ISO 27001 Clause 8.3.2
(Disposal of Media)

NIST SP 800-53 MP-6
(Media Sanitization)

SecureWipe ensures that all media is securely wiped to prevent data leakage upon disposal.

ISO 27001 Clause 15.1.2
(Dealing with Security Breaches)

SecureWipe is an essential tool for securely dealing with breaches involving data on discarded media.

ISO 27001 Clause 16.1.4
(Assessment of Information Security Incidents)

SecureWipe can be leveraged with mobile device management to remotely wipe systems that may have been stolen or compromised.

ISO 27001 Clause 18.1.3
(Protection of Records)

SecureWipe facilitates the secure deletion of records, complying with data protection regulations.

NIST SP 800-53 PE-16
(Delivery and Removal)

SecureWipe ensures secure removal of data from devices before delivery or disposal, aligning with NIST’s physical security controls.

NIST SP 800-88
(Guidelines for Media Sanitization)

SecureWipe adheres to NIST guidelines for secure media sanitization by offering dozens of military grade forensic wiping algorithms.

NIST Cybersecurity Framework DE.AE-3
(Event Detection)

Ensure that data destruction events are properly detected and logged with SecureWipe.

NIST Cybersecurity Framework PR.IP-6
(Data Destruction)

SecureWipe exceeds NIST’s recommendations for functionality that irreversibly destroys data.

Try it for Yourself

Schedule a demo and learn how FirmGuard can help you remotely secure, configure & update your clients’ BIOS, increase technician efficiency and boost MRR.

FirmGuard dashboard

Schedule a Demo

Schedule a time to see FirmGuard in action, and our friendly team will guide you through FirmGuard’s features and benefits.

WHO WE SERVE

THE FIRMGUARD PLATFORM