3 Factors Shaping the Future of Secure ITAD

With IT infrastructure underpinning every facet of our daily lives, the question of how we handle end-of-life devices continues to mount. So, what are some of the trends driving the future of secure ITAD (IT asset disposition), particularly when it comes to storage devices?

---

Wherever there are data storage devices, there’s a need to reuse, recycle, or dispose of them securely at the end of their lifecycle. As storage needs change, so do the methods and standards informing how data storage devices are retired. 

Here’s a look at the changing state of hardware reuse, and how an ITAD service can keep you not only compliant but ahead of the game when it comes to secure disposition. 

1. Changing Sanitization

Whether you’re retiring individual drives or decommissioning a whole data center, properly sanitizing drives is paramount. The costs of failure to do so are steep. 

Changing technology means new challenges. With HAMR drives on the market, areal density is increasing. This means that data can be recovered from small shreds of drives by bad actors with the right equipment. That is why shredding is no longer best practice.

Companies are increasingly under pressure to find greener alternatives to the physical destruction of drives. The National Renewable Energy Laboratory (NREL) estimates that 20-70 million HDDs reach the end of their lives each year. Unfortunately, most of these drives are destroyed. That’s a lot of e-waste! No wonder organizations such as the Circular Drive Initiative are pushing to increase awareness of ways in which companies can green their hardware lifecycles.

Options for Degaussing

Drive destruction is far from the only way to erase data. On hard drives, data is stored magnetically. By disrupting the magnetic field on the disk, data can be wiped. 

This sanitization technique is called “degaussing,” and the devices which do so are “degaussers.” 

Automatic degaussers are what they sound like: insert an HDD into the machine, and it comes out with data completely removed (provided the magnet is strong enough). While it can cost upwards of $15,000 for a state-of-the-art device, they can also be rented.

As magnetic media evolves, sanitization requires stronger magnets. The “magnetic coercivity” of the degausser needs to be about 2-3 times as strong as that of the magnetic media on which it is stored. This becomes challenging, as magnetic coercivity of disk media is increasing.

Unlike melting or incineration, degaussing leaves rare metal components intact, which can then be extracted and recycled. On the other hand, degaussed drives are rendered unusable, because the process removes any firmware that comes with the device.

Logical Techniques

Logical techniques have long been around, but the need for green ITAD is increasing their importance, as they enable drive reuse. These techniques be categorized as “clear”, which wipes all addressable locations, and “purge”, which makes data retrieval infeasible even for state-of-the-art laboratory techniques.

For logical techniques in each category, the specific procedure varies according to the interface and media type in question. A typical purge method involves overwriting data with a sequence of 1s and 0s, followed by a random character. Another crucial part of the procedure is verifying that the characters have been properly written.

How Secure ITAD Can Help: An effective ITAD company will work with you to develop a lifecycle plan for your drives. It can help you determine which sanitization techniques are the best fit for your chosen plan, and can help you get access to any necessary hardware and software.

Logical techniques, degaussing, and physical destruction all have their pros and cons. But they have this in common: when used properly, they render the retrieval of drive data infeasible. 

When used properly. There’s always that catch. Which brings us to…

2. Changing Standards

To some, physical destruction just feels safer. No more drive means no more data!

But this isn’t quite right. All data sanitization comes with risks. After all, what if a drive marked to be destroyed is instead misplaced? 

The moral: when it comes to sanitization, standards and airtight procedures are everything. No wonder, then, that much of the innovation in ITAD comes from refinements of the standards themselves. Right now, the gold standard of standards is the new IEEE 2883, which clarifies terminology and paves the way for green ITAD.

In addition to enabling security and efficiency, updated standards can improve the market for used storage devices.  Currently, reuse markets are very much buyer beware. With better and more widely held standards, it will be clearer to all parties just what constitutes proper sanitization, increasing trust.

Problems With Older Standards

Why is improvement necessary? Standards such as NIST 800-88 often provide recommendations, rather than strict compliance conditions. Old standards can also be vague, containing unclear terminology and failing to pinpoint which techniques work best for state of the art devices.

