Can you achieve 100% data security and contribute to a sustainable future for IT assets? This was one of the core points I explored as part of the E-SCRAP Conference 2024 panel discussion “Driving E-Scrap Towards Circularity,” alongside industry experts Samir Khoury (Head of Tech Operations, Iron Mountain), Ken Thomas (CEO, URT Solutions) with moderator Roger Gagnon (Founder, Extreme Protocol Solutions. It’s a critical and timely topic for all ITAD industry players as Annette Zimmerman, VP Analyst at Gartner, notes “…there is more that needs to be done. Our research estimates that IT assets account for 7% of global e-waste.”
The end-of-life (EOL) circularity discussion touched on key insights, profitability, data security and IT asset evaluation practices that must be considered in every step of the EOL disposition process. Guardian Data Destruction is committed to achieving 100% data destruction to eliminate risks and ensure assets exiting the organization’s custody do so without the threat of data breaches.
UNDERSTAND | Guardian’s Mission Statement and Core Values
What is the Circular Economy?
According to the Circular Drive Initiative (https://circulardrives.org/faq/), “The circular economy is an economic model that emphasizes the efficient use of resources by keeping them in use for as long as possible and minimizing waste. This is achieved through strategies like reuse, repair, remanufacturing, and recycling, which are designed to extend the life of products and recover materials at the end of their life cycle.”
For IT asset disposition organizations with clients that value (prioritize!) sustainability as part of their IT equipment supply chain, there are proven strategies to reduce e-scrap volume and diminish landfill waste:
- Extend equipment life (or refresh cycles)
- Develop equipment reuse pathways
- Prioritize product repair over replacement
- Encourage refurbishment and remanufacturing to extend usefulness
- Create a purchasing culture that values products for production, disassembly, repaid and recycling
And the trendline is spiking upward. According to Gartner, “by 2030, 80% of hardware vendors’ product portfolio will be linked to circular initiatives, up from 20% in 2023, according to Gartner. In fact, re-manufacturing and reusing end-of-life devices instead of having them end up in a landfill has become top of mind for most businesses around the world.”
In other words, circularity awareness and demand are here. How can we be of help?
Guardian’s partnership role in Circular ITAD
We believe ITADs can thrive in the circular economy while maintaining service excellence and providing the highest level of client data protection. As a trusted partner, well-versed in industry requirements across the supply chain, Guardian provides
- Asset inspection for data bearing assets (DBA) and data bearing devices (DBD)
- Asset verification and serial number scan (including mother/daughter) for chain of custody
- Onsite data destruction combined with efficient logistics services to minimize handling
- Multi-step, onsite data sanitization to meet any security requirement
- Multi-service, multi-location projects
- Comprehensive, scalable project management and services
- Expert advisory services for process optimization and documentation
How does data destruction fit into the Circular Economy?
The answer is: it depends.
And that’s good news and bad news.
From a standpoint of data security and risk mitigation, flexibility is key. We recommend that end client organizations work closely with their IT asset managers and ITAD providers to create disposition paths and processes that are dependent upon factors such as industry regulations, data sensitivity and device type.
Two real-life, nuanced examples of how data security and circularity coexist in ITAD:
Scenario 1: Refurbishing workplace laptops
For customer service laptops (or desktops, tablets, etc.) that are not handling credit card data or personal identifiable information (PII) covered under HIPAA, a NIST 800-88 Rev 1 “Clear” erasure is a likely option. The hard drive is reusable, the hardware refurbishable and an extended or second life is possible. This is especially relevant if the IT assets are leased and the hard drive (disk or solid state) is contractually required to be in the returned unit.
Scenario 2: Decommissioning a data center/closet/cage
In a data center upgrade, relocation or exit, where it is unclear what data is stored, more stringent data sanitization measures are required to protect the company and its clients. A NIST “Purge” will securely erase data (in most cases), while forensic visual equipment inspections ensure that all hidden or add-on data-bearing devices (DBDs) such as SSD cards or NVMes are accounted for. All discovered DBDs are removed, cataloged and shredded.
For network servers, firewalls, routers, switches and server remote access equipment, a factory reset restores systems to their original, out-of-box factory configuration and deletes all proprietary, IP and custom data configurations.
By using a common sense evaluation based on industry, data and the device type, ITADs can help clients achieve both security and sustainability goals without compromise.
