Don't let your IT assets be a potential security riskBy Eli Sabatier
Now, first let me begin by saying that my first blog of 2020 is not meant to be alarmist. More so, it’s just urging everyone to be aware of what should always reside in the back of everyone’s mind: making sure your data is always secure. Especially given the most recent IT security news that an unsecured dark web server was just discovered that has more than 1 billion personal data records on it. I don’t even want to think what that will mean for everyone involved.
But aside from the perils of the dark web, there are things that we can all do to stay at least a little safer. One is simply having the wherewithal to deal with IT assets in a secure way. Simply put, organizations must maximize the IT asset value recovered while minimizing the risks associated with data-bearing, end-of-life (EOL) equipment—as well as being fully compliant with stringent regulatory standards for data security and the financial repercussions organizations face when sensitive data is leaked.
Adopting a data-centric security approach—an approach that emphasizes the security of the data itself rather than the security of networks, servers, or applications—the focus is on protecting the data, rather than on protecting the system where the data resides. When the focus is on protecting the system, it does not protect the data when it is moved elsewhere. The system remains protected, but sensitive data is left unprotected, exposed, and vulnerable to a cyber attack.
The first step in the data-centric approach is to automatically identify sensitive data as soon as it enters the organization’s IT ecosystem. It should then be secured with policy-based protection that is with the data throughout its lifecycle. A common practice is to install software agents on every IT asset where sensitive data resides such as laptops, servers, mobile devices, and more. Administrators control these agents from a centralized management console, applying the right type of protection for each data type and use case.
This approach ensures that sensitive data is protected. In addition, when using the services of an IT asset recovery and recycling company, make sure it has an in-depth understanding of the IT asset and its components, recycling and component recovery experience, and an Asset Recycling Assessment service.
Then there is Secure Data Destruction. Sensitive data should be wiped clean in accordance with the United States Department of Defense sanitization guidelines. I know that’s what we practice and it’s critical that what we do for us we should do for our customers. Personally, I believe that a report should be issued that certifies 100 percent erasure and destruction of data on any IT assets processed—one that shows the wiping and sanitizing of hard drives, thumb drives, and most data devices—effectively removing the data long before reselling the product, and ensuring safe deinstallation and transportation.
Of course, there is also ISO Certification. This certification ensures the service provider delivers consistent, high-quality products and services.
Also make sure that the partner you deal with for safe asset recovery has a partnership with a single R2-Certified Recycling Company. R2 is the premier global environmental, worker health and safety standard for the electronics refurbishing and recycling industry. It includes secure data destruction and a zero-landfill policy for users’ parts. And again, the service provider should send the organization a report from its R2-certified recycler on the final disposition of the asset—something that we do for all our customers.
And nothing says, “Do good while doing well” like having an earth-friendly Landfill and Exportation Policy. This ensures that assets are not disposed of in a landfill site or in another country. Whether for resale or disposal, the service provider should not export to embargoed countries, adhering to the US Electronic Code of Federal Regulation.
Overall, the right service provider should deliver many benefits to the organization such as costs offset through remarketing and recycling, clients’ sensitive data protected, reduced costs through the redeployment of assets, and the enhancement of brand reputation through corporate sustainability activities.
And having a data-centric security approach together with a service provider who has the above attributes, minimizes the risks associated with data-bearing, end-of-life (EOL) equipment, as well as being in full compliance with regulations that require businesses to undertake proper retirement and recycling of their electronic IT assets.
And if you’re interested, give me a call. I’m happy to chat with anyone about secure asset recovery any time. It’s important to you just as it’s important to us.