Secure Disposal of Old IT Equipment

Written by

Network and security devices age just like any other IT equipment. As the IT industry moves toward 100 gigabit/second Ethernet and 100 megabit/second broadband connections, many existing devices will no longer cope with traffic volumes. The need to replace routers, firewalls, load-balancers, content filtering devices, etc., is an on-going process.

Some devices may be reusable by smaller organizations and have a second-hand value; others may just be fit for the dump. When the latter is the case, they must be disposed of in-line with environmental regulations, such as the EU's waste electrical and electronic equipment (WEEE) directive.

Either way, such devices will end up in the hands of third-parties, and their eventual destination will not be guaranteed. These devices have all sorts of confidential data and settings stored on them, such as user details and network access settings. In the wrong hands these could be used to gain access to private networks, and anyway, the leaking of such data may constitute a data privacy breach. If is therefore necessary to ensure all such data is securely deleted before devices are disposed of.

It varies by industry, but a recent Quocirca research report shows that around 40% of all organizations said they were not confident all such data was safely removed prior to device desposal. Quocirca suspects that even those who claim to have done so have not actually shredded data but just “deleted” it, and a determined hacker may still be able to retrieve it. Only audited disk shredding or secure reformatting tools, carried out by screened staff, can ensure such devices are completely safe to dispose of.

What’s hot on Infosecurity Magazine?