Old standards were also inefficient. The old Department of Defense standard, DoD 5220.22-M, set a bad precedent in requiring three passes of logical erasure. Though not intended for civilians, early tech companies followed suit. Compare this to cryptographic erase, which renders data inaccessible in the blink of an eye by changing the encryption key.

Greener Standards

The new standard, IEEE 2883, is already shaping the future of secure ITAD. It aims to eliminate ambiguity and encourage greener ITAD practices. It gives clear criteria for compliance, and specifies appropriate clear, purge, and destruct methods by interface and media type.

IEEE 2883 is specifically focused on procedures for wiping a drive, and verifying that it has been wiped. Other standards are more expansive, and govern the indirect impact which data center operations have on the environment and society.

Consider R2v3, which is the most recent version of a standard developed by the Sustainable Electronics Recycling International (SERI). R2v3 involves a rigorous reporting process, and requires that a company show that it’s opted for reuse wherever possible, and the greenest available method of disposal when reuse isn’t an option. This includes activity that happens off-site, requiring transparency when a company outsources activity to locations which are not themselves R2 certified. 

“An R2 Facility shall develop in writing and adhere to a policy stating how it manages used and end-of-life electronic equipment, components, and materials一with respect to off-site and on-site activities, as well as the selection of downstream vendors一that is based on a hierarchy of responsible management strategies.”

Section 2. (a) of R2v3.

How Secure ITAD Can Help: Standards and legal requirements are always changing. Keeping compliant with multiple interlocking security and ESG standards can pose a challenge. An effective ITAD company will help you keep on top of it, securing and greening your hardware lifecycle while helping you provide detailed documentation to prove compliance.

3. Changing Society (ESG)

Pulling back a bit, one broad theme driving demand for secure ITAD is the increasing focus on environmental, social, and governance (ESG). Data security used to be the overriding concern, but now corporations are under increased pressure to provide ESG reporting. 

This shift has many causes. One is greater public awareness and concern about environmental issues, as climate change begins to impact everyday lives. Another cause is the rise of activist investing, which is becoming more common. While not all activist investors are promoting social and environmental causes, many do so. 

What does ESG require?

The term “ESG” covers a rather vague grab-bag of concerns which, while individually important, don’t connect as much as one might have thought.

The “G”, “Governance”, includes things such as transparency and security, touching on themes already discussed. “Social” matters are broad, and can encompass everything from employment and labor practices to digital equity programs. Environmental concerns include greenhouse gas emissions, but also reduction of e-waste and proper handling of hazardous chemicals. 

How to meet ESG requirements? As with security, everything comes back to standards. Here though, the situation is even more complicated, with a myriad of new standards vying for the business world’s attention. In addition to R2v3, there are more general sustainability standards such as SASB and GRI, and initiatives such as the Carbon Disclosure Project and U.N. Sustainability Goals. 

Despite the wide range of standards to consider, there are many reasons why ESG is important. Firstly, it helps attract investors. It also helps companies get ahead of potential future regulations. Finally, ESG streamlines operations and mitigates risks. 

How Secure ITAD Can Help: ITAD is more than just a cost saver. It can also help you burnish your brand and give you a reputation of excellence in ESG. ESG is so broad, and there are so many competing standards, that it can be difficult to know where to start. A quality ITAD service can help you set reasonable goals, and rework your practices to better attract consumers and investors.

The Future of Secure ITAD

When reallocating used hardware, there’s a lot to keep in mind. There’s the security angle, as well as the need to reduce e-waste and meet ESG goals. Finally, there’s cost and efficiency to consider. 

Thankfully, even in an ever-shifting regulatory landscape, it’s possible to hit multiple birds with one stone. Changes in sanitization procedures and ESG practices are often really changes in standards. 

You don’t need to reinvent the wheel一you just need to take care that all drives are verified as wiped, and a secure chain of custody is established. A responsible ITAD firm will help you meet stringent criteria for proper sanitization and disposal.

For expert support with your secure ITAD needs, speak with a Horizon representative.