IT Asset and Data Centre Management is an incredibly busy and challenging function, however, overlook your Information Technology Asset Disposition (ITAD) programme at your peril.
It’s perhaps forgivable that amongst managing a plethora of key responsibilities, retiring aged IT assets isn’t necessarily front of mind for IT professionals; after all when established correctly, nor should it be.
We’ve pulled together some considerations on how to prevent the ITAD process from being a cause of a data breach similar to the one you may have seen in the news recently, without detracting resources from your core business function.
Any number of high-profile data breaches have hit the headlines in recent times, but more recent coverage has pointed the cause of a breach directly at an ITAD supplier. It has been reported that hardware that contained data was sent to the ITAD supplier who was then entrusted to wipe that data. Simply put... that did not happen, the assets were then sold, which is what fundamentally led to the data breach.
It’s a stark reminder on the potential pitfalls of managing sensitive information held in IT assets, particularly as we are now generating more data - across more devices than ever before. It is thought that we currently generate around 2.5 quintillion bytes of data each day1 (in case you were wondering, that’s 2,500,000,000,000,000,000); and this is only set to increase.
The spiraling cost of a data breach
The IBM Security Cost Of A Data Breach Report 2020, put the Global average total cost of a data breach at $3.86M, with the highest average cost in the US at $8.64M2. While these are costs significant financially, they pale in comparison to the other negative outcomes in a data breach.
Not all PR, is good PR (sorry...)
Trust is a simple word; it sometimes takes years to earn and can be lost overnight. It means brand loyalty. It means sometimes being willing to pay a premium. Supporting the importance of trust is a recent study of more than 25,000 respondents across eight major global markets (including the United States, Brazil, China and Germany), that found trust to be an as important factor to consumers as quality and value.
Consumers further went on to rank brand trust as one of the top factors they consider when making a purchase, with 81% of survey respondents saying that they “must be able to trust the brand to do what is right.”3 It’s safe to say that it is not going to sit well with a brand’s consumer, that the data they entrusted to brand is now out there somewhere in the ether.
With that in mind, here are some things to consider when either evaluating your current ITAD processes or exploring new ITAD partners:
As is very evident from the consequences of brands who have had data breaches, robust security controls are a vital component that any good ITAD supplier should be scrutinised on. Some good questions to ask any suppliers could include: What physical process controls are in place? Is their CCTV analogue or digital? What is their formally documented process around investigating discrepancies? What specific security policies and training are in place for employees? Is a 3rd party whistle blowing hotline available for anonymous reports to be made? To what extent are you able to audit the process? There are many more questions to ask here...
Owned or partner infrastructure
How much of its own infrastructure does your incumbent or potential ITAD provider own and operate, and what is the geographical reach covered by its network overall?
Providing consistent and robust processes and controls across a variety of countries, languages, and cultures is inherently challenging. For companies leveraging vast partner networks it is exponentially so.
Further, that infrastructure should carry all of the correct certifications. ISO 9001, for example, offers the assurance that management systems are constantly assessed and approved. ISO 14001, highlights environmental and efficiency commitments. R2 is a specific standard for the electronics refurbishing and recycling industry.
Single source - global coverage
An IT lifecycle solutions partner offering a single source for all solutions (deployment, onsite services, ITAD, and e-Waste recycling), will offer your business the lowest risk profile. Under one roof, with single points of contact, providing seamless delivery of services, with the localized compliance experience required to not run afoul of the regulation.
The best way to ensure the security of your data, your IP, and protect your company’s brand is to work with a true global partner. A partner that has scale, experience, a broad service offering across a range of capabilities, can also address the inherent environmental compliance issues through true closed-loop solutions and has unrivaled access to a range of remarketing channels.
Solutions do already exist, and they are relatively easy to implement if your selection process arrives at the right partner. If you would like to discuss the requirements of your ITAD programme, be it a new or existing requirement, get in touch, our friendly team will be happy to help.