What happens when end use computing, mobile devices and data center infrastructure reach the end of its useful life in the enterprise environment?  It turns into a major business liability.

Each week, vast amounts of hardware is discarded by corporations large and small as they replace or upgrade to newer computing hardware.  Some companies believe that they are doing the right thing during the decommissioning process by focusing on following ecologically sound recycling practices. This often includes "deleting" information or "wiping" VoIP or mobile phones to round out the end of life process.

However, once these steps have been undertaken, few firms ever take the trouble to independently audit what is left on those drives or trace where they ultimately go in their long journey after they leave. Unfortunately pressing “delete” is seldom enough.

Robert Plant, who is an associate professor at the University of Miami says:

"Security is only as strong as the weakest link. Law enforcement, the security services and industrial spies who dumpster dive (or, more accurately, bid on containers of e-waste) have the tools and the capabilities to retrieve your deleted data from sources such as cache memory and discarded routers. In addition, they can piece together data from multiple sources."

The professor goes on to cite an example that could happen at any financial services firm that does not properly vette its chosen IT asset disposal, computer recycling or data destruction partner.

Anyone who has "C" as part of the professionally assigned title, should not only pay close attention to what is spent when acquiring new IT equipment or even a new full size printer or copier, but also on future costs involved in decomissioning that asset. Environmental, data security and corporate liability are all to be equally thought about. You can not afford not to.

Perhaps for many firms it is time to start reassessing their corporate-information disposal processes. They need to stop thinking of this as a disposal problem for facilities to handle and realign this under the correct risk-management authority it truly deserves. One good place to start is to look into the costs of on-site data destruction and hard drive shredding.

On a per HDD basis, it may be the best business decision that can be made for less than the cost of a soup and half a sandwhich combo at your favorite NYC deli, pickle and sides not included.

Looking for More Info On Best Practices for EOL Equipment?

Back in April, the ITAMG blog touched on what does a gigabit network really mean.

'Without these (data infrastructure) investments, the US will struggle to lead in the development of next generation internet applications." April 26th, 2013, ITAMG

Our good friends over at the well known technology blog and research firm, GigaOM have recently wrote an article where senior writer, Stacy Higginbotham interviewed the CTO of broadband provider CenturyLink.

Within the story, one of the driving forces behind the promotion of gigabit networks within higher education, Gig U, was brought up.

Original GigaOM Article:

Summary:

CenturyLink is planning to upgrade parts of its network to

gigabit speeds with fiber to the home deployments in

Las Vegas and Omaha, Neb.In an interview, CenturyLink

CTO Matt Beal explains why.

With media heavy weights like GigaOM and companies like CenturyLink paying even more attention to broadband build outs in the US and what those mean to our finest educational institutions, things are looking up for a gigabit reality.

As this newer technology and related hardware is rolled out at campuses across the country, what will this mean for the environment, IT asset disposition (ITAD), and data security? 

Subscribe to our new and improved blog to be alerted on the follow up piece to this entry.

Ever hear of this thing called “big data”?  It is hard to visualize reams of information and how to make them useful, especially when it comes to understanding all the different kinds of data breaches and industries most effected. Creative engineers and information designers are helping the masses better make use of all this information available to us today.

There is an excellent project that the inventor of one of our favorite internet and mobile games has been working on that helps highlight this growing problem by illustrating just how much is at risk regarding data breaches.

What does this all mean?

Ever wonder how many recorded data breaches have taken place in the financial sector in the last five years?  Or, how about the number of records over 30,000  that have been compromised due to the theft of stolen media or a stolen computer?

ITAMG helps our clients protect themselves from physical data breaches that often happen when desktops, laptops, servers and even printers are retired from active use. The healthcare, academic and financial industries make up a large part of our business.

Quick Analysis

• Academic & financial institutions seems to have tightened their security since the mid 2000 – or become less attractive targets

• Gaming sites, cumulatively, account for the biggest data breaches

• Healthcare is truly truly leaky – a very worrying trend – with over 50% of the breaches coming from stolen or lost computers

• Accidental publishing seems to be a growing trend – recently with Facebook granting inadvertent access to 6 million records

David’s work can be explored here and the full range of ITAMG services offered that can help your organization not show up in the dataviz can be read about on the ITAMG website, our LinkedIN page or even our exclusive BBM Channel (C000D71D4).

