Enterprises Have Room for Improvement in Secure IT Asset Disposition

Published On May 16, 2018

Recent research finds important gaps in organizationl practices and compliance around secure IT asset disposition.

Although organizations cite a host of reasons for adopting strategies and programs for secure IT asset disposition, recent research finds important gaps in organizational practices and compliance.

Disposing of decommissioned, outdated and broken IT assets — from data center infrastructure to client systems and even office equipment — has taken on heightened urgency in recent years. Slow but steady improvement in economic conditions, combined with the introduction of attractive new technologies throughout the enterprise, has led to big increases in the amount of equipment that must be securely, efficiently, and legally disposed of each year.

The U.S. Environmental Protection Agency estimates that more than 500 million tons of electronic waste, including 30 million computers, is created each year.¹ Where do all of those old computers, smartphones, and data-bearing office equipment go? That depends on a random, often haphazard set of disposal methods – ranging from reuse and recycling of equipment under well-defined governance programs to stacking up old systems in an office basement or a corner of a wiring closet.

Adding to the urgency to properly and securely dispose of IT assets are regulatory requirements surrounding the need to safeguard proprietary data that resides on those machines. Finally, more and more organizations have begun instituting eco-friendly programs and policies that encourage or even mandate the proper recycling and discarding of electronic waste versus throwing it into the garbage or directly into landfills.

A recent research study conducted among IT and business professionals indicates that although enterprises seem to have made important strides in their efforts to securely dispose of IT assets, much more work remains to be done in order to maintain legal compliance and ensure efficient and secure business operations. The study, based on 125 responses from registered visitors to SearchDataCenter.com, notes the following:

• While most respondents say their organizations have formal policies for secure IT asset disposition, almost half acknowledge significant compliance gaps.
• IT and business executives are nearly equal in their concern about their organization’s ability to properly discard IT assets — and that concern is significant.
• Respondents are more likely to be motivated by avoidance of negative outcomes, such as compliance penalties or proprietary data falling into the wrong hands, than achieving positive outcomes.
• The biggest challenges respondents cite are the costs of asset disposition programs and the perception that the risks associated with their current programs and practices aren’t urgent.
• Most respondents at some level use third-party specialists to assist with the disposition of their IT assets, although many again cite costs and lack of a perceived business need as obstacles to increased use of outside experts.

Secure disposition of IT assets has taken on added significance across all industries and technology profiles due to a variety of factors, from infrastructure sprawl and proliferation of mission-critical data on a range of devices to complex and growing legal and compliance requirements.

Survey respondents note that while they typically have formal programs in place to handle such issues, they are not always as successful as they need to be in complying with those programs. As such, when it comes to the proper disposal of the growing number of IT assets inside their organization, both IT and business leaders have significant levels of concern about their risk profile.

Respondents also note that their programs are driven primarily by the need to avoid risks such as compliance violations or loss of proprietary data versus achieving tangible benefits such as cost savings. Instead, respondents say cost is what most often makes their organizations hesitant about IT asset disposal programs and using experienced third-party specialists in general, perhaps indicating that a more nuanced view of the financial impact of failing to securely dispose of IT assets is required. In fact, third parties with proven expertise in safely and securely disposing IT assets often can help save money by assessing the value of decommissioned equipment and helping return to the organization a significant portion of those assets’ economic value.

For a more detailed review of the findings, see the slides below: