Old server hardware is a fact of life – the perpetual drive for increased processing power, more storage and improved software functionality means that the average lifespan for a new server is around three years. And with end of support for Server 2003, there is expected to be a large increase in the number of redundant servers that need to be disposed of.
So what factors do you need to consider when disposing of server hardware?
By their very design, servers are intended to store data. More importantly still, they are supposed to simplify sharing of information within your corporate network.
So when disposing of servers, it is important to carefully consider the data that may still be stored on the drives. Cybercriminals or even your competitors could easily recover sensitive data from your dumped server resulting in the theft of your intellectual property (IP), product development plans, or customer lists. Enabling them touse your own data against you to further their own business.
To prevent these acts you must either remove the hard drives and physically destroy them, or use a secure file deletion tool to ensure all information is unrecoverable. A simple format of the drives is insufficient – tools like Ontrack EasyRecovery are more than capable of recovering data deleted in this way.
In the United States, there are hundreds of laws regarding data protection and information security. These laws can be specific based on the industry you are in. How your business handles personal data, most likely is regulated by one of these laws. Your business must be able to demonstrate that you have properly disposed of personal data and put it beyond recovery by unauthorised third parties.
To meet such requirements, your business will either need to employ a secure file deletion tool, or physically destroy the hard drives belonging to the server being disposed of. If you are hoping to resell or donate it to charity, secure file deletion will leave you with a usable machine – otherwise it will require replacement drives, significantly reducing its value to a buyer.
Newspapers and other media outlets frequently run stories about second-hand servers bought online and the sensitive data they recover from the included drives, suggesting that businesses are still not taking this danger seriously. Aside from the potential reputational and financial damage these kinds of leaks cause, your company can face large fines for breaking regulatory laws and company directors could even be sentenced to a jail.
The days of sending computer hardware to a landfill are long gone with environmental legislation regulating the dumping of electronic waste. Servers can be classified as hazardous waste because they contain PCB boards, a source of polychlorinated biphenyl, which can cause skin lesions, immune system problems and even acute systemic poisoning.
As a result, server hardware needs to be disposed of responsibly by a certified recycler. These firms strip server components and ensure that everything recyclable is reclaimed. They then arrange for the remaining components to be disposed of safely. You should also ensure that all drives are securely wiped using a tool like Blancco 5 to put unwanted data beyond recovery before any hardware is sent to a recycler.
The most environmentally friendly disposal option however would be to repurpose your old server, putting it to work in a role that is not reliant on processing power or RAM. Old machines are often used as backup DNS servers for instance, helping to keep mission-critical systems on line in case of an emergency whilst primary servers are repaired.
Finally your business could consider donating old servers to charitable organizations who can make use of older computer hardware. Obviously the same rules about data protection still apply, but your business can avoid much of the administrative burden associated with disposal. You may even be able to use such donations as a tax deduction and to meet Corporate Social Responsibility (CSR) targets.
However your business chooses to dispose of old servers, the key consideration must be to ensure that all data is securely deleted before the asset leaves your premises. Failure to do so could be extremely costly in terms of reputation damage, regulatory fines and lost business; get it wrong and retiring old servers could be one of your most costly undertakings ever.