End of Use is not end of exposure
The clear and present danger we are seeing in the world today is being fueled with information. This information is being used with both good and nefarious intentions. Some notable cases in the headlines include the laptop owned by Hunter Biden that was allegedly compromised by the computer repairman and Nancy Pelosi’s laptop that was reported stolen during the Capitol riots – both are examples of how data might be used for unfavorable purposes – or favorable purposes depending on what side of the aisle one sees it from. What both sides can agree upon, is that they saw that the information these laptops contained might be valuable, beyond its remarketing return.
One can only imagine how the IT Asset Manager responsible for supporting the technology assets for the government’s lawmakers felt when they heard the news of the laptop being removed from its intended custodian. As someone close to the activities associated with managing the full lifecycle of assets, I wonder what kind of password security was used, if the data was encrypted, did they have remote wiping capabilities enabled. Or was this a personally owned BYOD device? This is where a solid IT asset management program plays a critical role in tracking the physical asset, making sure it does not “show back up” on the network, and partnering with their end-of-life provider to be on the lookout for that particular asset making its way back through the ‘system’.
The reality is this potential for data (Information) exposure exists every day for every business. Not all information thieves come dressed in bad cosplay costumes – some are much less obvious, case in point, computer repairman. Therefore, it is super important to choose trusted, verifiable service providers.
While these two high profile cases are not typical challenges for ITAM leaders in a corporate IT Asset Management program, the act of not returning assets at end of life is a frequent threat that could present a clear and present danger, now or in the future if the data on the asset is not responsibly managed and eradicated. These threats are enabled by poor adherence to process, ineffectively managed exception processes and inadequate management of the technology asset once it or its custodian is “taken off the wire or employment terminated.”
Not only are asset managers battling physical asset security in an ongoing information privacy war, but things have also become further complicated by Covid-19. The need for more knowledge-based employees to be supported in remote work environments drives the need to better manage the costs associated with supporting computer equipment deployment and retrieval, while also managing the risk associated with the data on the device. IT professionals are having to rethink the physical asset management lifecycle and its support processes to be proactive against potential information enemies.
Let us first explore the pitfall’s business stakeholders will likely face in the months to come and some survival tips that are available to close gaps on the front line, while reducing costs and providing innovative approaches to supporting employees in the ‘new normal’ remote workforce.
Receipt and Deploy.
In the current stay-at-home and lockdown environments across the globe, hiring new employees, upgrading equipment and offboarding employees has changed the onboarding, technology refresh and offboarding processes for many organizations. Organizations will likely find themselves challenged with quality data capture at receipt for effectively managing the new procured inventory through its lifecycle. The data capture, at this point in the process, is critical for creating a source record to manage the asset’s lifecycle and ultimately the security of the data that resides on it.
Survival Tip #1
Service providers like Sage can be a great option when it comes to the utilization of a 3rd party provider to reduce costs, improve control and data quality using a transactional data collection approach. This data can be integrated or shared with an organization’s master data management and governance programs.
Learn more about Remote Workforce Services
The nature of the remote work environments creates an additional challenge when it comes to validating the location of the equipment for upgrades or replacements. IT Asset Managers need to keep track of not only assigned work locations, but also the shipping locations for their home offices. This creates another potential pitfall with the increased cost of shipping and packaging when swapping out computer equipment.
Survival Tip #2
Organizations who partner with asset management service providers to support their refresh management activities can realize cost savings, through transferring the tracking, recovery, and replacement requirements to a 3rd party provider, such as SageSE. Not only that, when organizations store their on-hand inventory at Sage SE warehouses, they often realize reduced storage costs for both new and ‘legal hold’ assets.
Need refresh support?
End of use in a corporation is often not end of life. In those cases, organizations are at risk when dealing with both idle assets and assets that will be redeployed or remarketed. Quickly recovering and processing idle assets reduces the risk of information privacy breaches and increases the potential remarketing proceeds by getting it into the secondary market as quickly as possible.
Survival Tip #3
When ITAM / ITAD providers are contracted for refresh management activities for your business, they can also assess the reusability of equipment that has been recovered from terminated end users – and perform the necessary services to cleanse the information to eradicate all the data insuring privacy requirements are addressed and provide the necessary sanitization to address the potential spread of COVID-19. Whether these computers are redeployed within the customer environment or sold on the secondary market, using a 3rd party provider enables proper sanitization practices for the safety of all concerned.
Get more value for your technology
Dispose / Recycle.
The final stage in a technology asset’s lifecycle can prove to be the most vulnerable and potential attack. Organizations must keep track of assets assigned to contractors and employees and insure timely recovery upon their termination. Idle assets can more easily grow legs and without being ‘on the wire’ data governance program managers lose visibility into the data lineage on the retired technology.
Survival Tip #4
Organizations that partner with a 3rd party ITAM / ITAD provider can create integrated processes to kick-off the recovery of assets located at employee home offices. This service can provision the necessary packaging, shipping labels, track logistics and perform the necessary data eradication services prior to de-manufacturing for recycling.
Proper recycling matters – learn more
At the end of the day, whether it is dealing with today’s new normal work environment or the typical challenges of managing data privacy on data bearing devices, IT Asset Managers are constantly battling potential information privacy breaches. To survive, they need the necessary implements to overcome the threats that exist. They need hired troops. They need SageSE.