In a recent national survey, nearly all IT managers said that IT asset disposition (ITAD) – the proper disposal of end of life IT equipment – has become a strategic issue for senior management. Unfortunately, the survey also revealed there is little consistency as to how that responsibility is handled.
The importance of implementing a disciplined ITAD process to mitigate risk is the underlying message gleaned from this market survey.
Midsize to large companies are primarily concerned about the data security risks of e-waste, even though they are generally dedicated to being “green.” Clearly, the consequences of data theft are frightening: New data from the Ponemon Institute reports that the average security breach costs nearly $7 million per episode.
The “green” theme makes the headlines, but security concerns keep IT managers up at night. It didn’t take long for the old, previously benign, issue of phasing out obsolete computers to escalate to a major strategic concern. The volume of outbound technology containing sensitive, private information rises exponentially with each new upgrade cycle.
Millions of electronic devices are disposed of by U.S. businesses. Where do they go?
According to over half of the survey respondents, their phased-out IT equipment is recycled. But good intentions may not always be matched by good business processes. For instance, a number of dramatic media documentaries have recently shown that large quantities of U.S. e-waste is shipped to toxic dumping grounds in places like China, India and Africa.
In a surprising revelation, 15 percent of IT managers in the survey said their companies still throw used IT assets into a dumpster. This could very well be an invitation to environmental fines and catastrophic exposure of data that businesses have a legal obligation to protect.
A regimented ITAD process establishes consistency throughout each equipment disposal cycle. Applying appropriate preparation and handling to a repeatable, auditable process ensures that organizations are more fully protected from data security and environmental issues, thus reducing risk factors.
However, a strategic disposal process involves capabilities that are often beyond those of a typical organization. In almost all cases, enterprise organizations don’t have the resources to properly sanitize and audit assets, nor do they have the sales channels to remarket still-usable assets and base materials for recycling.
It’s not difficult to retrieve data from a discarded hard drive, even one you think you have erased. Many companies believe their liability ends when equipment leaves their building. In fact, it may not. Organizational liability may remain until the asset has been certified, by professionals, to be rendered inert environmentally and wiped “clean” of data.
Alternately, a company may task its OEM with disposing of its retired IT assets. While it’s a step up from managing the complex process yourself, this tactic brings its own set of challenges. OEMs may not always have the ability to remarket a wide range of technology products to maximize residual value; and, because ITAD is not their core business, they may not provide leading-edge, best-practice solutions, or the appropriate liability protection that enterprise organizations require.
Michael Osterman, chief researcher for the Converge study and a veteran IT analyst, correlates the rise of IT asset disposition with systems integration, customer relationship management and other technology trends that started as in-house IT tasks and quickly became strategic issues impacting the entire business.
“This isn’t just about recycling,” he says. “It’s about the very complex and risky business of managing the tail end of the technology life cycle. That requires not only incredible logistical coordination but also the ability to ensure the chain of custody as machines are de-manufactured for reusable parts, turning one asset into potentially dozens, each bearing liability back to the original owner.”
Michael recommends outsourcing ITAD to a large, specialized provider. “I don’t know of a single enterprise that has the systems, manpower or know-how to expend managing tons of their own e-waste every year. And calling the local recycler is not going to cut it for a larger organization, especially if you are a business with multiple locations.”
At the end of the day, the biggest concern of IT managers lies with the security of their organization’s data. A disciplined, documented ITAD process, executed by ITAD professionals, is the only way to ensure that your organization is protected.