Covid’s Impact on IT Asset Disposition
Over the past few years, the COVID-19 pandemic has changed the way businesses and organizations operate, with remote work being the new normal, and physical contact with outside services becoming much more limited.
As the world turns in these unprecedented times, IT asset disposition (ITAD) and data security have been subject to several changes. This article will explore how many operators have had to respond to these new and unique circumstances, considering both the difficulties faced as well as the opportunities that have arisen.
Remote Work Becomes Mainstream
At the onset of the pandemic and resulting lockdown, most ITAD leaders agreed that it was a complete shock, and uncertainty loomed within the industry. Despite this, optimism remained that the situation may be temporary. A survey conducted by i-SIGMA revealed that 70% of respondents anticipated business would return to normal within three months.
Contrary to expectations, the shutdown persisted, and clients were forced to adapt. Astonishingly, corporate HR managers reported that employees could be even more productive working remotely than when they were in an office environment.
At the close of 2021, it became apparent that remote workforces were here to stay. This led to an expansion in expectations for IT Asset Disposition (ITAD) when it came to collecting devices from those working remotely. The challenge then became, how can companies efficiently manage the influx of devices during technology refresh cycles?
“Devices were quickly deployed across millions of home offices, creating security and compliance challenges at every stage of the asset life cycle,” Angie Singer Keating CEO of Reclamere, Inc. stated. “The challenges for service providers are great, but so are the opportunities for service providers that can provide a secure compliance solution.”
Collecting IT Assets Via “Box” Programs
For many ITAD leaders, a “box” program was seen as the most effective collection solution for unwanted IT items. After researching nearly 100 NAID AAA Certified ITAD service providers, it turned out that roughly one-third provided parcel shipping options to help clients in consolidating discarded IT equipment.
The debate continues surrounding the advantages of parcel returns, in terms of both efficacy and profitability.
“We had a box program prior to the pandemic, and during the shutdown promoted it as a solution for clients struggling to find secure disposal options,” Glenn Laga, president of Guardian Data Destruction commented. “It was a way for us to be responsive to clients’ needs and has proven to be very popular.”
Others, like Neil Peters-Michaud, the CEO of Cascade Asset Management, acknowledged that its legacy parcel return program is still being utilized by customers. However, he has not seen a noticeable surge in returns since it was implemented.
“Our box program predates the lockdown,” Peters-Michaud states, “but we have not seen a dramatic increase in direct inbound shipments since the beginning of the pandemic. More commonly, at least for us, is the scenario where clients are using parcel returns to aggregate devices internally prior to proper disposal. Commonly, we see this being done in conjunction with the distribution of new devices where the same box can then be used to return the obsolete asset directly to client’s operation.”
According to the CEO of RetireIT and ITCentral, Kyle Marks, it is only possible for box programs to succeed when there is strong leadership and responsibility at the corporate level.
“It’s neither effective nor profitable for a program to depend on employees who may have only been given a general or loose directive to ship IT assets to a preferred ITAD service provider,” Marks said. “Any program lacking organizational accountability and a simple, well-designed, unambiguous protocol is in no one’s best interest and likely to fail.”
Compliance Issues Arise
Pointing out the risks, Marks commented that ad hoc compliance can be dangerous for all parties involved. He noted that parcel shipment companies are very clear on their refusal to take any liability for the items transported. This puts the customer and service provider in an even more vulnerable position, especially regarding data security.
From a regulatory compliance perspective, the circumstances surrounding collections involving a third-party parcel delivery service can be challenging. On one hand, entrusting regulated personal data to third-party shippers, who explicitly disavow responsibility for such information, is an abomination to data protection rules. Yet on the other hand, failing to provide direction and options for remote workers is irresponsible. As such, both service providers and clients are caught in a dicey scenario.
“ITAD providers need to have solutions that have unbreakable chains of custody,” Reclamere’s Keating explained. “Documentation must be bulletproof, and it must be able to withstand the most rigorous audit and reconciliation processes.”
To reduce the potential for regulatory issues, several service providers are exploring innovative means of tracking parcels. Such methods include automated systems that send confirmation texts and videos with information regarding when devices reach facilities, and how items are disposed of or sanitized upon arrival.
For added safety, certain companies are utilizing shipping containers with added high-security measures. Keating’s firm, for example, offers shipping vessels that are equipped with GPS devices, as well as heavy-duty security cages, to ensure that media shipments remain protected.
Changes in Data Center Operations
Interviews with ITAD professionals revealed that data center-related projects came to a screeching halt for several months, only to be followed by booming activity as soon as they were given the go-ahead.
For many years, ITAD firms have been highly invested in managing and executing successful data center strategies. As more devices become distributed across networks, these initiatives will remain integral for the foreseeable future.
However, as competition has grown, data center ITAD work has been pushed to the limit with margins shrinking, and some even becoming unprofitable.
“Because data center operators are under significant pressure to control costs, the competitive environment sometimes motivates decision-makers to engage in risky ITAD practices,” Brooks Hoffman, principal with Iron Mountain’s Secure IT Asset Disposition team stated. “If they are susceptible to such temptations, it can be difficult for a reputable, compliant services provider to compete for their business.”
Adding that “the proliferation of strong data protection regulations along with the potential for devastating fines and embarrassing headlines are slowly improving the situation for compliant ITAD companies.”
On-Site Media Destruction Grows in Popularity
Currently, many data centers are prioritizing on-site media destruction or erasure as part of its process. Those who were consulted for this article stated that anywhere from 50% to 100% of their data center clients requested some type of on-site destruction before removal.
Dag Adamson, president of DestroyDrive, noted that ITAD opportunities with data centers have become increasingly prevalent in recent years due to the emergence of the internet of things and other networking trends.
“Data centers – and, to some degree, all offices – have media-bearing devices that ITADs overlook when assessing a client’s data protection needs,” Adamson said. “Any networked device, including routers, switches, printers and handhelds, contain information that can compromise the security of the enterprise. Bringing this to clients’ attention not only represents an opportunity, but a duty.”
John Shegerian, executive chairman at nationwide processor ERI, emphasized the importance of proactively responding to the evolving electronics stream, and the changing world to achieve ITAD success in the future. He asserted that ITAD companies with a strategy beyond expecting a return to pre-pandemic conditions are likely to thrive.
“Those of us who focused on innovation and operational flexibility over the last year are now much better prepared to handle what’s coming,” Shegerian remarked. “In sum, we have learned to do much more with much less.”
Data Protection Remains Essential
The unanimous view shared by those interviewed for this article was clear, data security continues to play an increasingly vital role in the ITAD industry, and to its clients.
As these organizations step into a new post-pandemic era, many are taking advantage of the opportunity to redefine corporate compliance strategies. Further, ITAD service providers who have managed to remain operational during Covid-19, recognize that customers who understand compliance requirements are more likely to be loyal and pay fees that can guarantee sufficient profitability for the ITAD provider too.
Even though there are still a few decision-makers who lack knowledge of ITAD processes, or have been convinced to take a “shortcut”, executives in this field recognize that the amount of people taking such risks seems to be reducing. This promising sentiment was echoed by numerous ITAD leaders.
These perspectives, coupled with recent economic projections, demonstrates that the future of ITAD is set to be prosperous.