All too often acronyms confuse people. According the International Association for IT Asset Management, ITAM breaks down to covering:

• SAM (Software Asset Management)
• HAM (Hardware Asset Management)
• APM (Asset Portfolio Management)

From ITAMG’s perspective on ITAM, we see hardware having three broad categories. Owned Assets (OA) are the contracts, and hardware and software entitlements covered under SAM or APM and these are areas ITAMG does not currently focus on.

The others are Discovered Assets (DA) and Fixed IT Assets (FITA). This is where IT Asset Management Group can provide your organization with assistance as part of your ITAM, ITAD and EOL processes.

IT assets are very different that most fixed assets, like your chair or a mouse pad since they do not require specific software to run or are discoverable on your network. This is a major reason why ERP (Enterprise Resource Planning) software is not the best solution for tracking IT assets. Instead, IT assets often go through an Installed Moved Added Changed or IMAC process for short.

It is hard to inventory an IT asset until software has been installed, configured and then deployed. Your organization wont often be able to collect this information into a hardware asset repository until it is connected to your network. Too many organization rely on solutions like this and they should still take the time just prior to deployment to document these assets through physical or technology assisted means. Our paper on IT asset tracking methods goes into more detail about this.

Discoverable assets are by far some of the most important IT assets in an organization since they most likely contain a CPU. This is a major reason why many organization have stopped tracking things like keyboards, mice and even monitors. These are then often considered a fixed asset. Another way, while not always thought of as discoverable, is to think about all IT assets that are capable of storing information, like on a traditional hard drive (HDD) or a solid state disk (SSD).

The thinking is not cost driven, but because a device with a CPU or HDD/SDD must have software or information to make it useable and therefore can be exploited. A Dell 19 inch LCD monitor is not often thought of as hacking target for today’s cyber security bad guys.

ITAM Success

The goals of ITAM are simple enough. Focus on compliance, improve accountability and control your inventory. Following these goals should in most cases allow your organization to save money by preventing redundant purchases over time or better time new IT purchases based on asset devaluation. It may also even allow you to better negotiate with a certain software company based in Redmond, Washington should they decide to audit your discoverable assets for proper licensing.

As hardware assets near End of Life (EOL), you will have a leg up in the decommissioning process too. Having an accurate inventory list will not only help you check off desktops, switches, servers and laptops from active to retired status, it help help your disposition partner maximize value back to your organization and minimize risk associated with any device that was discoverable at some point and/or have information stored on it.

Most importantly, the finance and security compliance people will love you. It will make what they do easier since now more than ever they are often found at the intersection of technology created issues and business issues and could use your help.

Bored

This is why many consider ITAM boring. As an IT professional, you may rather spend your time talking with a technical account manager about the latest Cisco UCS server and Nexus switches or perhaps demo an IBM FlashSystem 820 with its low latency read and write times. This is all fine and good, but if you are thinking about how you can get a promotion if the path to CIO does not look promising, here is a great chance to start thinking about how IT impacts the overall business continuity of your organization.

Be the hero

Over time, inventory management systems have evolved into separate silos. There is one tool for managing and tracking routers. Another for desktops and laptops. None of these systems communicate. It is often not a simple task to generate a list of all discoverable assets in case your CFO demands an actual list when he realizes how much more new equipment that was just recently ordered and wants to know why. Should your CFO lead the charge in finding a solve all end all inventory and asset management solution? How will you handle end of life strategy or associate hard drives by serial number to the device they came from? Does your organization require on site disk destruction? What is the legal procedure for the release of certain equipment? Focus instead on being the hero by thinking about business issues and align yourself with the resources that can help you reach that goal.

Homework or “workwork”?

Reach out to your network of IT friends and find out who they use to help them with decommissioning, data destruction and all other ITAM, ITAD and EOL projects.Do some research on organizations that may be a good fit to service your organization, especially if HIPAA or SoX are often referred to in daily activities at your company.

The world has changed. Cyber security is the hot topic and within that realm, its not just about firewall management and locking down TCP/UDP IP ports.

ITAM may be boring at times, but it is the new imperative. And, in case you were wondering, there are 27 acronyms mentioned in this article.

