Vendor Management Strategies for the CIOIt seems like a no-brainer practice that any good business person would follow. When you send your old computer equipment to the recycling center or off for resell through a hardware broker you first ensure any sensitive electronic information is erased or otherwise destroyed. Given that we’re well into the era of information privacy and security compliance, you’d think it’d be safe to assume that most people understand the importance of proper system disposal.
A quick peek at the Chronology of Data Breaches paints a different picture as there have been numerous computer disposal gaffes this year. This isn’t a problem isolated to the United States according to a study by Vanson Bourne that found that 75% of e-waste is unaccounted for. It is clear that we’ve got a problem that, like malware infections, will likely get worse before it gets better. Systems VARs can help fix the problem and make some money at the same time.
By helping your customers ensure proper wiping or the secure encryption of sensitive information on decommissioned systems you can alleviate risk for customers and offer a needed, and billable, service.
One approach is to help customers establish in-house processes for securely preparing all devices before they leave the
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSystemsChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSystemsChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
building. Many IT managers don’t know where information is located across the enterprise, so you could help your customers establish an information classification and location process so they have their ducks in a row prior to unloading old hardware. Some business managers aren’t even aware of their basic compliance requirements, which is a great opportunity for new services, and e-waste can be a great foot-in-the-door approach. You can also work directly with a hardware broker or refer your clients to trusted sources and receive a commission. Keep in mind that proper e-waste disposal is not just a matter of wiping hard drives. You can help your clients protect sensitive information on:
- Firewalls
- Routers
- Switches
- Wireless access points
- Smartphones
- SD and micro SD cards
- Tape backups
The reality is, if a piece of hardware is somehow configurable and stores any type of sensitive information such as passwords, network configurations, client records, intellectual property and the like, then it’s fair game and needs to be handled appropriately before it’s disposed.
The security issues surrounding e-waste provide a great opportunity for additional consulting fees, software licenses and hardware commissions. So many people are jumping on the “green” bandwagon. Why not use it to your advantage so everyone benefits?
About the author
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 22 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Follow @KevinBeaver on Twitter or connect to him on LinkedIn.
This was first published in December 2011