Your SlideShare is downloading. ×
0
Interested in data center security and disaster recovery?     Learn about the Security and DR track at the     upcoming Fa...
Vito ArminioVito.arminio@lifespanrecycling.com          858-729-0289
Bringing ‘Peace of Mind’ to IT    Asset Retirement• Reduce your Liability in 3  Areas:  – Environmental  – Data           ...
Equipment Retirement -   Issues   • E-waste is the fastest growing portion of the entire     waste stream, growing two to ...
Asset Retirement -     Drivers     • Increased focus on asset management  Must       manage TCO     • Environmental liabi...
IT Asset Management Process                         Sources: Gartner, IDC         Relative Cost                           ...
Why Can’t We Just Throw it    Away?• All E-Waste types   – Computers & Monitors   – Printers & Peripherals   - Complex Cir...
Bringing Peace of Mind…• Department of Commerce report estimated that in  2006, 50% - 70% of electronic waste was exported...
Environmental Risks   • Comprehensive Environmental Response Compensation     and Liability Act (CERCLA)         –   a.k.a...
Environmental Liability:Confidential – not for distribution without LifeSpan’s written consent.
Credit Card Log FileConfidential – not for distribution without LifeSpan’s written consent.
Point of Sale Log File – Credit Card NumbersConfidential – not for distribution without LifeSpan’s written consent.
Outlook – Outlook.pstConfidential – not for distribution without LifeSpan’s written consent.
Accounting System – Social Security NumberConfidential – not for distribution without LifeSpan’s written consent.
Data Destruction Dilemma   Revenue or Neutral/Cost   • Physical Data Destruction         –   Crushing – HDC         –   Sh...
DegaussingConfidential – not for distribution without LifeSpan’s written consent.
Profile Privacy Breaches   • Identity Theft - On the rise      – 22.4 Million Sensitive Records Breached in 2011      – Co...
Confidential – not for distribution without LifeSpan’s written consent.
Bringing Peace of                                         Mind to Data Privacy   • Look for a NAID Certified Service Provi...
Considerations for Process Enhancements   • Chain of Custody      – How long do drives sit around before destruction?     ...
Considerations for Process   Enhancements   Where things go wrong:   Physical Destruction   • No timely destruction - they...
Considerations for Process   Enhancements   NAID (Preliminary)   •Physical Destruction Process Outline:         – IT,  Sur...
Considerations for Process   Enhancements   NAID (Preliminary)   • Sanitization Process Outline         –   IT, Surplus, o...
Solid State Hard Drive   TechnologyConfidential – not for distribution without LifeSpan’s written consent.
Solid State Hard Drives   • Reverse Engineered to mimic                                          Magnetic HD     Magnetic ...
Are You Protected in the Event of a   Data Privacy Breach?   • Do they have sufficient insurance? $1M Errors & Ommissions ...
Data Privacy – Have You Considered…   • Digital Copy Machines contain Hard Drives         –   Capture image of every page ...
Reputation Risk   • Many nationwide companies rely on smaller local     recyclers, creating inconsistent practices on how ...
Free E-Waste “Recycling”        Source: Basel Action Network        BAN.orgConfidential – not for distribution without Lif...
Environmental - Global “Recycling”                                                                          Processing Res...
Reputation Liability:   E-Waste ‘Sting’ Operations            60 Minutes Nov 9, 2008                                      ...
Confidential – not for distribution without LifeSpan’s written consent.
Look for a Nationwide ‘Footprint’              Recycling              Recycling / Sorting              Sort / AuditConfide...
Asset Retirement Program–   Elements to Consider                                                         1 time pickup    ...
Asset Retirement Program –   Development of Continuum                   i ng                                            up...
Bringing ‘Peace of Mind’ to IT    Asset Retirement• Reduce your Liability in 3  Areas:  – Environmental  – Data           ...
Vito ArminioVito.arminio@lifespanrecycling.com          858-729-0289
Interested in data center security and disaster recovery?     Learn about the Security and DR track at the     upcoming Fa...
Upcoming SlideShare
Loading in...5
×

Best Practices To Mitigate Risks When Retiring IT Assets

632

Published on

This presentation was given during the Fall 2012 Data Center World Conference in Las Vegas, NV by Vito

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
632
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • We audit our Denver facility every quarter. Other DAM’s are once a year for insurance and ECHO
  • Transcript of "Best Practices To Mitigate Risks When Retiring IT Assets"