List of Acronyms

• APM – Asset Portfolio Management
• CFO – Chief Financial Officer
• CIO – Chief Information Officer
• CPU – Central Processing Unit
• DA – Discovered Assets
• EOL – End of Life
• ERP – Enterprise Resource Planning
• FITA – Fixed IT Asset
• HAM - Hardware Asset Management
• HDD- Hard Disk Drive
• HIPAA – Health Insurance Portability and Accountability Act
• IAITAM -International Association for IT Asset Management
• IBM – International Business Machines
• IMAC – Installed Moved Added Changed
• IP – Internet Protocol
• IT – Information Technology
• ITAD – IT Asset Destruction
• ITAM – IT Asset Management
• ITAMG – IT Asset Management Group
• LCD – Liquid Crystal Display
• OA – Owned Assets
• SAM - Software Asset Management
• SoX  – Sarbanes-Oxley Act
• SSD – Solid State Disk
• TCP – Transmission Control Protocol
• UCS – Unified Computing System
• UDP – User Datagram Protocol

Would you believe that a large number of desktop virtualization projects get to roughly about 30% completion and then never reach production? An even greater number fall apart prior to even reaching a small scale pilot stage.

What makes ITAMG an expert to even share a list like this?  We are often called in to liquidate the results of failed desktop virtualization projects. Our credentials are backed by our warehouses that are full of decommissioned servers, networking equipment and lightly used and new in box thin clients.

With the greening of IT, telecommuting, cloud adoption, securing data at rest, disaster recovery, big data analytics and data center consolidation being all the rage today, here we will list out the top 10 issues that can make your virtualization project fail even before it has begun or hopefully, lead to better planning.

• Environment

IT infrastructure is known to generate a lot of heat and white noise.  Installation of additional cooling systems or upgrading existing circuits and duct work are often overlooked as part of overall project launch costs.  Additionally, the amount of money spent on running these systems may outstrip any energy savings if that was a goal of your virtualization project.

• Complexity

Many virtualization projects require both software and hardware from multiple vendors. Ensuring that all components that will be used in your project arrive in time and stay within the overall project budget can frustrate even the most experienced IT professionals.  Additionally, the financial counterparts within your organization who need to sign off on new purchases or changes will be better advised for internal needs like sending out payments on time to vendors.

• Budget
  

Perhaps the number one problem that halts many virtualization projects are infrastructure costs. After reviewing the return on investment in areas like hardware, set up and maintained, these figures often come in at roughly 70% to 100% higher than the cost of software licenses needed as part of the overall project.

• Performance

In the early stages of project scoping, questions like will the system run fast enough to satisfy end user demand often come up. Components like servers, storage and network components all needing to run efficiently in order to prevent outages and end user dissatisfaction.  Right sizing the system will increase performance and end user adoption.

• Power

Excessive power requirement can delay virtualization projects for up to a year while waiting for zoning or construction permits and the actual installations of new circuits or power management systems. Moreover, increasing the overall power consumption attributed to IT operations ironically creates a case for not virtualizing certain systems based on power requirements alone.

•  Politics

The goal of many virtualized systems is to run more efficient operations in order to serve many departments from a common platform.  Conflicts may arise when it comes time to allocate costs to different departments and divide workload between dedicated IT teams that often only focus on specific areas like servers, networking or storage technology. In the end, too many cooks in the kitchen may prevent your virtualization project from running smoothly unless it is effectively managed,

• Scaling

Organizations typically decide to either go all in with adopting the latest technology or trial it through small scale pilots through the use of on-hand surplus equipment.  Not understanding how a virtualization project may scale to the organization and its end users may be its undoing.

• Space

Just because a 42U rack can hold that many servers or network devices, does not mean it will because of cooling, power and cabling requirements.  It is beneficial to pay close attention to future space requirements if expansion may be required. Conversely, if too much space is reserved for future IT projects, it may then cut into other business space requirements for an additional conference room, office, cubicle space or employee nap pods.

• Need

Estimating ROI on a virtualization project takes a lot of guesswork. Even after laying out your system requirements into one of those fancy vendor configuration spread sheets a few things could happen. After delivery and configuration, you may have over bought, under prepared or just find out that its best to just cut losses on the project before it further spirals out of control.

• Weight

Consider the load bearing capability of the floor, even if your data center is located in a sub-basement versus on the 32nd floor of a Manhattan highrise. Components are added one by one and adding up the overall weight of any number of 1U or 2U devices may surprise you over time.

IT Asset Management Group hopes that you found this list helpful and we welcome your feedback.  If we missed something that you found harmful or helpful in your planning of your virtualization project or decommissioning project, please let us know in the comments section. It will also help other readers benefit too.