Server Disposal: How to Dispose of Old Computers and Servers

Several weeks ago, it was decided across the board that I needed a fast computer for my daily activities here in our corporate office.  I contacted our NOC, told them what I wanted, and a few days later, a shiny new desktop sat atop my desk. I took care of all of the necessary transfer of data and whatnots and politely asked the guys, “So what do you want me to do with this dinosaur? Toss it?” They looked at me like I had a third eye and quickly informed me that there are “proper” ways to dispose of your computer. Gently removing it from my death grip, they carried it out of my office, never to be seen again.

So there I stood, with empty hands, and I began to wonder what in the world they were going to do with it. What about all of that customer data (possibly the reason they refused to leave it)? I’ve seen Forensic Files one time too many, where some ridiculously smart computer guru can retrieve data from a suspect’s computer, uncovering hard-core evidence which implicates the suspect.  I also began to think about what would happen if that information got into the wrong hands (flashback to the 1995 film The Net with Sandra Bullock). Were they going to try to rebuild it? “Gentlemen, we can rebuild. We have the technology. …. Better than before…. Better, stronger, faster.”- anyone remember The Six Million Dollar Man?  Since my inquiring mind and overactive imagination wanted to know, I spoke with Joe Cosmano, Director of Engineering, and Josh Simon, Director of Data Center Services at Atlantic.Net, to find out what to do with old computers to ensure that they are either disposed of properly or rebuilt to become the Six Million Dollar Machine.

Below are some of the questions I asked and the answers I received:

What methods are considered best for the disposal of outdated or unwanted computer hardware, and what are the main considerations for businesses evaluating those options?

Outsourcing to a disposal company – Numerous companies specialize in recycling and disposal of equipment. Organizations that decide to outsource should use caution to ensure that all the data is securely wiped from all storage devices. Proper documentation should be requested from the disposal company to ensure effective controls are in place to guarantee compliance with all state and federal regulations. Additionally, there are paid services that will handle the pickup, and there are some pickup services that actually pay for outdated or unneeded computers. Negligence of disposal and improper disposal can become a serious liability for your company even if the disposal service contractor does not deliver on its promise.

Donating the parts to charity/non-profit – Easy and commonsense steps to ensure all data is securely wiped can help avoid security breaches that may otherwise compromise business security.  Local charities with experience reconstituting used computer equipment are often the best and easy option. Sometimes local charities can help save high shipping costs and provide you with a tax write-off for the donation.

Storing it – While you may find a spare part in a clutch situation, most of the equipment will remain untouched well past its realistic lifetime. Not only is there a cost to store the equipment, but there are also inherent security risks associated with data sitting around that could be compromised. If you decide to store the old machines, make sure you have proper controls to ensure data protection.

What kind of third party exists to help disburse this equipment, and what should businesses look for in going with a third party?

Some of the third-party options are listed on EPA’s website. You may also want to spend some time at computerhope.com to get in-depth knowledge and information.

How do environmental regulations affect businesses getting rid of Technological equipment?

Environmental regulations put specific requirements in place to help protect our environment. You cannot just decide to haul the computers and dump them into a landfill. It is highly recommended to use recycling services to properly dispose of the equipment and help with green initiatives. Regulations will vary from state to state, so it is recommended that you check with your state’s department of environmental protection. More information on the regulations can be found online.

What are the options for donating used equipment? What kind of liabilities or responsibilities do businesses have? How should they prepare their machines for re-use by non-profit or charity?

The National Christina Foundation works with data center operators like Atlantic.Net and large corporations to distribute the used equipment to the charity of your choice. I also recommend working with any local causes you find important. Joe recommends using DD (a degaussing device) to handle that task. Atlantic.Net actually utilizes a USB-> SATA/IDE device that allows us to hot-swap old drives onto a running system and then use DD to wipe the data. There is a standing challenge from 2008 for any commercial data recovery company to attempt to recover data off of a drive that was wiped with DD. For more information on how to do this, you can visit the following link: http://howto.wikia.com/wiki/Howto_wipe_a_hard_drive_clean_in_Linux.

What steps should businesses take to secure their data when disposing of old equipment? What legal requirements must they fulfill?

Per Joe Cosmano, numerous steps must be taken to ensure that data is correctly disposed of with:
•    Management needs to contact the systems administrator when a device or system is to be removed.
•    Outdated equipment must not be discarded in dumpsters or trash containers (needs to be recycled via the third party)
•    Proper procedures must be taken to destroy data partitions (magnetic erasure by system administrators, DD, degaussing)).
•    Companies should consider setting up logs and step-by-step procedures to stay ahead of compliance issues and ensure all the procedures are followed.

Legal requirements may differ depending on which compliance your organization falls under (HIPAA, Sox, GLBA).

For instance, HIPAA requires that electronic storage media and devices containing patient health information should have that information deleted by persons with adequate technical knowledge to ensure irreversible removal.

What alternatives are there for server disposal?

Lease a dedicated server or managed hosting server!  According to Josh Simon, you are never the owner of the record (the lessor/provider is). Your administrators have full access and can wipe the data before you turn it back over to the hosting provider (this can usually be done remotely in the case of dedicated servers ). Your systems always remain up to date, and you never have to worry about the headaches with the disposal. Companies like Atlantic.Net operate Data Center facilities that are fully secure and are designed to help businesses avoid data loss and prevent security breaches.  Instead of buying servers with a capital outlay, smart companies are now leasing dedicated servers and/or managed HIPAA cloud hosting servers that are secured in World Class HIPAA-Compliant Data Centers like the one operated by Atlantic.Net. This smart-sourcing helps save significant time, money, and resources and adds another line of defense when it comes to protecting your data.

There are quite a few other interesting articles written about the subject matter, and you can easily look those up online at Google, Bing, or Yahoo. We hope you benefited from this article and have learned new ways of disposing of old computers and servers.

Atlantic.Net has many Cloud Server options to keep up with current technology like VPS Hosting, Linux and Windows Cloud Hosting, and Docker Cloud hosting, among others.