46% of Organizations Lack Program for Getting Rid of Old Servers, HDDs

A new report from Iron Mountain Incorporated and TechTarget, Inc., a technology media company, suggests organizations have room to improve when it comes to getting rid of old computers, cell phones, HDDs, servers and other storage devices.

Titled Enterprises Have Room for Improvement in Secure IT Asset Disposition, the indicates that while IT and business professionals have made advances in their efforts to securely dispose of data center, storage and office equipment, additional work is required to protect the information stored on these devices, comply with data privacy laws, and recoup some of the device’s original value through recycling.

Some of key insights include:

• Organizations dispose of IT storage devices to avoid risk: More often than not, an organization’s goals in enacting a Secure IT Asset Disposition (SITAD) policy focus on mitigating risks like losing proprietary data (89% of respondents) or avoiding legal and compliance headaches associated with protecting privacy (74%). However, other positive benefits of a SITAD program like reducing space issues or recouping financial investments are largely overlooked, with the exception of sustainability, which 63% of respondents cite as a program goal.
• Enterprises struggle with SITAD program implementation and compliance: Almost half of respondents – 46% – acknowledged that they either don’t have a formal SITAD plan or that their formal plan isn’t widely adopted across their organization. Findings indicate that the lack of widespread compliance among employees stems from insufficient education about SITAD policies or inadequate oversight in how employees implement those policies.
• IT and business executives agree that SITAD is a significant concern: Three quarters of both business leaders and their IT counterparts state they are either concerned or very concerned about potential shortcomings in their SITAD programs. That concern doesn’t seem to translate into program improvements, however, due to the misperceptions that comprehensive programs cost more and that flaws in their current systems aren’t posing urgent risks for the organization.
• Third-party pecialists are primarily utilized for hardware disposal: 64% of respondents currently leverage outside SITAD experts to some degree – notably to dispose of hardware, including data center equipment like servers and computers and mobile phones. However, organizations can further leverage third-party specialists for guidance on strategy and success metrics. While cost is cited as the biggest obstacle in pursuing help from outside resources (45% of respondent), third-party experts can often save organizations money by assessing the value of decommissioned equipment and then recycling it to recoup a portion of the original investment.

“The secure disposition of IT assets will continue to be a top priority for organizations as we face increasingly complex technological, legal and compliance environments,” said Jay Livens, director of product and solutions marketing, data management, Iron Mountain. “When looking to properly dispose of computers, cell phones, servers and other storage devices, organizations should do so in a compliant, environmentally correct manner to ensure they’re meeting all internal and external data privacy requirements and recouping the maximum economic value from their used equipment.”

Iron Mountain offers the following SITAD tips and best practices:

• Ensure all computer media and associated data is permanently destroyed and non-recoverable before disposing of the storage device.
• Establish a defensible, documented, and repeatable process to prepare, handle or transport, and destroy the data that resides on electronic media.
• Improve audit readiness using workflows that include security personnel assigned to monitor the destruction process.
• Ensure media scheduled for offsite destruction is securely transported with dedicated routes, 24×7 GPS tracking, thoroughly vetted drivers and a well-documented chain-of-custody.
• Avoid inadvertent disclosures by destroying sensitive or unencrypted data in the right manner at the right time.
• Establish methodologies that ensure reliability and consistency from collection through final destruction of end-of-life IT assets.
• Pursuing third-party vendors that are e-Stewards Certified Recyclers, meaning they adhere to the highest standard of environmental responsibility and worker safety, while protecting human health and the global environment.

TechTarget’s study was based on 125 responses from registered visitors to SearchDataCenter.com.

Full report (registration needed)