Secure IT Asset Disposition: Achieving Valuable Outcomes for Financial Services


The risks of not having an IT asset disposition solution are substantial to financial services organizations. An ITAD program can help you dispose of end-of-life IT assets successfully while achieving security, compliance, and environmental goals.

8 March 202212 mins
Secure IT Asset Disposition Thumbnail

The risks of not having an IT asset disposition solution are substantial to financial services organizations. An ITAD program can help you dispose of end-of-life IT assets successfully while achieving security, compliance, and environmental goals.

Data breaches at financial services organizations have increased in 2018, with 103 reported cases as of August — compared with just 37 in all of 2016.

That statistic alone demonstrates why data security is the top concern among IT leaders in the financial services industry. In addition, they’re grappling with a wide range of regulations that affect IT asset decisions, especially around the disposal of retired or obsolete equipment.

With the right IT Asset Disposition program, however, financial services organizations can:

  • Improve data security and privacy, while complying with new and changing global regulatory requirements
  • Lower total cost of ownership (TCO) through remarketing
  • Minimize impact on the environment
The stakes are high

Data breaches are an ongoing concern for all organizations. Yet, banking and insurance firms are increasingly collecting personal and highly confidential digital data, raising the security stakes even higher. One device could contain both sensitive customer data (social security numbers, banking account information, pay stubs) and the company’s proprietary information (revenue projections, payroll or claims data).

The risks of data loss and theft increase when it comes time to dispose of end-of-life IT assets and media. If they fall into the wrong hands, improperly discarded devices could result in data theft, damage to company reputation, and loss of intellectual property.

IT leaders in the financial services industry are keenly aware of the challenges surrounding IT asset disposition (ITAD). In a recent IDG survey, they listed their top three obstacles: data security concerns, chain-of-custody security risks, and inconsistency in how multiple office locations handle IT asset disposal.

In addition, these executives cite awareness of the multitude of regulations affecting ITAD, such as SEC and EPA regulations, the far-reaching General Data Protection Regulation, the Banking Security Act, and the Gramm-Leach-Bliley Act.

There’s a disconnect, however, between recognizing the challenges, risks, and regulations — and taking the appropriate actions to avoid data security problems with IT asset disposal. For example, the IDG survey revealed that:

  • 59% of financial services organizations do not have a formal ITAD policy in place
  • 44% handle equipment disposal entirely in-house
  • 37% hold on to retired IT assets without wiping stored data
  • 28% dispose of old equipment in the trash
“Unfortunately, there are some companies that don’t do everything the right way,” says Brooks Hoffman, a member of the Secure E-Waste and IT Asset Disposition team at Iron Mountain. “It’s easy to cut corners. If you do, it could come back to bite you. It could even result in a data breach.”

The good news is that the solution isn’t complex or burdensome.

Secure IT Asset Disposition: the benefits of comprehensive coverage

A properly designed secure IT asset disposition (SITAD) program meets all of an organization’s goals. Asked what they’d most like to see in such a program, financial services IT leaders said they want to:

  • Ensure the security of sensitive data
  • Meet data privacy regulations
  • Meet environmental regulations
  • Reduce the burden on internal resources
  • Achieve environmental sustainability

A comprehensive SITAD program does all that and more. For example, Iron Mountain’s solution gets financial services companies started with a framework for ITAD policy creation. This template includes procedures and standards for asset tracking, data security, data destruction, and regulation compliance.

The right SITAD solution will also instill confidence in a secure chain of custody when IT assets are retired. Some ITAD companies use third-party services to haul away old equipment. Those vendors sometimes subcontract the logistics or trucking aspects, which puts the chain of custody into question. Consider the risks if the hauling company driver doesn’t lock his vehicle while your IT assets are inside.

Financial services companies should work with ITAD vendors who are certified by independent, standards-setting bodies such as e-Stewards®. This ensures that there’s no cutting of corners when it comes to regulations and standards compliance.

ITAD vendors can also help address environmental and social responsibility goals by diverting IT assets from landfills and other waste streams. There is a lot of complexity in this area, as each U.S. state and municipality might have specific requirements in addition to federal regulations for electronic waste.

Finally, banking and insurance firms should be open to remarketing end-of-life IT assets. With help from the right ITAD partner, companies can retire equipment and gain maximum resale value, which will lower TCO.

The bottom line

Financial services organizations have a great deal of sensitive data at stake, with too much at risk if they don’t have a secure IT asset disposition program. Getting ITAD right company-wide is more important than ever.

“If 75% of the organization does ITAD the right way, it means that 25% is doing things the wrong way. That’s a problem,” Hoffman says.

Iron Mountain’s Secure IT Asset Disposition solution helps companies ensure that IT assets are properly destroyed, recycled or repurposed for maximum value. Find out more:

Elevate the power of your work

Get a FREE consultation today!

Get Started