By removing data, you remove the risk of a security incident. By having a device securely wiped of all data and creating an auditable report before it’s unplugged, you can get new value out of your retired resources. What was previously a significant and costly liability is now an opportunity to recover hidden value.
It’s no secret that the world of digital data is growing–and rapidly, too. While most new data is created by individuals, the majority of that data is stored by businesses. Moreover, 40% of that stored data is inherently sensitive; this includes everything from corporate financial data to private medical records. The bad news? Less than half of this information is properly protected.
It’s understandable to want to save money by skimping on data security, but the average price of a breach is $3.5 million, which makes investing in security the obvious choice. On the other end of the spectrum, some business owners get panicky when faced with this number and invest heavily on data security practices that aren’t actually effective.
The key to finding the balance is approaching data center decisions, like how to decommission hardware, through the lens of “total return.” Total return can be thought of as what you get out of your decommissioning process, and it takes several key security values into account:
• Reliability: For any data security solution, you need to be able to trust it to perform its task. There’s no point in purchasing a tool to sanitize drives if it will only work with one software.
• Speed: This value is all about your time investment: can your solution perform quickly?
• Process: The journey is as important as the destination. How are you reaching your data security goals?
While each of these factors is important, another stands out as especially so: yield.
In layman’s terms, yield can be understood as a data wipe’s success rate. Out of 100 wiped drives, how many had no residual data? Your answer will be your yield rate. Despite having the largest impact on total return, the yield is one vector that’s routinely ignored by businesses, which is precisely why it’s so important.
How does yield impact total return? Well, if your response to security concerns is to shred all your data drives, there’s no way to verify that the data was actually destroyed, and this insecurity is reflected in your yield rate (0 percent) and, by extension, your total return.
Moreover, failure to remarket your decommissioned hardware will have a similar impact on your yield and total return. By shredding all your hardware, or any of it, you miss out on the opportunity to resell it, which means no profit to add into your total return, and we’ve established that destroyed hardware has a 0 percent yield rate.
If the above is what not to do, then what steps should you be taking to maximize your yield rate?
• Be Informed: Ask your team or vendor what your recorded yield rates are. Locate your weak points and determine what impact they’re having on your total return.
• Negotiate SLAs: Set performance standards and ensure that you’re reaching them.
• Test First: Testing your sanitization methods will ensure that you don’t experience any compatibility issues when you’re most in need of data destruction.
This covers the importance of yield, but it does not fully explain the most profitable aspect of ITAD: remarketing.
Remarketing, or reselling your decommissioned hardware, is the most impactful factor when looking to increase your total return. While remarketing is an excellent way to make extra money off unwanted resources, there is an implicit concern: How can you maximize your profits on the reselling market? Let’s examine how remarketing works and what you can do to make it work for you.
The market for used IT equipment is substantial: currently worth over $1 billion. With money like that, it’s no surprise that there are multiple ways to use the system and still make a profit. The most profitable paradigms are the Bid/Buyout and Profit Share/Consignment models, respectively. In short, the Bid/Buyout model yields less revenue but requires less of a time investment, while the Profit Share/Consignment model takes more energy, but offers substantially higher profits.
While each model works for different businesses, there is certainly a preferable model, just as there are recommended ways to go about remarketing.
Mastering the Resale
• Utilize the Profit Share/Consignment model. Because of the time investment that it requires, few businesses choose to take on this responsibility and thus leave profits for you to reap.
• Use only one vendor for exclusive products. Employing two vendors creates a “race to the bottom” and can have a negative impact on the market for service-seekers. Don’t give one vendor all-product exclusivity, but sell different categories of products to different vendors to avoid vendor-vendor competition.
• Question your vendor(s) about their marketing strategies and ensure that they’re effectively selling your products.
• Verify that you’re being paid for internal components of products. Just because your server has no market value doesn’t mean that your memory or power supplies don’t.
Where remarketing is one of the most valuable tools to improve your profits during decommissioning, RMA can be one of the easiest ways to ruin your total return.
While reselling is the norm for mass decommissioning, it’s far from the only means of ITAD. RMA, or return merchandise authorization, comes into play when returning failed hard drives in order to receive repairs or a refund. While often overlooked, RMA presents significant dangers to your data security and total return value. After all, what happens if you return a hard drive with data on it? Will your vendor provide a certificate of destruction, or do you have to trust them not to steal your sensitive information?
RMA And Total Return
• Security. As discussed in the “Yield” section, shredding drives are a danger to data security and thus harms your total return. Whether you do it or your vendor performs the task after sending you a new drive, there’s no guarantee that your data was actually destroyed.
• Finances. The warranty value of RMA drives can range from $200 to $2,500 per unit, which presents significant value. Say you have 1 million hard drives for your data center, and let’s assume a 3 percent failure rate. Your RMA warranty values will range from $6 million to $75 million, with another $210,000 tacked on for the cost of shredding each drive.
• Environmental. It’s generally accepted that reusing, rather than recycling, old equipment is the best way to reach sustainability goals. See how your environmental/health and safety teams feel about sending drives to be shredded, more than ¾ of which could be reused.
If these are the considerations to be made when planning RMA, then what should your actions look like?
Maximizing Total Return With RMA
• Review your RMA process to ensure security. Make sure that every step is well-documented and identify any security weaknesses.
• Sanitize RMA drives before returning them. This is the only data destruction method that is entirely auditable and guarantees that your data cannot be stolen and resources aren’t wasted with shredding.
These will help maximize your total return values, but the end destination isn’t all that matters. Oftentimes, it’s also about how you get there.
In the world of IT, productivity is the name of the game. Why would you waste resources protecting your data if there are ways to ensure the same protections for half the price? Let’s take a look at how you can get the most out of productivity and improve your total return during ITAD.
The productivity of your data destruction during decommissioning is determined by how effective the erasure is combined with how long the erasure takes. If the data isn’t erased then you have to shred drives, which lowers yield and thus total return. On the other hand, taking too long to destroy data can waste resources on your end. For these reasons, you should make the following considerations when finding ways to improve your productivity:
• By lowering program expenses, you can free space in your budget.
• If you reduce the time it takes to destroy data, you have more IT resources while reducing floor space that old hardware occupies. You will also be able to sell your equipment faster, which improves productivity.
• If you increase yield, you can increase revenue while improving IT sustainability.
• By accomplishing all these goals, you will improve security and thus limit your risk of suffering a costly data breach.
To end this total revenue master post, simply ask yourself one question: What could your organization do with the resources and manpower that you’ll save by maximizing your total return during ITAD
Gardner, Bill. “Cost of a Data Breach: Global Analysis.” Building an Information Security Awareness Program (2014): 15-24. Web.