Protecting Your Data from Black Hole of Asset Management
By Kevin Jerge, VP Business Development, IT Asset Management, Apto Solutions
Enterprise IT assets carry too much value to be overlooked at any point in the IT lifecycle – including post-disposal. And yet, all too often, enterprises don’t pay enough attention to the afterlife processes for their valuable IT assets. Terrifyingly, approximately 50percent of the time, IT equipment still has sensitive data on it when it is disposed. When properly managed IT asset disposition (ITAD) processes prevent these potential data breaches, combat e-waste, and provide value recovery for the world’s largest enterprises. Data destruction is crucial for the security and protection of corporate data, but a lack transparency hinders this effort. How can companies protect virtual data in a physical world?
Virtual and cloud architectures have made it increasingly difficult to determine exactly where data lies in the physical world, but all virtual data exists somewhere in physical form. To protect your data, you need to be certain to securely erase all of the possible places that data could be stored. This could range from the obvious (servers, mobile devices, and storage arrays) to the less self-evident (network equipment and all-in-one office copiers). Do you track all of this equipment now? What happens when the device’s useful life for your company ends and you decommission it? Are you still tracking it into the afterlife?
• Track Your Asset Lifecycle into the Afterlife
Unfortunately, the current asset management and reporting process is broken. CMDB tools make it easy to discover and track a physical asset while it remains in the data center, but existing technology falls short when it comes to tracking what’s required for real transparency into the afterlife disposal process.
• Define the Black Hole
Once an asset moves out of the data center and into the hands of an ITAD vendor, it falls into black hole of outdated enterprise reporting software that provides the client with little-to-no valuable information.
"ITAM and ITAD companies must work together to extend the reach of CMDB beyond the data center"
Often, the only option is setting up a new location such as “ITAD Vendor” and assigning all decommissioned assets to it. This reporting vacuum presents a serious security risk that can threaten the entire decommissioning process.
The visibility required to protect your data must extend more deeply into the afterlife processes so that you can be confident that your information remains pro-tected throughout the decommissioning process. Many companies attempt to bypass this problem by requiring on-site data destruction for every asset in the data center. Although a good choice for some industries, this brings a large increase in the associated service costs and can limit the upside of value recovery in the ITAD process. This also represents a technical half-measure because the on-site activities will still not be accurately captured by ITAM tools. We must fill this reporting gap by extending the reach of our existing tools through the end of the IT asset lifecycle.
• Get Help to Fill the Gap
The future of enterprise asset management lies in the hands of agile IT companies that are disrupting and innovating from within the industry. The black hole problem sits at the junction of IT Asset Management (ITAM), ITAD, and Logistics, and it will require innovation and cooperation across all these areas to solve well.
ITAM companies already manage all of the important assets in your data center, and, if you’ve implemented a CMDB as your single system of record, this continues to be the ideal place to manage your assets as they move on from your data center. ITAM companies need to extend their solutions by integrating with ITAD vendors and logistics companies to track and report on the final stages of the lifecycle. ITAM companies could choose to build out this functionality themselves, but that runs into adoption hurdles that require the ITAD and logistics partners to work within the ITAM company’s system of choice. A better solution would integrate with the ITAD company’s management tools to import data and extend visibility without requiring universal adoption.
Innovative ITAD companies understand that the brunt of solving this reporting gap relies on them. After all, they are the ones that take responsibility for the assets, shouldn’t they own the reporting as well? ITAD companies must adapt by investing in their own reporting tools that can track the afterlife processes by integrating with Logistics and data destruction tools to provide a holistic view. These new software tools should also integrate, if possible, with existing ITAM solutions to avoid the information-silo-problem that CMDBs were originally designed to eliminate.
• Build Transparency and Protect Yourself
Do your asset management tools give you the transparency to securely manage your data during the asset’s afterlife? Or are you just trusting blindly? As a CIO, you are ultimately responsible for any lack of visibility in your organization, and you must protect your data by demanding more visibility into the tail end of the IT asset lifecycle.