E-Handbook: Build an effective IT asset disposal process Article 3 of 4

Kadmy - Fotolia


A 6-step guide for hardware disposal

Asset tracking, information logging and security measures should all be a part of hardware decommissioning. Don't miss a step with these considerations.

If you're looking to replace outdated hardware -- such as servers, storage drives or network switches -- you must source replacement pieces, but also take care of the disposal of your old hardware.

Outdated infrastructure upgrades are a large component of IT budget increases, but they are necessary to keep your data center running and reduce downtime.

Properly documenting the process and migrating workloads both ensure that you maintain compliance, minimize downtime and prevent any security breaches during the hardware disposal process.

How do you know your hardware needs to be replaced?

Replacing IT infrastructure starts with an obvious sign: when the hardware starts to fail. If it no longer turns on or stays on, or if individual components start to fail, then it's time to replace it.

The next consideration is when the hardware no longer performs how it should. One indication is when the monitoring software tracks a continuous decline in server uptime or processing speed.

Manufacturer guidelines can provide help determining hardware longevity. Hardware should be replaced when you are unable to maintain it according to the manufacturer's specifications. Perhaps you can't update the hardware to the latest version of the application or administration software, or the manufacturer no longer provides update packages.

Finally, hardware can outlive its lifespan. Manufacturers provide lifespans for their products -- with the average being five years -- and no longer support them after a specific timeframe. When your data center hardware passes its lifespan or support period, it's up to you to decide whether to replace it outright or continue using it until it fails.

Developing a hardware disposal checklist

You must consider environmental factors and cybersecurity issues when disposing of hardware. The risk of a data breach or compliance from casual hardware disposal is too significant for any company to ignore.

Create a hardware log to track the decommissioning process. The hardware log should centralize all of the information on your decommissioned hardware, such as the hardware ID name and number, the decommission date and where you sent it for wiping. This makes it easy to track all hardware, and it prevents you from accidentally destroying the wrong hardware or wiping an incorrect data set.

Clearly identify each asset before disposal. Before doing anything to the hardware, confirm the identity of the asset. In the hardware log, include additional information, such as what services the device ran and the hardware's primary users. This information helps you know precisely what data was stored on the hardware and the use case. This log is also the proof you'll need to demonstrate that the hardware was disposed according to company policy and any legal guidelines.

Back up the hardware before removing it. You may assume that its place in your data center system means the data from the hardware automatically backs up, but that may not be the case. There are many reasons why the backup isn't done or why the backup data is improperly stored. A backup copy ensures that you don't lose any critical or proprietary information, and serves as proof of the exact data that was on the asset before disposal for corporate or legal reasons.

Disable network and user access. Hardware disposal is an excellent reason to check user access to the asset, especially with older pieces of hardware. Old user IDs can still have significant asset access, and they can provide gateways for entry for old employees. Hackers are aware of this loophole.

Use enterprise-level data scrubbing software. Maintaining control over data is essential. Simply formatting a server or using consumer-grade data deletion software just won't do. Use enterprise-level data scrubbing software that does a deeper deletion -- often multiple times -- for any piece of hardware you're throwing out. Add in a data audit of the hardware after scrubbing, and you can rest assured your data is truly scrubbed.

Physically destroy your hardware. Physically destroying the hardware assures everyone that no one can retrieve the data off the device and that the hardware cannot be resold or reused elsewhere. Some companies specialize in hardware disposal and are equipped with industrial-sized shredders and crushers that pulverize your hardware. Disposal companies keep detailed records of every step of the decommissioning process, which makes it easy to track and prove decommissioning completion to any corporate auditors or legal regulators.

Dig Deeper on Data center ops, monitoring and management

Cloud Computing
and ESG