    1. 1. Interested in data center security and disaster recovery? Learn about the Security and DR track at the upcoming Fall 2012 Data Center World Conference at: www.datacenterworld.com.This presentation was given during the Spring, 2012 Data Center World Conference and Expo.Contents contained are owned by AFCOM and Data Center World and can only be reused with theexpress permission of ACOM. Questions or for permission contact: jater@afcom.com.
    2. 2. Vito ArminioVito.arminio@lifespanrecycling.com 858-729-0289
    3. 3. Bringing ‘Peace of Mind’ to IT Asset Retirement• Reduce your Liability in 3 Areas: – Environmental – Data Privacy – Reputation Confidential – not for distribution without LifeSpan’s written consent.
    4. 4. Equipment Retirement - Issues • E-waste is the fastest growing portion of the entire waste stream, growing two to three times faster than any other waste stream. It is the largest single source of lead in municipal solid waste (about 30%).  The United States faces a unique challenge regarding the disposal of obsolete computer equipment on a national and global scale.Confidential – not for distribution without LifeSpan’s written consent.
    5. 5. Asset Retirement - Drivers • Increased focus on asset management  Must manage TCO • Environmental liability / data security  Detailed reporting and auditing • Multiple locations, distributed IT equipment  Complex and costly logistics • Greater corporate and environmental regulations  Increased scrutiny and accountability for tangible and intangible assets.Confidential – – not for distribution without LifeSpan’s written consent. Confidential not for distribution without LifeSpan’s written consent.
    6. 6. IT Asset Management Process Sources: Gartner, IDC Relative Cost Maintenance Procurement Deployment Retirement Requisition Beginning of lifecycle End of lifecycleConfidential – not for distribution without LifeSpan’s written consent.
    7. 7. Why Can’t We Just Throw it Away?• All E-Waste types – Computers & Monitors – Printers & Peripherals - Complex Circuitry Items – Materials Toxic to the Envt. • Lead • Mercury • Cadmium • Gallium Arsenide • Barium Confidential – not for distribution without LifeSpan’s written consent.
    8. 8. Bringing Peace of Mind…• Department of Commerce report estimated that in 2006, 50% - 70% of electronic waste was exported to developing countriesConfidential – not for distribution without LifeSpan’s written consent.
    9. 9. Environmental Risks • Comprehensive Environmental Response Compensation and Liability Act (CERCLA) – a.k.a. “Superfund” – Certificates of Recycling –”certification” – Deep Pockets Ruling • State by State Regulations – What’s legal in one state is illegal in another • A ‘Certificate of Recycling’ is meaningless • Ask for Pollution Liability Insurance - $5 MillionConfidential – not for distribution without LifeSpan’s written consent.
    10. 10. Environmental Liability:Confidential – not for distribution without LifeSpan’s written consent.
    11. 11. Credit Card Log FileConfidential – not for distribution without LifeSpan’s written consent.
    12. 12. Point of Sale Log File – Credit Card NumbersConfidential – not for distribution without LifeSpan’s written consent.
    13. 13. Outlook – Outlook.pstConfidential – not for distribution without LifeSpan’s written consent.
    14. 14. Accounting System – Social Security NumberConfidential – not for distribution without LifeSpan’s written consent.
    15. 15. Data Destruction Dilemma Revenue or Neutral/Cost • Physical Data Destruction – Crushing – HDC – Shredding – Service / Equipment – Visual verification • Sanitization – Single Pass, Triple Pass, 7 pass, 29 pass, zillion pass – DBAN – Active Killdisk – Ontrack – Data Erasure – Blancco • DegaussingConfidential – not for distribution without LifeSpan’s written consent.
    16. 16. DegaussingConfidential – not for distribution without LifeSpan’s written consent.
    17. 17. Profile Privacy Breaches • Identity Theft - On the rise – 22.4 Million Sensitive Records Breached in 2011 – Costs $53 Billion annually – Costs $4,800 per individual – Costs public companies – 5% stock value • Sony • Epsilon • HealthNetConfidential – not for distribution without LifeSpan’s written consent.
    18. 18. Confidential – not for distribution without LifeSpan’s written consent.
    19. 19. Bringing Peace of Mind to Data Privacy • Look for a NAID Certified Service ProviderConfidential – not for distribution without LifeSpan’s written consent.
    20. 20. Considerations for Process Enhancements • Chain of Custody – How long do drives sit around before destruction? – Where/How are they stored? – Can they accidentally be picked up for reuse? • Quality Assurance on Sanitization – How are disks validated? (Every day, lot, each… never) – Forensics Software? • Encase • RTT Toolkit – Different types of interfaces – SCSI, FibreChannel • MOST IMPORTANT: Process and Controls – Its Usually Human ErrorConfidential – not for distribution without LifeSpan’s written consent.
    21. 21. Considerations for Process Enhancements Where things go wrong: Physical Destruction • No timely destruction - they sit around • Mistakened for wiped drives –so not crushed • Inadvertent reuse Sanitization • Little or no QA/QC • False negatives from faulty hardware • Interfaces • Mistakened wipe drivesConfidential – not for distribution without LifeSpan’s written consent.
