Survey: Nearly Half of Organizations Lack Formal Program for Disposing of Retired Servers, Hard Drives and Other Storage Devices
BOSTON (May 8, 2014) — A new report from Iron Mountain® Incorporated (NYSE: IRM), the storage and information management company, and TechTarget, Inc. (NASDAQ: TTGT), the technology media company, suggests organizations have room to improve when it comes to getting rid of old computers, cell phones, hard drives, servers and other data storage devices.
Titled Enterprises have Room for Improvement in Secure IT Asset Disposition, the newly released report indicates that while IT and business professionals have made advances in their efforts to securely dispose of data center, storage and office equipment, additional work is required to protect the information stored on these devices, comply with data privacy laws, and recoup some of the device’s original value through recycling. Some of the report’s key insights include:
- Organizations dispose of IT storage devices to avoid risk: More often than not, an organization’s goals in enacting a Secure IT Asset Disposition (SITAD) policy focus on mitigating risks like losing proprietary data (89 percent of respondents) or avoiding legal and compliance headaches associated with protecting privacy (74 percent). However, other positive benefits of a SITAD program like reducing space issues or recouping financial investments are largely overlooked, with the exception of sustainability, which 63 percent of respondents cite as a program goal.
- Enterprises struggle with SITAD program implementation and compliance: Almost half of respondents – 46 percent – acknowledged that they either don’t have a formal SITAD plan or that their formal plan isn’t widely adopted across their organization. Findings indicate that the lack of widespread compliance among employees stems from insufficient education about SITAD policies or inadequate oversight in how employees implement those policies.
- IT and business executives agree that SITAD is a significant concern: Three quarters of both business leaders and their IT counterparts state they are either concerned or very concerned about potential shortcomings in their SITAD programs. That concern doesn’t seem to translate into program improvements, however, due to the misperceptions that comprehensive programs cost more and that flaws in their current systems aren’t posing urgent risks for the organization.
- Third-party specialists are primarily utilized for hardware disposal: Sixty-four percent of respondents currently leverage outside SITAD experts to some degree – notably to dispose of hardware, including data center equipment like servers and computers and mobile phones. However, organizations can further leverage third-party specialists for guidance on strategy and success metrics. While cost is cited as the biggest obstacle in pursuing help from outside resources (45 percent of respondent), third-party experts can often save organizations money by assessing the value of decommissioned equipment and then recycling it to recoup a portion of the original investment.
“The secure disposition of IT assets will continue to be a top priority for organizations as we face increasingly complex technological, legal and compliance environments,” said Jay Livens, director of product and solutions marketing, data management, Iron Mountain. “When looking to properly dispose of computers, cell phones, servers and other storage devices, organizations should do so in a compliant, environmentally correct manner to ensure they’re meeting all internal and external data privacy requirements and recouping the maximum economic value from their used equipment.”
In light of the survey’s findings, Iron Mountain offers the following SITAD tips and best practices:
- Ensure all computer media and associated data is permanently destroyed and non-recoverable before disposing of the storage device.
- Establish a defensible, documented, and repeatable process to prepare, handle or transport, and destroy the data that resides on electronic media.
- Improve audit readiness using workflows that include security personnel assigned to monitor the destruction process.
- Ensure media scheduled for offsite destruction is securely transported with dedicated routes, 24x7 GPS tracking, thoroughly vetted drivers and a well-documented chain-of-custody.
- Avoid inadvertent disclosures by destroying sensitive or unencrypted data in the right manner at the right time.
- Establish methodologies that ensure reliability and consistency from collection through final destruction of end-of-life IT assets.
- Pursuing third-party vendors that are e-Stewards Certified Recyclers, meaning they adhere to the highest standard of environmental responsibility and worker safety, while protecting human health and the global environment.
TechTarget’s study was based on 125 responses from registered visitors to SearchDataCenter.com. The full report with complete survey data is available at www.ironmountain.com/itassets
About Iron Mountain
Iron Mountain Incorporated (NYSE: IRM) is a leading provider of storage and information management services. The company’s real estate network of over 67 million square feet across more than 1,000 facilities in 36 countries allows it to serve customers with speed and accuracy. And its solutions for records management, data management, document management, and secure shredding help organizations to lower storage costs, comply with regulations, recover from disaster, and better use their information for business advantage. Founded in 1951, Iron Mountain stores and protects billions of information assets, including business documents, backup tapes, electronic files and medical data. Visit www.ironmountain.com for more information.