IAITAM Warns of Growing “Low-Tech Breach” Danger in Absence of Proper IT Asset Disposal Procedures
CANTON, Ohio--(BUSINESS WIRE)--Feb 28, 2019--As companies invest billions of dollars in increasingly expensive personnel and systems to frustrate breaches that originate inside and outside of their organizations, many are overlooking a more obvious fix: the institution of IT Asset Disposal (ITAD) process as part of a formal IT Asset Management (ITAM) program, according to a warning issued today by the International Association of IT Asset Managers (IAITAM).
The modern business world runs on a rapidly expanding pool of IT assets. At the same time, companies tend to look at some combination of employee errors, rogue employees, errant third party vendors, and outside hackers as the most likely sources of breaches. But the truth is that a company without a rigorous ITAD program runs the risk of a breach from a much simpler problem: a piece of hardware that was either not properly tracked to begin with or stops being tracked before its final disposition is confirmed.
IAITAM President and CEO Dr. Barbara Rembiesa said: “The whole idea behind ITAD is simple:If you buy a piece of hardware you need to track it and be aware of it from the moment you acquire it until its destruction or other handling is confirmed.If you can buy it, you can track it.A company can throw all the billions it wants at CIOs, cybersecurity divisions and the like, but if it does not have ITAM procedures in place, it is not secure. Absent or incomplete ITAD procedures are problems that grow each year as the business world’s reliance on technology grows.”
Countless examples exist of improper ITAD practices and the impact that they had on their organizations:
- Frauds pretend to be following the EPA requirements for disposal of electronic scrap and the device is then discovered in a landfill in a developing nation;
- Data thieves steal equipment right from a slipshod disposal vendor’s truck en route; and
- Forgotten hard drives disappear from unsecured storage closets.
ITAD is defined as “the business built around disposing of obsolete or unwanted equipment in a safe and ecologically-responsible manner.” Best practices vary depending on organizational size, type of business, whether the assets are leased or owned, and other factors.
- Choosing the correct disposal vendor: Remember that the organization that owns the equipment is responsible for both its actions as well as their vendor’s actions. The vetting process is paramount to maintaining data security, avoiding data breaches, bad press, and financial losses.
- Services should include secure pick up, delivery, and disposition documentation: Disposal security insulates the organization from theft. The best way to properly mitigate the liability is to conduct fundamental practices such as researching and using a reputable vendor.
- Certified data drive sanitation or destruction: Data drives should be wiped by the originating organization before they leave its site. The drives are wiped again by a disposal vendor and certified as cleaned and/or destroyed per the requirements of the organization. Some organizations use various industry standards such as the DoD or COBIT disposition standard. A COD (Certificate of Disposal) should be provided.
- Remarketing all viable equipment: Assets that are less than four years old commonly have resale value. Many reputable disposal companies are proficient in an asset valuation process.
- Compliance reporting: Compliance reporting, whether done manually or automated, is critical to providing evidence to auditors. If devices are not being tracked through such a reporting process, they are prime candidates for going astray.
- Program and policy development for asset disposal: A formal ITAD process as part of a full-blown ITAM program is necessary for any organization that is serious about proper control of its IT assets from the moment that they arrive until the time of their eventual disposal.
The International Association of Information Technology Asset Managers, Inc., is the professional association for individuals and organizations involved in any aspect of IT Asset Management, Software Asset Management (SAM), Hardware Asset Management, Mobile Asset Management, IT Asset Disposition and the lifecycle processes supporting IT Asset Management in organizations and industry across the globe. IAITAM certifications are the only IT Asset Management certifications that are recognized worldwide. For more information, visit www.iaitam.org, or the IAITAM mobile app on Google Play or the iTunes App Store.
View source version on businesswire.com:https://www.businesswire.com/news/home/20190228005650/en/
Whitney Dunlap, (703) 229-1489 firstname.lastname@example.org.
KEYWORD: UNITED STATES NORTH AMERICA OHIO
INDUSTRY KEYWORD: TECHNOLOGY DATA MANAGEMENT HARDWARE INTERNET SOFTWARE SECURITY PROFESSIONAL SERVICES OTHER PROFESSIONAL SERVICES
SOURCE: International Association of Information Technology Asset Managers, Inc.
Copyright Business Wire 2019.
PUB: 02/28/2019 11:00 AM/DISC: 02/28/2019 11:01 AM