In our blog series thus far, we’ve admittedly focused primarily on the “problems” associated with data center IT asset disposition. This has included the following viewpoints:
- Very few companies seek out and use a specialized IT asset disposition solution for data center decommissioning despite the rationale that using a “general ITAD” solution is akin to seeing a family practitioner for a brain trauma.
- Data center ITAD and general ITAD, like baseball and cricket, may appear to be similar, but they are distinctly different in ways that require unique strategies to win.
- While the ITAD industry is considerable in size and is rapidly growing, it’s lagging for the most pressing area of need (in the data center) and for the highest priority objective of eliminating data security risk.
- Data center decommissioning is wrought with operational challenges, IT asset security challenges, and onsite data security challenges that ITAD solutions created long ago for corporate IT are simply not cut out to handle.
Helping companies understand these inherent issues with ITAD, we believe, will help them make a more informed decision when selecting a data center decommissioning service provider and a data sanitization platform. But now, let’s shift gears and talk about the solutions associated with data center IT asset disposition.
The DO’s in Data Center ITAD
No matter how big or what kind of data center decommissioning project, from an IT refresh or upgrade, a data center consolidation, migration or shutdown, or an IT lease return or trade-in, follow these best practices to greatly improve your results:
- Erase data onsite and in-cabinet, as data center IT equipment leaves production. For corporate ITAD, it’s not very common to erase data onsite. To some extent, this is for good reason. Corporate workforces are highly dispersed, often where few if any IT resources physically reside, making the technical ITAD process, and the verification of said process, a bit challenging. Secure transport of dispositioned hardware, while still costly, is more practical and economically feasible for corporate IT. In larger corporate environments and IT campuses though, erasing onsite over-network is recommended.
In the data center, erasing data onsite should be a must do. And whenever possible, data should be erased with hard drives remaining inside servers and racks, also referred to as in-cabinet data erasure. When hard drives are removed from IT hardware, security risks immediately arise and costs invariably increase. Loose drives must be meticulously accounted for at all times, which unfortunately is not often the case. And don’t think for a second that people in and around data center IT aren’t keenly aware of the value of private information on the black market. If you can’t account for every loose hard drive and what data is on each, then you’re at risk to breach.
The best practice solution is to erase data as IT equipment comes offline and out of the data center production environment. This process requires network-based data sanitization scalability to efficiently erase mass-capacity data center storage. This ITAD process should include a Certificate of Sanitization demonstrating successful, sector-verified erasure for each serialized hard drive.
When erasing entire server racks with hard drives intact, the process should also identify any hard drives that failed to erase, including the serial number and exact location. This information is used to ensure that those drives can be quickly removed and destroyed before transport. As our data erasure expert Matt Mickelson explains in this blog, if you cannot locate and pull every hard drive that failed to erase, then you must handle every hard drive in that rack as if it contained data, which defeats the purpose of erasing data in-cabinet.
It’s additionally important that the data erasure software document the parent-child relationships between the racks, the servers, and the internal hard drives, especially if data is not being erased onsite. Otherwise, data-bearing hard drives could go missing in-transit and may not be discovered until it’s too late, if ever. For more on this topic, read Challenges in Data Center ITAD: IT Asset Security. Teraware not only captures the host-to-disk relationship, but writes an encrypted, random signature to the drive so that successful erasure can be uniquely verified upon receipt at the ITAD facility.
Of course, hard drives commonly fail while in production at the data center and when they do, those drives must be removed. ITRenew developed the Break-Fix Terabot to efficiently erase loose drives, and to physically crush any that cannot be erased on the spot, with a Certificate of Destruction provided for auditing purposes. This type of data erasure utility should be a fixture in every data center, purposely built for the different sizes, capacities, and volumes of hard drives deployed in the data center.
Read this blog to learn why most companies do not erase data onsite, and how to overcome these common objections.
- Focus on data erasure and reusable hardware yields at the data center. If you’re someone that’s involved in ITAD or any area of IT, think of all the metrics used to measure performance and compliance. Do you have one, or have you even heard of one, that measures data erasure “yield”? Or, in other words, how often the data erasure process results in a verified successful disk erasure?
