When it comes to selling previously used phones, laptops, servers or data storage drives, two conditions are critical to a thriving second-hand market: there must be enough sellable product changing hands and there must be trust at each stage of the selling and buying process.

Not surprisingly, the second affects the first. Enterprise attitudes on data security and end-of-life device processes determine both the quantity and quality of devices available for resale.

It’s no secret that unauthorized data exposure brings weighty consequences: Depleted market advantage if proprietary information is disclosed. Punitive actions and financial penalties if private customer data gets out. Loss of shareholder trust. Brand damage. In this light, physically destroying fully operational drives and devices in the name of privacy seems like a good idea. Yet research shows there is great potential for businesses worldwide to profit from their used IT while reducing data exposure risk.

For the recent Blancco research study, “A False Sense of Security: How Gaps in Data Sanitization Knowledge are Leaving Global Enterprises Open to Breaches, Compliance Failures and Lost Profits,” Coleman Parkes surveyed more than 1,800 senior decision makers from the some of the world’s largest enterprises. Results showed that while nearly three-quarters of organizations erase devices for reuse or resale, more than one in three take considerable risks at device end-of-life. These risks include using inappropriate data removal methods (e.g., applying methods for one type of technology to all, though mismatched processes can leave data behind), hoarding used assets and failing to maintain a clear chain of custody and audit trail when transporting devices for disposal.

Such poor physical destruction practices cause enterprises to needlessly take on risk, all while removing perfectly functional devices from the market. By contrast, sanitization through secure data erasure provides a way for enterprises to render data completely unrecoverable, validate that all data is gone from every area of the device, and provide businesses with a way to get additional value from their IT investment through reuse, donation or resale.

So what keeps enterprises from using this option?

The report revealed misconceptions around cost and security, as well as a lack of awareness of the physical destruction processes required by different asset types. So, while organizations are implementing policies that aim to minimize risk at end-of-life, many are confidently adopting processes that actually fail them.

Data erasure users, however, see the benefit of this mode of data sanitization. IT asset disposition vendors and mobile resellers remarket usable technologies knowing that data never migrates from one owner to the next. Their data erasure processes divert e-waste from landfills while providing others with the opportunity to purchase products at lower costs. Large, highly regulated organizations are on record as confidently donating previously owned, but highly operational, IT hardware so other organizations can use them—living out their values of contributing to their community.

Physical destruction provides a visceral sense of assurance that the data that devices once held will never be recovered. But trust is only as good as the object of that trust. Faulty destruction practices—such as having weak or nonexistent documentation for each device and its status throughout the disposal process (chain of custody), or applying ineffective sanitization techniques—mask risks that still exist.

To bridge the gap between the appearance of security and true data protection, device processors and resellers can better serve their customers, community and company financial goals by becoming educated on and advocating secure, verified and certified data sanitization practices as technologies evolve. This includes understanding data destruction recommendations for each device type. It also includes becoming familiar with the security, economic and environmental benefits of data erasure.

Knowing which methods to use when, on which devices and how to communicate the risks of lesser choices, will boost client confidence in their device disposal practices, make their end-of-life data security goals a reality and support a healthy market of resellable technology.

To learn how to minimize the risk of end-of-life data breaches with data sanitization, get Blancco’s A False Sense of Security research report at www.blancco.com.

---

Karen Fedder
Karen Fedder has over 25+ years of experience in the tech industry. For the past eight years, Karen has been at Blancco Technology Group, where she focuses on the ITAD industry. Throughout this time, Karen has become an expert in this space, winning industry-leading awards and setting the standard for data sanitization best practices with her clients.