Data Security and IT Asset Disposal (ITAD) today
Information availability and risks are evolving. Is your ITAD strategy?
With internet traffic set to cross the one zettabyte – that’s one followed by 21 zeros – threshold next year, we are at the dawn of a new and potentially unsecure information age. The flow of information is at an estimated 30,000 gigabytes per second, a surge from a mere 100 per second in 2002. Cisco says as much as 79 percent of this traffic will be in some form of video streaming. The rising implementation of video communication between business and government agencies will add a notable part of this traffic. File sharing, especially of sensitive material from corporations, constitutes another 7 percent of that traffic, according to Statista.
From personal passwords to encrypted commercial data, information sensitivity and needs for its security is growing quickly. With IP theft, corporate espionage, online fraud, hacking and theft of sensitive data on the rise, McAfee estimates the global cost for cybercrime to be around $445 billion a year. Some other studies peg these superfluous losses to be as much as a $1 trillion. Banks, insurers, data centres, hospitals and sectors thriving on intellectual property (such as pharmaceuticals and equipment manufacturers) are all potential cybercrime victims. Additionally, data theft is on the rise. Personal consumer data is vulnerable to hacking, especially sensitive information relating to one’s health, banking and online shopping habits. Simple computerised cash registers at the point-of-sale, terminal hardware tracking online payments and data-bearing drives for virtual cloud storage networks are all examples of vulnerable infrastructure.
Information is at risk of infringement, pilferage and theft at every stage of equipment’s lifecycle. Despite stringent security measures like firewalls and encryption, residual data – even after being erased – may leave some information inadvertently recoverable. As such, new corporate policies to improve data security measures during the disposal of end-of-life IT assets are emerging. Security measures considered prior to recycling include secure collection, monitored transportation, protected storage, purging and thorough data eradication.
Regional and global legislation is also developing alongside corporate IT asset disposal policies. In the UK, the Data Protection Act has been enforcedsince 1998 and mandates rigorous rules around the disposal of information records and data disclosure. The WEEE Directive has also expanded since its inception in 2002 and now administers policies for the secure disposal of data-bearing electronic equipment.
Accreditations now play a major role in recognising industry standards. in establishing information security management systems within the entire value chain. ISO 27001 is an example. The Asset Disposal and Information Security Alliance (ADISA) awards a major accreditation that can be seen as an industry benchmark. ADISA measures an ITAD service provider’s capabilities in implementing standards around mitigating the data risks during the entire disposal stage of an IT asset’s lifecycle, and ensuring the most optimum data security measures through each stage of the value chain.
Embedding a secure asset disposal strategy into IT inventory management is imperative today, where the availability of data – sensitive to the individual or corporate – has evolved and so has the advent of the risks around data theft and misuse. Responsible IT asset management must include a 100 percent secure and certified data disposal system to ensure a fool-proof disposal supply chain for end-of-life IT assets.
The article is written by Arjun Mehta of Sims Recycling Solutions. The views reflected in this article are of the author’s alone and not representative of the corporate policies of Sims Group UK.