Have you ever stopped to think what a reasonable hard drive erasure yield should be? In our experience, we’ve found most data erasure tools used for ITAD have about a 50-60% yield. The rate will vary based on a variety of factors including the health, size, and type of hard drive as well as the different storage technology. Teraware, on the other hand, has an ITAD industry-best 95+% data erasure success rate overall. Our rate consistently comes in around 99% on mass data center decommissioning projects, when we are erasing entire racks at a time over network without ever removing the hard drives from the server cabinet or their chassis.
If you’re not already measuring yield (and I personally know of very few companies that are), then demand that your ITAD vendor provide yield statistics, including a breakdown on which drives are failing to erase. Some data erasure tools are completely unable to erase solid-state (SSD) and high-capacity drives, among other newer storage technology. Unfortunately, those are the types of drives commonly purchased for data centers 2-3 years ago and are beginning to come out of service in mass quantities. If your data erasure yield on those is 0%, you’ll want to know sooner than later. Learn why ADISA certification matters in data sanitization yield in Data Erasure Certification: Don’t Just Take My Word for It.
When data erasure fails, there’s a ripple-down effect that includes additional cost to destroy drives: lost remarketing and RMA value, lower IT sustainability and, most importantly, inferior protection against data breach. Monitoring yield rates will help you pinpoint where problems exist and initiate corrective action.
- Choose a data center ITAD specialist as an IT hardware-remarketing partner. As our data center remarketing expert Kyle Roche explains here, data center IT equipment typically holds much greater residual value at decommission than corporate IT, and the components are sometimes worth more on the secondary market than the entire unit. The end user marketplace for data center IT equipment is also much smaller, which forces most ITAD companies to utilize broker channels, particularly when volumes are high. A data center specialist will understand these challenges and have capabilities to capitalize on the remarketing opportunity.
For example, in the data center, it’s common for ITAD projects to be put out to bid. Typically, service fees associated with IT asset recovery, data erasure, and e-waste recycling are buried in the bid price. However, few if any reputable ITAD service providers or remarketing brokers will take on the full liability that’s associated with the bid model. Therefore, many ITAD companies decrease their bid upwards of 70% to allot for uncertainties in the IT aftermarket. Since many remarketing products are subject to commodity constraints, meaning their price fluctuates based on supply and demand, prices go up and down daily as if it were its own stock market. This fluctuation materializes itself as liability, and one wrong move can spell disaster for the ITAD service provider. So, IT remarketers will adjust their bid prices accordingly. However, if those ITAD providers sell high, the customer does not see a penny more.
A true data center IT remarketing specialist will instead utilize a revenue share model between the company and ITAD provider because, when executed properly, it will deliver greater return for both them and the customer. Under revenue share, the ITAD customer will receive a pre-determined consignment share (typically 75%) of the remarketing proceeds, after ITAD costs have been deducted. For this model to be more rewarding for both parties, the ITAD vendor must be intimately familiar with data center IT equipment, the niche secondary market of buyers, and the economics of selling mass quantities of like, high-value products.
A true data center IT remarketing specialist will also know the optimal velocity to release data center IT products into the secondary market so as not to deflate prices, and when it’s better to sell product as whole units or parts. The ITAD provider will have developed specialized, direct-to-end-user channels to move the high-volume, high-value data center gear at or above fair market values, so that broker channels aren’t necessary. And they will also have the financial wherewithal to wait out market conditions to sell equipment at its highest price point. Many larger ITAD companies are publicly held or have major investment partners. Often, they will sell off client equipment as needed to satisfy sales revenue projections. This benefits the provider and its investors, but is not always in the best financial interests of the customer.
A data center ITAD specialist will also use software designed for data center. Yield rate will dictate how many drives are preserved for remarketing and will allow servers to be sold as fully functional systems, netting a much higher resale price.
Specialized data erasure software will also discover full configuration details of the equipment onsite. Companies are often unable to provide this information upfront, and if the IT equipment is put out to bid, offers will be lower to account for the configuration uncertainties. Even in a consignment model, if you don’t know exactly what you have and the approximate value, you are left to accept whatever your ITAD vendor says its worth after you’ve already incurred the logistics expense to transport this massive equipment. With Teraware, we can often have IT equipment sold before it hits our docks because we know exactly what we will be receiving, plus the software puts equipment through stress-testing to help ensure extended secondary life. If any repairs or upgrades are necessary, we can also requisition parts in advance so sales can be turned quickly.
In the next installment, I will cover the “don’ts” in data center ITAD, or in other words, what you want to avoid doing when it comes to data center decommissioning.