It asset disposition the right way: prevent data breach

GROWTH IN ELECTRONIC DATA AND TECHNOLOGY MODERNIZATION

The technology that creates, enables, and communicates the growth in electronic data, continues to proliferate at an exponential pace. In order to evolve with this growth, while working to achieve their missions, government agencies are following trends and adopting new technologies, especially those that are data-bearing assets - laptops, PCs, servers, printers and mobile devices.

As devices become outdated or reach the end of their useful life, agencies need to ensure that each individual asset is taken care of in a secure and sustainable way.

Given the security, privacy, and environmental concerns associated with the retiring of IT assets, agencies must ensure they are taken care of in a responsible manner and in adherence to government regulations. A comprehensive IT Asset Disposition (ITAD) program needs to be part of every agency’s overall data management strategy.

Disposing of obsolete assets in a manner that is legal, safe, cost-effective, and free of institutional harm is a challenge for all government agencies. Achieving ITAD success requires navigating legal and regulatory requirements, including NIST 800-88 standards, PIPEDA, the proposed Digital Charter Implementation Act 2022, and other provincial privacy regulations (e.g. Quebec’s Bill 64). Poorly executed disposition of IT assets can result in fines, public health and safety issues, breaches in data security, and reputational harm.

It’s estimated that nearly 80% of the Government of Canada’s roughly 8,000 IT services are housed in aging data centres. Most agencies do not have a solid understanding about what data they have or where it is located. While most Canadians have faith in organizations to safeguard their information, two in five (38%) are not confident that their personal information can be kept safe, with 17% saying they are “pretty cynical” about the ability of companies or governments to protect their data. (KPMG in Canada cybersecurity poll, 2020). This means that personal and sensitive data can be anywhere, including on technology assets that are no longer in use — putting agencies at enormous risk and with multiple challenges to mitigate that risk.

GOVERNMENT FOCUS ON INFRASTRUCTURE UPDATES

The Federal Government has recognized the need to dedicate funding to address the potential issues legacy systems impact the move to digital government, cyber security, data privacy and environmental concerns. To correct this, the Government of Canada (GC) is making significant investments to modernize and replace aging IT infrastructure and have adopted a “cloud-first” policy for government applications. Specifically, Budget 2021 announced $300 million of additional investments over 3 years for Shared Services Canada (SSC) to continue to work to repair and replace critical IT infrastructure.

The GC is looking to be more responsive to Canadians’ demands for trusted and convenient services. An updated network will use the latest security measures that better protect personal information, connect seamlessly to cloud and enterprise data centres, and provide better connectivity.

SECURING INFORMATION WITH TECHNOLOGY DISPOSITION

Federal agencies are progressing in transitioning to a digital-first environment. This environment is evolving quickly due to the nature of technology proliferation. IT departments must remain ahead of the curve and can look to the following use cases to take a proactive approach.

DATA CENTERS

As cloud migration continues to increase, the reliance on government-housed data centers will substantially decrease, requiring appropriate disposition of equipment. The COVID-19 pandemic has only accelerated this focus. This trend will enable agencies to transition away from on-premises data center equipment, providing an opportunity to significantly consolidate the technology required in these environments leading to a significant volume of excess IT equipment.

OFFICE SPACE

SSC will reduce office spaces through modernization and optimization. The decrease in required office space, closing of offices and government buildings will require a strong look and assessment of the legacy technology equipment resulting in a significant opportunity to securely dispose of legacy assets.

HYBRID WORKERS

The hybrid workforce is expected to continue. Federal agencies will need to support the remote workforce with new or refreshed devices, disposing of the traditional in-office technology such as desktops, storage drives, printers and more.

INTELLECTUAL PROPERTY

Legacy hardware that stores intellectual property (IP), such as health-related research, geospatial data, contractual information, and patent/trademark applications are other candidates for secure ITAD. This technology must be securely removed, transported, and destroyed to ensure any IP information is wiped following strict guidelines.

ENVIRONMENTAL, SOCIAL AND GOVERNANCE

Agencies need innovative solutions that bring them closer to achieving their Environmental, Social and Governance (ESG) goals. Environmental solutions, in particular, allow the recycling process for technology assets to reduce greenhouse gas emissions, cut pollution and save energy and resources to improve green posture.

For the whole document, please download the file below.