Rippling

Overview

Rippling supports immediate and automated remote device wipe when an employee is terminated by directly integrating its Human Resource Information System (HRIS) with its native Mobile Device Management (MDM) solution. This capability is a function of Rippling's 'Unity Platform,' where the employee record serves as the single source of truth that drives actions across different modules. When an administrator changes an employee's status to 'Terminated' in the HRIS, this event can instantly trigger a pre-configured IT offboarding workflow. This workflow can execute a device wipe immediately or be scheduled for a specific time, such as the end of the employee's last day. This tight integration between HR data and IT action eliminates security gaps and the need for manual communication between departments.

Key Features

Administrators have granular control over the actions taken on a device during offboarding. Rippling provides several options that can be selected in the offboarding workflow. A 'Full Wipe' is a complete factory reset that erases all data, files, and the operating system, returning the device to its original state. This is the most secure option for ensuring all company data is eradicated. A 'Soft Wipe' removes user accounts and their associated data but leaves the Rippling administrator account intact, which can simplify the process of re-provisioning the device for another employee. Other options include 'Lock User Accounts,' which disables local user logins, and 'Lock Device,' a hardware-level lock currently available for macOS devices that renders the device unusable without a PIN. This flexibility allows companies to choose the appropriate level of security based on the situation.

Technical Specifications

Rippling's MDM supports a range of operating systems, including macOS, Windows, iOS, and iPadOS. For macOS and Windows, management is handled via a lightweight Rippling Agent. For Apple devices, Rippling integrates with Apple Business Manager (ABM) and its Device Enrollment Program (DEP) to enable automated, supervised enrollment. This level of supervision grants the organization a higher degree of control, which is necessary for executing commands like a full device wipe. Similarly, for Windows devices, Rippling supports Windows Autopilot for automated setup and pre-configuration. Enrollment in the MDM is a prerequisite for any remote management actions to be possible.

How It Works

A critical feature of Rippling's remote wipe capability is its handling of offline devices. If a wipe command is issued to a device that is not connected to the internet, the command is not lost. Instead, it is held in a queue. The command will execute automatically as soon as the device reconnects to a network. This ensures that the security action is eventually carried out, even if the employee takes the device offline at the time of termination.

Use Cases

A concrete use case for this functionality involves a remote employee's departure. The HR administrator processes the termination in the Rippling HRIS. This single action triggers an automated workflow that can: 1) immediately initiate a 'Full Wipe' command on the employee's company-issued laptop and phone; 2) revoke access to all company applications like Slack and Salesforce; 3) suspend their corporate credit card; and 4) automatically send a prepaid shipping label and box to the employee's home address (retrieved from the HRIS) to facilitate the return of the hardware.

Limitations and Requirements

There are some limitations and considerations. The specific capabilities can vary depending on the device's operating system and its enrollment status. For example, the most robust management features for Apple devices require them to be in 'Supervised Mode,' which is typically enabled through ABM. For Bring Your Own Device (BYOD) scenarios, the approach is different. While a full wipe is appropriate for company-owned devices, a 'selective wipe' that only removes company data and applications would be necessary for personal devices to protect the employee's personal data. The 'Soft Wipe' option could potentially serve this purpose, but policies and consent must be clearly established. The provided research does not offer extensive detail on the specific mechanisms for selective wipes on BYOD devices or the full technical logistics of the Windows Autopilot integration.

Comparison to Alternatives

Summary

In conclusion, Rippling provides a robust and highly automated solution for immediate remote device wiping upon employee termination. Its unified HRIS and MDM platform allows employment status changes to directly trigger critical IT security actions, including for devices that are temporarily offline. This streamlines the offboarding process, secures company data, and simplifies asset recovery. The effectiveness of the feature is contingent on proper device enrollment and configuration of the offboarding workflows.