This article was originally written by Naomi Eide and published on CIODIVE.

The minute a machine breaks or stops functioning as it was initially designed to, productivity in the enterprise can dip and business as a whole can suffer.

Whether it’s a desktop computer or a hard drive in a data center, pieces of equipment will reach the end of their lifespan. To avoid widespread, cascading system failures, companies are forced to consistently update and upgrade their technology. For companies, staying up-to-date with equipment needs is perpetual, creating a demanding tech refresh cycle.

The tech refresh cycle is not established merely on the desire to have the newest and most-promising technology. Instead, when deciding whether to upgrade or update systems, organizations have to consider the impact on the balance sheet on capital spending and technology, according to John Parkinson, Affiliate Partner at Waterstone Management Group. It can also become an accounting problem if the technology doesn’t last as long as the company thought it would when making the initial investment.

Then, there’s the case of Moore’s Law. In 1965, Gordon Moore, co-founder of Intel, looked at the digital revolution and predicted that computing would increase in power but decrease in cost at an exponential pace. Basically, everything you buy today you could buy in four years for the same price and get twice as much performance, according to Parkinson.

Enterprises are forced to upgrade, not only because of the potential power new technology has to offer, but also because products break. Technology “doesn’t last forever and the more high-performing the electronics are, the more dramatic the fall off a cliff reliability is at some point in time,” Parkinson said.

Generally, companies look to refresh their technology every four to five years. Some research points toward a vendor-motivated refresh cycle to get organizations to consistently spend money on technology. But in many cases, updating an enterprise’s systems is a necessary evil.

Wait, what about the leftover data?

One of the core challenges that comes from the refresh cycle is that data existing on older devices has to be migrated to a new home to ensure it is up-to-date, accurate and available.

“That’s a huge pain in the rear,” Parkinson said. “Every CIO I know hates to have to do this, but it’s necessary.”

“And actually moving to cloud storage … doesn’t really solve the problem,” he added. “It just makes it somebody else’s problem.”

Though upgrading systems is necessary, it can prove challenging for data security. Once an organization has migrated its data to new devices, it’s left with hardware that still has echoes of data left on its drives.

The only way to 100% guarantee that data is secure and doesn’t leak is to physically destroy the hosting device until all that is left is a pile of waste, reduced to the point where there are no longer distinguishable parts.

If companies can ensure that drives are wiped to the point where data is irrecoverable, they can sell the enterprise-quality drives to someone willing to use them, though it may not be as reliable as it once was.

The problem is, “most people have no idea all the places where the data might live,” Parkinson said.

Data can lurk in any number of locations, including network devices, which have local storage, such as printers.

A recent study from Blancco Technology Group, examined 200 used hard disk drives and solid state drives purchased randomly from eBay and Craigslist since the beginning of 2016. The company found 78% of the devices held residual data, with 67% containing personally identifiable information and another 11% with corporate data.

From the company data that was recovered, the drives held everything from company emails sent by employees, to spreadsheets, customer data and CRM records.

And of the 200 used hard disk drives, just 10% had a secure data erasure method performed on them.

“We’ve kind of created this problem because there are so many storage devices around now that aren’t obvious and aren’t terribly visible,” Parkinson said. “It’s very difficult to know for certain that you’ve accounted for all the places that data is stored and even harder for all the places that data is cached temporarily, but temporarily might mean for years.”

 

Ensuring data destruction

To better manage data destruction and security, many enterprises contract out the work, looking for service partners that can either guarantee the data’s destruction or successfully refurbish the technology for resale.

Take Maryland-based Akooba, for example. Through its offerings, the company serves as both an electronic data destruction company and a cybersecurity company, which provides thorough documentation for physical data destruction as well as refurbishing.

The company’s core technology, VisiShred, is a platform that provides documentation for a device’s chain of custody as well as HD video of data-storage devices being destroyed. Beyond the cathartic image of a shredder grinding down a device until its parts are unrecognizable, the platform provides assurance that data will not get into the wrong hands.

“There’s a huge opportunity if you can manage this process successfully from a secure wipe point of view to not create e-waste because there are many markets where you can refurbish and resell the equipment from the enterprise into secondary and tertiary markets,” Parkinson said.

Refurbishing and reselling enterprise tech also has the added benefit of prolonging the useful life of the device, which makes technology more available and helps to avoid creating additional e-waste.