Data security is a critical concern, yet many companies don’t have a thorough policy to properly destroy data at the end o the IT asset lifecycle, which is a growing problem. According to Ponemon Institute, a firm that conducts independent research on privacy, data protection and information security policies, last year the average total cost of a data breach was $3.42 million – or in other terms, an average of $141 per lost or stolen record. However, the largest financial impact comes from the cost of cleaning up after a data breach and the loss of customer confidence that results in reduced revenue.
IDC, the premier global market intelligence firm, forecasts that the global datasphere will grow tenfold to 163 zettabytes (or a trillion gigabytes) by 2025. Our use of storage is growing exponentially, and with it, so are the risks and potential financial losses.
While data security is always among the highest priorities for any company, what happens to technology assets at the end of its life is rarely at the top of the list. Often customers’ specifications for large-scale refresh projects contain literally hundreds of pages or requirements around new equipment and then, at the very end, a single statement saying, “All legacy equipment being replaced must be disposed of in a secure and environmentally friendly manner.”
Meanwhile, at the opposite end of the scale, there are companies that are obsessed with data security and have very strict IT asset disposition (ITAD) policies. They demand services where security level is appropriate for the handling of highly sensitive government data when, in reality, the data could at worst disclose information readily available on the internet.
And just as you assumed, ITAD operations aren’t something that can be decided in a moment. There’s much to consider. Companies have to ask themselves: should data be destroyed at our own site, or is it okay to do it at the ITAD provider’s site? If we are shipping equipment, what level of logistics services will we need? To help make answer these questions, companies should consider the following three questions:
- Do you require asset scanning to enable full asset tracking?
- Do you need to vet logistics staff?
- Should vehicles be dedicated or shared?
And of course, then there’s the question of which data destruction method to use. Various data destruction methods have varying levels of security and cost. Options include:
- A single-pass or multi-pass data wipe, where drives can be reused and provide a residual value return
- Degaussing: no ability to resell the drive and no visual indicator that it has worked, but a cheaper alternative to shredding when performed at customer sites
- Crushing/drilling/pinning: low-cost options that show physical evidence that they have been performed. However, these methods destroy the residual value of the unit and the data is still present on the platters despite their not being able to spin up.
- On-site shredding: the most secure form of data destruction, but is expensive and destroys any residual value. This method will only guarantee security if an appointed person is watching every single step.
It is important to note that every method has a pitfall. Some say that physically destroying hard drives at your own site is always the best option. For very highly sensitive data, this may be true but it is not always the case. One thing that is important to understand is that one size does not fit all when it comes to IT disposal. What suits one company may not necessarily suit another, and there is a good chance that different business units within the same company will have different needs.
The key to getting disposal right is to engage with the right people within your organization and externally. Your security team will always want the most secure option; your procurement team will always want the cheapest option that can generate the maximum residual value returns; your project management/service management team will want the most practical solution to deliver the most seamless end-user experience possible; and your external suppliers will have their own agenda and profit margins to worry about. The hardest part is balancing the different needs.
HOBI International, Inc. is a leading ITAD service provider that goes above and beyond in managing IT assets. As an R2, RIOS, and ISO 14001 certified company, HOBI provides secure and sustainable solutions for enterprises of all sizes. Beyond our ITAD services, HOBI also provides industry leading service in data management, refurbishing and remarketing, reverse logistics, and more. Visit our ITAD webpage to learn more information on how HOBI can take care of all your IT asset needs.