Old server hardware is a fact of life – the perpetual drive for increased processing power, more storage and improved software functionality means that the average lifespan for a new server is around three years. With end of support for Server 2003, there it looks like there will be a large increase in the number of redundant servers that require disposal.
So what factors do you need to consider when disposing of server hardware?
Impact on the data
By their very design, servers’ sole purpose is to store data. More importantly still, they simplify the sharing of information within your corporate network.
So when disposing of servers, it is important to carefully consider the storage of the data will still be on the drives. Cybercriminals or even your competitors could easily recover sensitive data from your dumped server resulting in the theft of your intellectual property (IP), product development plans, or customer lists. Enabling them touse your own data against you to further their own business.
To prevent these acts you must either remove the hard drives and physically destroy them, or use a secure file deletion tool to ensure all information is unrecoverable. A simple format of the drives is insufficient – tools like Ontrack EasyRecovery are more than capable of recovering data deleted in this way.
In the United States, there are hundreds of laws regarding data protection and information security. These laws can be specific to industry you are in. How your business handles personal data, is most likely by one of these laws. Your business must be able to demonstrate that you practice proper disposal of personal data and put it beyond recovery by unauthorised third parties.
To meet such requirements, your business will either need to employ a secure file deletion tool, or physically destroy the hard drives belonging to the server requiring disposal. If you are hoping to resell or donate it to charity, secure file deletion will leave you with a usable machine – otherwise it will require replacement drives, significantly reducing its value to a buyer.
Newspapers and other media outlets frequently run stories about second-hand servers bought online and the sensitive data they recover from the included drives, suggesting that businesses are still not taking this danger seriously. Aside from the potential reputational and financial damage these kinds of leaks cause, your company can face large fines for breaking regulatory laws and company directors could even be given jail time.
Impact on the environment
The days of sending computer hardware to a landfill are over with environmental legislation regulating the dumping of electronic waste. Servers can be classified as hazardous waste because they contain PCB boards, a source of polychlorinated biphenyl, which can cause skin lesions, immune system problems and even acute systemic poisoning.
As a result, server hardware needs responsible disposal by a professional recycler. These firms strip server components and ensure that everything recyclable is reclaimable. They then arrange for a safe disposal of the remaining components. You should also ensure that all drives are securely wiped using a tool like Blancco 5 to put unwanted data beyond recovery before any hardware is sent to a recycler.
The most environmentally friendly disposal option however would be to repurpose your old server, putting it to work in a role that is not reliant on processing power or RAM. Old machines are often there as backup DNS servers for instance, helping to keep mission-critical systems on line in case of an emergency whilst primary servers undergoing repair.
Donate old servers – a definite possibility
Finally your business could consider donating old servers to charitable organizations who can make use of older computer hardware. Obviously the same rules about data protection still apply, but your business can avoid much of the administrative burden associated with disposal. You may even be able to use such donations as a tax deduction and to meet Corporate Social Responsibility (CSR) targets.
However your business chooses to dispose of old servers, the key consideration must be to ensure the secure deletion of data before the asset leaves your premises. Failure to do so could be extremely costly in terms of reputation damage, regulatory fines and a loss of business; get it wrong and retiring old servers could be one of your most costly undertakings ever.