Time, labor, and budget are precious commodities for anyone with responsibility for data center operations. As such, it’s never simply about whether you get a task done, but how long it took, how many manhours and how much budget was consumed, and most importantly whether it impacted data center uptime. Plus, as with any IT-related project, jobs must be carried out in compliance with company policies, process certification requirements, and/or regulatory mandates.
As the Vice President of Operations for ITRenew, I can personally relate to the day-to-day responsibilities of data center managers. My job is to leverage precious time, labor, and budgetary resources as productively as possible to keep the company’s facilities running at peak efficiency, and to bottom-line proficiency. The ability to do so effectively defines our overall performance.
How you measure the performance of your data center decommissioning program should be no different. Data center decommissioning is an IT asset disposition (ITAD) and data security function that can consume an inordinate amount of time, IT labor, and budget, if not managed properly. The various decommissioning, break-fix management, and ITAD security activities must be performed within prescribed policies and procedures to ensure compliance with regulatory requirements for data privacy, environmental health and safety protection, and the financial accountability for IT assets. Additionally, the data center ITAD process mustn’t interfere with operational efficiency and uptime. For more on this topic, read this blog from Jim Harris: Is Data Liability a Ticking Time Bomb for InfoSec in Your Data Center?
However, for most companies, the standard ITAD practice is to measure their data center decommissioning program based solely on these two factors:
- Service-level agreement metrics. If they hit SLAs for basic IT asset recovery, hardware remarketing, and e-waste recycling activity.
- Net hardware remarketing proceeds. Whether they receive a check or an invoice from their ITAD vendor each month, after service fees have been deducted from value recovery revenue.
While both of these are important factors, alone they don’t measure actual value being derived from the data center decommissioning program. To help data center operators measure true value in terms of optimizing CapEx and OpEx, ITRenew developed a proprietary methodology called Total Return.
During the past few months, we have produced a comprehensive blog series that details the various aspects of Total Return ROI for data center decommissioning and break-fix management. I have the honor of wrapping up this educational series by reviewing the productivity considerations of Total Return ROI. Since it’s a lengthy discussion, I will break it down into two parts. In this blog, we’ll set the stage with key assertions and discuss the productivity-related factors of the data center ITAD security process. Next week, I will conclude with the productivity-related factors of the data center erasure process and the opportunity cost implications of data center decommissioning.
Data Center ITAD Productivity Assertions
1. Data security is the driver in data center decommissioning. Protecting sensitive data is the hands-down top priority of ITAD and break-fix management activity in the data center. There is no measure of productivity that can justify a data security vulnerability, especially considering the average cost of a data breach in the United States is $7.35 million, and just one breach can irreparably damage your corporate brand. However, as our data security expert Matt Mickelson writes in Balancing Digital Security and Cost in Data Center ITAD, data center operators often invest more time and money for less asset and data security. That is not a productive outcome no matter which way you slice it.
2. Platform is the enabler. There’s one golden thread in the pursuit of Total Return: the software-driven service platform. The proper data center ITAD platform software can discover the full configuration details of decommissioned equipment, including serialized storage devices. This allows inventory discrepancies to be reconciled before anything leaves your facilities, and prevents productivity-draining breach remediation events when hard drives come up missing. For more on this topic, read Challenges in Data Center ITAD: IT Asset Security. It can also verifiably erase data in-rack and provide Certificates of Sanitization for audit trail.
The data generated from these onsite ITAD processes is then used to feed both internal and third-party systems. Data can be used to update your hardware asset management repositories and maintain accurate record keeping for financial, data security, and compliance auditing. The data created also helps verify what you shipped exactly matches what the data center ITAD service provider received. In addition, detailed asset data enables chain-of-custody tracking and inventory control from IT asset recovery through final disposition, including the trail of all commodity materials downstream.
The software should also be integrated into the entire data center decommissioning service delivery to create the ITAD platform. This is key to automating otherwise manual ITAD processes and removing the risk of human error, in addition to increasing overall efficiency and process control. Considering all that, my discussion in these blogs will be focused on the productivity gains from a software-driven, asset and data security-centric approach to data center ITAD.
Productivity from your Data Center ITAD Security Process
These are the three most common approaches when it comes to securing data during data center decommissioning, each with its productivity pros and cons:
- Shredding hard drives either onsite or offsite. This is relatively quick and efficient, but lacks a paper trail for data security auditing. If you’re shredding onsite, you’re paying considerable money to either bring external resources in, or to own, maintain, and operate hard drive shredding equipment yourself. When shredding activity is self-managed, there are also occupational safety and environmental disposal responsibilities that are assumed by your company. Another productivity issue is that hard drive shredding also destroys resale value and RMA credit opportunities. For more on this topic, read RMAs Are Oft-Discarded Valuable Assets in Data Center ITAD. Hard drive shredding as a policy is not a good environmental practice, either, as reuse is 20 times better for the environment than recycling. That said, shredding is a necessary evil when data erasure fails or for storage media that cannot be erased. It can be done with a relatively low investment of labor hours and free up data center floor space quickly. However, hard drive shredding does come with considerable expense to Total Return productivity and introduces data security risks.
- Erasing hard drive data offsite at the ITAD vendor facility. Deferring hard drive erasure for offsite processing saves time onsite, but is extremely dangerous as you are shipping equipment with massive amounts of data intact. Plus, you’re likely shipping the equipment at a huge premium for secure transport, or are otherwise exposed to considerable in-transit data security risk. If the data center ITAD service provider lacks an efficient erasure platform, those processing costs will be passed along to your company either as a line-item service fee or buried in the costs of goods sold. Also, as discussed here, conventional data erasure tools weren’t engineered for data center equipment. As a result, the hard drive sanitization process will fail upwards of 50% of the time, especially for erasing the SSD and high-capacity drives in most enterprise data centers. While erasing data offsite is efficient in the sense that you get legacy hardware out of the data center quickly, you pay higher transportation fees, expose your company to data breach risks in-transit, and your remarketing returns will suffer greatly if the erasure tools has a high failure rate. To learn more, read Data Erasure Yield: The Hidden Value Killer in Data Center ITAD.
- Erase data onsite in the data center. This is the best security option as data can be verifiably eradicated before leaving the premises. However, should the data center ITAD platform lack the efficiency, scalability, and compatibility to process the high-volume high-capacity drives, it could take several weeks to process rack configurations and generate low erasure yields. An inefficient onsite process will consume expensive IT labor and valuable data center floor space, and delay hardware refresh projects. Often, erasing data onsite is so inefficient that data center operators will opt for hard drive shredding or secure transport out of necessity. That’s what happened in this case study: shortcomings of a client’s legacy software forced their company into using less secure, costlier ITAD options.
At ITRenew, using Teraware to erase data onsite provides the best of all worlds. We worked side-by-side with some of the world’s largest data center operators in developing Teraware to solve the challenges of erasing mass storage data onsite, efficiently and reliably. Teraware wipes entire data center racks at a time, without ever having to remove hard drives from servers. This reduces onsite processing time by as much as 80% and is far more secure as you’re not turning a single device into 50-60 loose hard drives, each of which must be tracked with proper chain-of-custody controls. Teraware is also infinitely scalable as it will erase any number of drives over a private network. Plus, the software erases in parallel, which practically speaking means it can erase thousands of hard drives in the same amount of time it takes other erasure tools to wipe just one.
Most importantly, as Matt explains in To Erase or Not to Erase: Never the Question for Best Practice Data Security, Teraware delivers the very best option for eliminating physical data security risk at hardware decommission. After all, when it comes to protecting your sensitive data, is any risk management strategy short of eliminating risk acceptable?