Data Centres Risk Financial Loss and Data Breaches by not Disposing of IT Assets Properly
Never have the future of data centres look so bright. However, as this sector faces massive growth, it’s vital that the proper disposal of data centre assets takes place to protect against financial and reputational loss.
In many ways, last year the data centre came of age. While people were locked down to escape the pandemic, they turned to their devices to work and their televisions for streaming entertainment, most of which was fed from data centres.
How essential data centres have become in our lives was recognised by governments around the world as data centre staff were added to the list of ‘essential workers’.
While data centre operators have enjoyed and at times, struggled with record demand, they are now planning for the exponential growth of their industry.
What effect will this demand have on data centres? The rush to grow will obviously mean more IT assets being purchased and the upgrading or disposal of existing assets. Clearly, data centres will seek to future proof their investments in terms of cooling technology, faster processing power, and the green agenda.
While we’ve all heard of future-proofing, it’s imperative that decommissioned assets are ‘past proofed’ for both economic and data security reasons.
In times of record growth and deep pockets, it’s tempting, and it may appear easier or less hassle, to consider all old IT assets as junk and to treat them that way. Also, if you agree with that sentiment, you will be tempted to think that IT Asset Disposition (ITAD) has one function: the singular destruction of old assets. And furthermore, destruction means destruction.
However, how you dispose of your assets is vital to the future of your data centre, not only on a data destruction level but also from an economic and regulatory perspective.
Arguably, the biggest mistake a data centre operator can make is thinking that all IT Asset Disposition (ITAD) providers are the same. This idea stems from the idea that it’s easy to destroy an IT asset. However, depending on how you destroy an asset will decide whether or not your data is actually wiped clean. Failure to wipe your data from old IT assets can lead to data breaches and subsequent fines. And such fines are levelled at the organisation who owned the assets, and not the ITAD company.
Therefore, old equipment should be safely removed from the data centre (or examined on-site if required) and assessed before a suitable way of total destruction is decided upon.
However, assets shouldn’t be seen as single objects devoid of their parts. While one part of an asset may be defunct, it’s highly likely that other parts are not only working perfectly but are able to be reused with the data centre or to be resold on the ‘as new’ global spares market.
Access to – and knowledge of – this market is also a clear marker of the professionalism of your ITAD partner. Failure to capitalise on spare parts and treating all used assets as junk is not only a serious waste of money, it is particularly bad for the environment and Corporate Social Responsibility (CSR) obligations.
Data breaches are often imagined as a hacking or phishing issue where cyber criminals gain access to network drives and steal data. However, there’s also the straight-forward variety whereby data is thought to have been wiped from IT assets and those devices are then dumped, or even sold, with data on them.
What’s important to understand about a data breach – especially under the GDPR – is that all data has a value and the fines are reflective of the size of your company. This means that the fine which you will be given is a percentage of your turnover – and there’s no pleading with a judge or getting away with good behaviour.
Not only will the fine be substantial, but there’s also the reputational damage that your company will suffer in light of the fine. Such reputational damage is twofold.
Firstly, there’s the lack of concern for customer data as detailed by not wiping data properly, and secondly, there’s the environmental damage. If your ITAD provider is not concerned about wiping data, there’s a good chance that the environment is being ignored too.
IT assets contain finite and toxic components and their removal and disposal are governed by strict environmental regulations. Improperly disposed of IT assets can lead to pollution and in some cases, devices are shipped to developing countries where child labour is used to break up the toxic components, thereby putting children’s lives at risk.
IT Asset Disposition Strategy
As data centres will keep on growing for the foreseeable future, it makes economic and regulatory sense to develop and execute a solid IT Asset Disposition (ITAD) strategy which will not only future proof your data centre but will also ensure the best economic return on your investment and regulatory compliance.