As we discussed in the previous blog, hard drive RMA management is an oft-overlooked component of data center ITAD programs. Return Merchandise Authorizations (RMA) is when the manufacturer accepts and reimburses customers for failed hardware under warranty, usually for a credit or replacement. When data center hard drives fail and are removed from the production host system, they must be tracked with strict serialized chain-of-custody. The data must be eradicated, and asset management records should be updated accordingly. Unfortunately, most data centers lack a well-defined RMA process.
In this blog, we’ll explore the Total Return implications of RMA management in triple-bottom line terms: security, financial, and environmental. And cover some best practices to greatly improve return on investment from your data center decommissioning and break-fix management activity.
Implications of Data Center RMA for Total Return ROI
Let’s explore the Total Return ROI impact from RMAs in terms of the three main pillars of data center hardware decommissioning and IT asset disposition:
- Manage hard drive data security. As we discussed in Data Erasure Yield: The Hidden Value Killer in Data Center ITAD, when a decommissioned hard drive is not put through a data erasure process, or when the data erasure process fails, the most common practice in ITAD is to shred failed hard drives. However, unlike data sanitization, shredding a hard drive has no paper to verify with full certainty that the data was actually destroyed. This is because shredding is a largely manual process where it’s easy for hard drives to get missed. In addition, there isn’t a failsafe means to systematically detect if and when any are missed, and which specific hard drives were missed. In addition, with shredded drives the data is never removed and could potentially be recovered from shredded components if not properly processed. The risk of data recovery from shredded solid-state drives (SSDs) is even higher due to how the data is stored on these devices. So, where my customer in the previous blog thought they were eliminating security risk by shredding drives, they were actually creating it. Considering it costs U.S. companies $7.35 million per data breach on average, that’s a huge risk to take. To learn more about the data security implications of RMA management, read Challenges in Data Center ITAD: Onsite Data Security.
- Maximize financial opportunity from decommissioned assets. In addition to data security costs are the RMA warranty values. Decommissioned drives returned under RMA can range from as little as $200 per drive to as much as $2,500 or more per drive for enterprise-grade, high-capacity SSDs. In the table below, we’ve outlined three different financial scenarios based on the approximate size of the data center operation. This conservatively assumes that 80% of failed hard drives would be eligible for RMA at the time they are pulled from production. As you see, the financial opportunity is quite substantial no matter how big your data center operation or how high-end the technology.
Tier 3 Data Centers
Tier 2 Data Centers
Tier 1 Data Centers
As dramatic as this is, the financial considerations don’t stop there. For organizations with a shred-only policy, you can add an average shred cost of $7 per drive. Drives are often stored for some amount of time before shredding, so you’ll need to account for data center floor space that’s consumed for storage and IT labor for handling the equipment. Finally, as this case study attests, there are also significant financial considerations related to the speed, scalability, and reliability of your data erasure application. The longer data erasure takes, and the more frequently the erasure process fails, the greater the financial consequences.
- Minimizing environmental impacts from data center operations. United Nations reported that reusing computer equipment is up to 20 times better for the environment than recycling. If the security and financial considerations aren’t enough to entice you, see how your environmental health and safety (EH&S) and sustainability teams feel about shredding hard drives, the vast majority of which could be returned for RMA credit or replacement, reused, or resold. Some of our clients have millions of hard drives in their enterprise data center infrastructure, so with a 10-15% RMA failure rate we’re talking about a lot of hard drives that are needlessly entering the e-waste stream, and conversely not positively contributing to your bottom line.
Data Center RMA Best Practices
Regardless of the size of your enterprise data center infrastructure, we recommend taking the following actions:
- Review your RMA process to ensure no one is making unwarranted assumptions about the process. Document who is responsible for each step and identify your physical data security gaps.
- Sanitize RMA drives immediately. As this blog explains, only best practice data erasure provides 100% auditable certainty that data was eradicated. So even if you ultimately shred drives for extra security, erase them first so you have both a Certificate of Sanitization and a Certificate of Destruction with the serial number for each RMA drive. To learn more, read To Erase or Not to Erase: Never the Question in Data Security Best Practices by our data erasure guru Matt Mickelson.
- Measure the Total Return ROI opportunity. ITRenew has developed a proprietary Total Return ROI calculator that is used to baseline your current data center hardware decommissioning program performance and estimate the potential savings. Contact us for an appraisal, it’s quick and easy.
We welcome your questions and hope you’ll return for the final installments of this blog series as we put a bow on Total Return ROI by assessing the various productivity considerations and opportunity costs.