Security and liquidation: Best practices for IT assets

Sep 1, 2002 12:00 PM, By ASAD HAROON


         Subscribe in NewsGator Online   Subscribe in Bloglines

Every company has to deal with the problem of surplus goods. For many, surplus takes the form of idle operating assets such as excess office equipment and furnishings. Most products eventually become obsolete and are replaced with newer versions. IT companies and departments are usually the busiest when it comes to surplus disposal because of the fast obsolescence of IT assets. The speed at which technology moves requires them to upgrade and purchase new systems regularly. Disposing of IT assets is not as simple as disposing of excess inventory of office furniture or supplies. IT assets require their own security checklist to ensure the data is sufficiently removed.

Excess inventory cuts into profits

According to the Investment Recovery Association, it is estimated that the market for all business surplus is $350 billion annually. The annual investment companies make in maintaining inventory represents between 20 percent and 40 percent of invested capital. For every dollar worth of inventory reduced in surplus goods, net income is increased by the same dollar. With good inventory management practices, companies can free cash flow and make a significant contribution to the company's bottom line. Because these numbers can be staggering, all departments, especially IT, must optimize the utilization of assets and recuperate the value of assets no longer needed by identifying and reusing or disposing of surplus.

There are no laws governing IT security issues relating to disposing of surplus. The Gramm-Leach-Bliley Act applies to privacy of financial records, and the Health Insurance Portability and Accountability Act (HIPAA) applies to the privacy and security of medical records. Compliance with these acts requires that IT assets containing sensitive and private data be erased from every system before it is sold. Managers know it has to be done, the question is how to do it.

Every IT department has an internal system for cleaning systems and emptying data. Hard drives need to be thoroughly erased in case they contain proprietary information. If this information is left on the system and not properly formatted or destroyed, it can easily get into the wrong hands. Hackers look for partially clean computers, as they are vulnerable targets.

The company being attacked would have no means of knowing that confidential data had been stolen.

What To Do

  • All sensitive data must first be removed

    Note that files deleted through ordinary means can usually be recovered. Regular formatting of the hard drive is not enough because it leaves the data and only removes the directory structure. A low-level format should remove all traces of the data. Commercial software must also be checked for worms and viruses. Since hardware and commercial software may have been part of the sale negotiation, it is important that the software license agreements are not violated. Check with the purchasing department and contracts before the final transaction.

  • Asset tags and other identifying seals should be removed before disposal

    If the tag is still attached to the system, the buyer can identify the original or previous owner who usually doesn't want his identity revealed. Even if anonymity isn't a concern, it is important that all assets and other identifying tags be removed to ensure the security of the entire system.

  • A physical check is required

    Remove floppy and hard disks and CDs left in the drives. The physical check is often overlooked and often the most important. Another way to eliminate security issues is IT recycling — it works well when dealing with security issues, but will greatly reduce the value of IT assets. IT recycling requires breaking apart the equipment, deleting the drives (scrubbing) and then selling the individual parts of the system. From a security perspective, this solution makes it harder to identify previous owners. And, if the systems are from a highly-sensitive or top-secret environment, this might be the best way to recover some money without being at risk.

For the record

About the Author

Asad Haroon is vice president of business development at Washington, D.C.-based Liquidity Service Inc. He can be reached at asad.haroon@liquidation.com

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Resources

Back to Top