    22. 22. Considerations for Process Enhancements NAID (Preliminary) •Physical Destruction Process Outline: – IT, Surplus or Vendor Team removes equipment from end user – transports and places in secure area – Equipment is cataloged – Drive is removed and cataloged – Immediately crushed – Subsequent shredding for recyclingConfidential – not for distribution without LifeSpan’s written consent.
    23. 23. Considerations for Process Enhancements NAID (Preliminary) • Sanitization Process Outline – IT, Surplus, or Vendor Team removes equipment from end user – transports and places in secure area – Equipment is cataloged – System is sanitized – Forensics verification – manager, outside firm – Labeled – Drive is removed and cataloged – System is sanitized – Forensics verification – manager, outside firm – LabeledConfidential – not for distribution without LifeSpan’s written consent.
    24. 24. Solid State Hard Drive TechnologyConfidential – not for distribution without LifeSpan’s written consent.
    25. 25. Solid State Hard Drives • Reverse Engineered to mimic Magnetic HD Magnetic Architecture • Flash Translation Layer • Lack of G-List SSD HD • In the race to go to market, SSD manufacturers were inconsistent in their adherence FTL to the SATA standard. • This has rendered wiping/sanitization software unable to perform a conclusive validation.Confidential – not for distribution without LifeSpan’s written consent.
    26. 26. Are You Protected in the Event of a Data Privacy Breach? • Do they have sufficient insurance? $1M Errors & Ommissions • Privacy Liability ($250,000) – Notification/Credit Monitoring – Public Relations Expenses • Bodily Injury Coverage – For those who claim emotional distress & mental anguish • Hammer Clause (for frivolous suits) • You shouldn’t have to worry about if a claim will be paidConfidential – not for distribution without LifeSpan’s written consent.
    27. 27. Data Privacy – Have You Considered… • Digital Copy Machines contain Hard Drives – Capture image of every page copied • High-end Printers contain Hard Drives • Smartphones & Blackberries – Should be treated just as carefully as loose hard drives – Sanitize Data/Shred SIMM CardConfidential – not for distribution without LifeSpan’s written consent.
    28. 28. Reputation Risk • Many nationwide companies rely on smaller local recyclers, creating inconsistent practices on how materials are retired from region to region. • Often “sham recyclers” simply cross dock and export E- waste to non OECD countries. • Invariably, companies are unaware that their E-waste has not been legitimately broken down and recycled, but merely exported to countries that are unequipped to process it properly. • Environmental watchdog groups are producing exposes in order to make an example out of abhorrent companies.Confidential – not for distribution without LifeSpan’s written consent.
    29. 29. Free E-Waste “Recycling” Source: Basel Action Network BAN.orgConfidential – not for distribution without LifeSpan’s written consent.
    30. 30. Environmental - Global “Recycling” Processing Residue along Lianjiang River Hydrochloric / Nitric Acid Baths Source: Basel Action Network BAN.orgConfidential – not for distribution without LifeSpan’s written consent.
    31. 31. Reputation Liability: E-Waste ‘Sting’ Operations 60 Minutes Nov 9, 2008 Frontline, June 23 2009Confidential – not for distribution without LifeSpan’s written consent.
    32. 32. Confidential – not for distribution without LifeSpan’s written consent.
    33. 33. Look for a Nationwide ‘Footprint’ Recycling Recycling / Sorting Sort / AuditConfidential – not for distribution without LifeSpan’s written consent. 9/24/03
    34. 34. Asset Retirement Program– Elements to Consider 1 time pickup Weekly • Frequency once per year Quarterly Monthly 0 to 1 Pallets or 2 to 4 Pallets or • Space E cycle Box E cycle Box ½ to Full Truckload Coastal, Regional, • Location Single Location Campus National Plenty of Resources Need Resources Packing materials • Packing Resources to Pack Sometimes Inside Removal • Data Security Plenty of Resources Strategic In-house Do In-House Need to Check SW and/or Physical Destruction Plenty of Resources Do In-House Barcode serial #s • Audit Strategic In House Need to Check Asset tags • Recycle Transfer ownership Recycle Domestic Global Reman/Reuse No Reuse Domestic OnlyConfidential – not for distribution without LifeSpan’s written consent.
    35. 35. Asset Retirement Program – Development of Continuum i ng up on ng dit er ta n ick rt at i y cli se u t A umb Da uctio e P i ng po tics c eu l e se N tr id k s Re R sa As rial t Ta g es I ns P ac an is Re D Tr Log Se sse A Sample LifeSpan Service ProgramsConfidential – not for distribution without LifeSpan’s written consent.
    36. 36. Bringing ‘Peace of Mind’ to IT Asset Retirement• Reduce your Liability in 3 Areas: – Environmental – Data Privacy – Reputation Confidential – not for distribution without LifeSpan’s written consent.
    37. 37. Vito ArminioVito.arminio@lifespanrecycling.com 858-729-0289
    38. 38. Interested in data center security and disaster recovery? Learn about the Security and DR track at the upcoming Fall 2012 Data Center World Conference at: www.datacenterworld.com.This presentation was given during the Spring, 2012 Data Center World Conference and Expo.Contents contained are owned by AFCOM and Data Center World and can only be reused with theexpress permission of ACOM. Questions or for permission contact: jater@afcom.com.
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×