Should You Remove Device Locks When Retiring IT Assets?

Consider the factors and benefits of removing device locks when retiring IT assets, such as financial gains and achieving environmental goals.

In the realm of IT asset management, security is paramount. Activation locks, BIOS passwords, Computrace, and Mobile Device Management (MDM) software are crucial for safeguarding sensitive data and preventing unauthorized access. However, when it comes time to retire assets, these protective measures can complicate the process of unlocking their potential value for resale or reuse.

As an example, enterprises unlocked 16,000 assets with one ITAD firm over the course of two years, resulting in over $584,000 of resale revenue. These efforts contributed not only to the enterprises’ financial gains but also aligned with their environmental and cost-saving goals. In this article, we’ll explore the considerations and benefits of removing device locks when retiring IT assets, drawing insights from industry standards and successful practices.

The Importance of Securing Endpoint Devices While in Use

Before delving into the unlocking process, it’s essential to understand why securing endpoint devices during their operational life is crucial:
Theft Prevention: Device locks deter theft and unauthorized access to valuable corporate data.
Data Access Restriction: Locks restrict access to data stored on endpoints, safeguarding sensitive information.
Protection of Enterprise Services: Endpoint security measures protect access to hosted enterprise services, ensuring data integrity.

Various options are available for securing endpoint devices:
Drive Encryption: The benefit of encryption is that it secures the data while the drive is operating and when it is at rest.
Mobile Device Management (MDM): With more devices going in and out of the office, MDM software enables IT administrators to control, secure, and enforce access to data on mobile devices remotely. Examples of this software include Apple Business Manager, Jamf, and Microsoft Intune/Autopilot.
Endpoint Security: This is a persistent module within the computer hardware that tracks the location of the device when it’s connected to the Internet. Examples of this tool include CompuTrace by Absolute Software and Singularity by SentinelOne.
Password Locks: One example of this security option is an activation lock such as Find My iPhone (Apple ID). A second type of password lock, a BIOS lock or power-on password, prevents a device from being booted up without the correct credentials.
Drive Lock: This lock type requires the user to enter a password to access or erase the data on a hard drive or SSD.
Firmware Lock: Apple products and some other mobile and network devices prevent access to the security settings and boot options using this security feature.

When is the Right Time to Unlock a Device?

Unlocking a device becomes necessary when it’s time to sanitize data or repurpose the device for resale or reuse. Instead of automatically sending the device off for recycling, unlocking offers several benefits:
Value from Resale: Unlocking enables organizations to realize the resale value of assets, contributing to the company’s bottom line.
Subscription Cost Savings: Deactivating locks saves on software subscription costs associated with MDM or other security services. These licenses can be repurposed to new devices in the fleet.
Environmental Sustainability: Reuse is more environmentally friendly in comparison to recycling, which would align with a company’s sustainability goals.
Enhanced Security: Unlocking and electronically sanitizing a device is more secure. A device that is “recycled” may not have proof that the data was destroyed.

Coordinating the Unlocking Process with an ITAD Provider

When retiring IT assets, coordinating with an IT Asset Disposition (ITAD) provider is essential. This involves:
Traceability and Documentation: Recording and tracking assets from the enterprise to ITAD provider.
Transfer of Responsibility: Transferring title and responsibility for the data on devices, and for the devices themselves, to the ITAD provider.
Communication and Integration: Providing detailed asset receipt reports that include device types and serial numbers. Some ITAD providers make this process easier with online tools that integrate with Asset Management Database (AMDB) tools via an API.

Methods for Unlocking Device

Your ITAD partner may offer methods for facilitating the unlocking process.
MDM Locks: Enterprise owners de-enroll devices from MDM after confirming receipt at the ITAD provider’s facility, or the enterprise authorizes the ITAD provider as an agent in the MDM program.
Password Locks: An ITAD provider may offer specialized tools to securely manage and store enterprise passwords, making the unlocking process much more efficient.

In cases where trusting the ITAD provider with this level of security is not an option, alternative measures such as quarantining devices or unlocking them internally may be necessary.

Validating the Unlocking and Sanitization Process

It is highly recommended that companies confirm the ITAD provider’s unlocking and sanitization process through sample testing and periodic audits of their processes. Verify that devices were processed by analyzing Certificates of Data Sanitization and confirming the removal of the MDM or persistence agent from the device after the wiping process. If the provider also is certified to an applicable third-party security certification, that can also help demonstrate it has good management systems in place to properly safeguard your data.

In Summary

While locking devices during use and transit is crucial for security, unlocking them upon retirement offers numerous benefits. By coordinating with ITAD providers and utilizing secure unlocking methods, organizations can generate value from resale, reduce software subscription costs, and contribute to environmental sustainability—all while ensuring data security.

Unlocking value from retired IT assets is not just financially lucrative but also environmentally responsible. Make sure your security policy allows for setting up these processes. It’s a win-win scenario for IT departments, companies’ bottom lines, and sustainability goals alike.