Pinpointing IT asset management gaps
During the E-SCRAP Conference 2024 plenary session, “Navigating Security Compliance Challenges in ITAD and ITAM”, industry experts Robert (Bob) Johnson, CSDS, CIPP/US, CIPP/E, co-founder and former CEO of NAID and Kyle Marks, Founder and CEO of Retire-IT highlighted a common compliance issue across most organizations: “most organizations are wildly noncompliant. Lifecycle management is a series of check-ins and check-outs. Most companies only know where 85% of their hardware is; what would happen if a bank didn’t know where 15% of their money went?”
Our experience echoes this reality. Without comprehensive IT asset tracking, data destruction and sustainability options are compromised.
Key challenges:
- Non-tracking of IT assets: The variance between acquisition and disposition leads to a lack of visibility into the organization’s IT asset inventory (and vulnerability).
- Lack of recognition of data bearing devices (DBDs): Without the accountability of a tracking system or trained technical personnel that have both the ability and latitude to search, remove and report DBDs, organizations unintentionally release data as IT equipment ships from secure sites.
CASE STUDY | How 18TB of DBD were found as IT equipment was leaving the building
By acknowledging and addressing these challenges internally and with trusted disposition partners, organizations can improve their IT asset management practices, reduce risks and contribute to a more sustainable circular economy.
Best practices for ITADs and organizations to consider for sustainability and data protection
To successfully balance circularity and data protection, organizations must focus on:
1. Comprehensive asset management:
- Accurate tracking: Implement robust systems to track IT assets throughout their lifecycle, from acquisition to disposal.
- Inventory audits: Conduct regular audits to ensure accurate asset records and identify discrepancies.
- Organization education: Awareness of data bearing device form factors, custody and risks resulting from negligence.
2. Data security and compliance:
- Data sanitization: Adhere to industry standards and the US Department of Commerce’s NIST SP 800-88 for media sanitization.
- Forensic search: Conduct thorough forensic searches to identify and remove hidden data-bearing devices.
- Chain of custody: Maintain strict documentation and oversight of IT assets throughout the disposal process.
LEARN | Download our NIST 800-88 compliance guide or listen to E-ChannelNews’s expert podcast: DoD vs NIST
3. Environmental impact:
- Material recovery: Maximize the recovery of valuable materials from IT assets (without compromising data security).
- Energy efficiency and natural resource consumption: Evaluate disposition methods using all relevant factors e.g., choosing drive shredding vs erasure
- Hazardous materials: Properly handle and dispose of hazardous materials.
4. Environmental compliance:
- Understand regulations: Stay informed about local, national, and international environmental and data protection laws.
- Seek certifications: Demonstrate responsible practices by working with downstream vendors that hold R2v3 or e-Stewards industry certifications.
5. Partner collaboration:
- Verification: Ensure that ITAD partners and their third-party providers have the necessary certifications and practices in place.
- Transparency: Maintain transparency throughout the entire disposition.
- Joint audits: Conduct regular audits with partners to assess compliance and performance.
- Subject matter experts: Evaluate practices and strategies with ITAD experts
EXPLORE | Guardian’s Channel Partner program for ITADs, VARs, MSPs, TSPs and IT Resellers
Taking action for a circular and secure future
Proper lifecycle disposition of data bearing devices is essential for both data security and environmental sustainability. By implementing effective IT asset management practices and utilizing reliable data destruction services, organizations can protect their sensitive information, reduce their environmental impact and contribute to a more circular economy.
Guardian Data Destruction is a trusted partner in achieving these goals. Working through ITADs, VARs, MSPs and IT resellers as they help clients navigate this balance. With our expertise in data destruction (shredding, erasure, degaussing), white glove IT asset packing and secure logistics and data center services, we ensure a future that’s both circular and secure.
Ready to take the next step? Contact us today to learn more about how Guardian can support your customers’ journey toward a circular and secure future.
If you’d like a copy of the E-SCRAP “Driving E-Scrap Towards Circularity,” presentation, drop us a quick request.
Read next
- Get our list of data bearing devices and data bearing assets >
- Perception vs reality in the physical search for DBD (a guide) >
- Browse Guardian Data Destruction’s services >
- A philosophy of data protection: Destroying IT assets to protect data >
- How to physically recognize data bearing assets and devices >
Sign up for email updates to receive the latest in data security options from Guardian Data Destruction >