SecureWipe is the Best Choice for Endpoint Erasure

The simplest method to reset (notice we do not use the word “erase”) an endpoint is to use the native “Windows Reset” mechanism. This can be done remotely for convenience using an RMM or some other tool like Microsoft Intune. However, this is a reset method and NOT an erase method because it leaves large amounts of data behind even if you ask it not to. This is an OS level erase, and thus doesn’t have access to hidden sectors or other parts of the hard drive. Data can be recovered using simple forensic techniques, so this method is not acceptable for media sanitization compliance such as with NIST SP 800-88. In fact, NIST defines three different categories of media sanitization called “clear”, “purge” and “destroy.” Windows Reset is the most basic and thus falls in the “clear” category.

On the opposite extreme from Windows Reset is physical destruction of an endpoint or hard drive and this appropriately falls under the NIST “destroy” category. While this method is very effective, it comes with many downsides including cost, complexity and the fact that the device is no longer usable.

SecureWipe falls in the middle “purge” NIST category and is the best and most balanced choice as shown in the table below. It incorporates all the benefits of Windows Reset and avoids all the downsides of physical destruction. SecureWipe even supports a critical use case, stolen endpoint, that neither Windows Reset nor physical destruction comes close to solving.