IAITAM Warns of Growing "Low-Tech Breach" Danger in Absence of Proper IT Asset Disposal Procedures
As companies invest billions of dollars in increasingly expensive
personnel and systems to frustrate breaches that originate inside and
outside of their organizations, many are overlooking a more obvious fix:
the institution of IT Asset Disposal (ITAD) process as part of a formal
IT Asset Management (ITAM) program, according to a warning issued today
by the International Association of IT Asset Managers (IAITAM).
IAITAM President and CEO Dr. Barbara Rembiesa said: "The whole idea
behind ITAD is simple:If you buy a piece of hardware you need to
track it and be aware of it from the moment you acquire it until its
destruction or other handling is confirmed.If you can buy it,
you can track it.A company can throw all the billions it wants
at CIOs, cybersecurity divisions and the like, but if it does not have
ITAM procedures in place, it is not secure. Absent or incomplete ITAD
procedures are problems that grow each year as the business world's
reliance on technology grows."
Frauds pretend to be following the EPA requirements for disposal of
electronic scrap and the device is then discovered in a landfill in a
developing nation;
Data thieves steal equipment right from a slipshod disposal vendor's
truck en route; and
Forgotten hard drives disappear from unsecured storage closets.
ITAD is defined as "the business built around disposing of obsolete or
unwanted equipment in a safe and ecologically-responsible manner." Best
practices vary depending on organizational size, type of business,
whether the assets are leased or owned, and other factors.
Choosing the correct disposal vendor: Remember that the organization
that owns the equipment is responsible for both its actions as well as
their vendor's actions. The vetting process is paramount to
maintaining data security, avoiding data breaches, bad press, and
financial losses.
Services should include secure pick up, delivery, and disposition
documentation: Disposal security insulates the organization from
theft. The best way to properly mitigate the liability is to conduct
fundamental practices such as researching and using a reputable vendor.
Certified data drive sanitation or destruction: Data drives should be
wiped by the originating organization before they leave its site. The
drives are wiped again by a disposal vendor and certified as cleaned
and/or destroyed per the requirements of the organization. Some
organizations use various industry standards such as the DoD or COBIT
disposition standard. A COD (Certificate of Disposal) should be
provided.
Remarketing all viable equipment: Assets that are less than four years
old commonly have resale value. Many reputable disposal companies are
proficient in an asset valuation process.
Compliance reporting: Compliance reporting, whether done manually or
automated, is critical to providing evidence to auditors. If devices
are not being tracked through such a reporting process, they are prime
candidates for going astray.
Program and policy development for asset disposal: A formal ITAD
process as part of a full-blown ITAM program is necessary for any
organization that is serious about proper control of its IT assets
from the moment that they arrive until the time of their eventual
disposal.
ABOUT IAITAM
The International Association of Information Technology Asset Managers,
Inc., is the professional association for individuals and organizations
involved in any aspect of IT Asset Management, Software Asset Management
(SAM), Hardware Asset Management, Mobile Asset Management, IT Asset
Disposition and the lifecycle processes supporting IT Asset Management
in organizations and industry across the globe. IAITAM certifications
are the only IT Asset Management certifications that are recognized
worldwide. For more information, visit www.iaitam.org,
or the IAITAM mobile app on Google Play or the iTunes App Store.
via IBN - Nilam Resources, Inc. today announced that it has appointed Pranjali More as Interim Chief Executive Officer and addresses current developments regarding trading status and the status of the agreement with Xyberdata and Mindwave. Prior to...
Inventronics Limited ("Corporation") (IVX:TSX Venture), a designer and manufacturer of enclosures for the telecommunication, cable, electric distribution, energy, and other industries in North America, today announced its 2023 audited annual and...
Global design company, West Elm, a portfolio brand of Williams-Sonoma, Inc. , the world's largest digital-first, design-led and sustainable home retailer, announced today the launch of a new mobile iOS design and shopping app. Developed with the...
Today Domo announced at Domopalooza: the AI + Data Conference enhancements to Cloud Amplifier, the company's multi-cloud data offering, to enable users with the powerful and flexible tools they need to fully integrate with multiple cloud data...
Nuvve Holding Corp. (Nuvve) , a green energy technology company that provides a globally-available, commercial vehicle-to-grid (V2G) technology platform designed to enable electric vehicle (EV) batteries to store and resell unused energy back to the...
The Rett Syndrome Research Trust (RSRT) is proud to announce its partnership with PMD Solutions, a leading provider of innovative healthcare technologies, in their upcoming biosensor validation study called VIBRANT. PMD Solutions will generously...