ITAD’S, ARE YOU SURE YOU’RE PROCESSING YOUR NETWORK PRODUCTS…

Written By Adam Burrett (Network Engineer, Nemesis Designer)

Introduction

When networking hardware is in use, network engineers are conscious to make sure they can always get back to a working configuration without having to redo the whole thing.  Especially if it is remote.

So they tend to make a backup of the running / start-up config onto flash (I know, I used to).  They may also carry out packet traces on the device, and store these in the flash and not delete it once finished.  If this is a device that carries voice traffic that could include voice calls.  With the right knowledge, you can download that file and listen to the call.

When that device becomes end of life the following need to happen:

1. The startup configuration is erased
2. Any backup configs are erased
3. Any traces are erased
4. Any file, that is not an operating system, is erased

You will notice that I have bolded the word erased.  This is because erased data is not the same thing as deleted data.

If you delete a file from flash, you have not deleted it.  You have removed the pointers to that file, and marked it to be overwritten when more storage is needed. 

Flash tends to only allow you the option to format to totally clear it.  This again, does not delete any of the data.

This data can be recovered using the right tools, in some instances just a compact flash card reader and a Hex editor.

The challenges

Maintaining Value

The main problem when processing networking equipment is that there are so many different types, each with their own unique processing method and varying levels of erasure commands.

The second major problem is maintaining the value of the asset.  One wrong command and you can turn a £2000 switch into a £200 switch, or a piece of scrap.

A large number of ITAD companies currently sell their networking devices in bulk to upstream vendors for a much reduced value, potentially losing thousands of pounds on each batch they sell.

Complete Data Erasure

To date ITAD company’s process networking equipment follows the NIST Clear standard.  This is the only standard that has been available to them.  Using the NIST clear, and manual deletion options has a high risk of missing user data and sending devices out with confidential customer data (i.e. passwords, customer names etc.).

There is a NIST Purge standard for network equipment, but this is vendor and product specific and does not lend itself to the objective of maximising the retained value of the asset as it will clear all software and licenses at the same time.  If the ITAD is not careful, this may not be recoverable to an operational system and will result in loss of revenue for them.  In time, this will then increase the costs of those services to you the disposal customer.

Processing Time

To process a device to NIST Purge can take time to ensure that all user data is cleared, depending on the device.  This also requires a reasonable knowledge of networking hardware to either know the commands, or know how to get the commands. 

Staff resource

The majority of companies that process their own networking equipment rely on a single member of staff, so when that person is absent no networking equipment is processed.

The Solution

The new Nemesis Network Erasure product from Ultratest Solutions marks a revolutionary step forward in the processing of networking equipment collected by ITAD companies.

By utilising the Nemesis you gain the following:

1. Simple to use, reliable and repeatable erasure process

Your Teams do not need to understand every device they are erasing.  The solution detects the type of device, and processes it accordingly.  It is just point and click.

• Allows erasure of products even if the OS has been deleted by the customer before the ITAD collected the devices.
  
• Utilises the VIP (Vendor Independent Purge) standard developed by Ultratest engineers to ensure that all data is fully erased.
  
• Confidence in providing erasure certificates that can be complimented by a full erasure report that can be provided to the customer.
  
• Maximise the value of any asset by bringing the device fully into an operation condition at the end of the erasure process.

To find out more, as to how Nemesis can benefit your operation, please get in contact and we will be happy to arrange a time for a consultative call to discuss your individual needs and challenges.

“Let’s not focus on the ‘r’ word, within a…

When discussing key attributes and intricacies within a Circular Economy the word that is bounded around more than any other is ‘Recycling’.  While recycling is a component of the Circular Economy, it should be by default the last and final by-product, and thus its status should be very much last in the conversation.

The dialogue that should precede the ‘R’ word should include such topics as; ‘Circular Design’, ‘Reuse’, ‘Rental’ and ‘as a Service’ or ‘subscription’.  Thankfully, global manufacturers are starting to consider these key objectives when developing products and services.  Questions such as; how can product design best compliment a circular economy and deliver sustainability with minimal impact on the environment are paramount.

As a smaller manufacturer, at Ultratest Solutions we still asked ourselves that very same question.  Let us look at how this steered our product development and philosophy when designing Genesis.

By the nature of our solution, Genesis is designed to enable the reuse of millions of Hard Drives & SSDs, rather than condemning them to the shredder and subsequently the waste stream.  All-be-that fantastic, we are still talking about the ‘R’ word or at best reuse & product upcycling.

We took the decision to develop our solution based on a ‘Rental’ and ‘Subscription’ model, so why?  Typically, one-off sales of product tend to be linear.  Products are sold and when no longer needed tend to be scrapped or hopefully repurposed.  Therefore, by working on a rental and subscription basis, we as the manufacturer, have understanding of where our products are and when a customer no longer requires the solution we have the ability to recall the hardware so that we can refurbish, update and re-deploy with a new client.  The subscription element is also crucial, as without it the product has no function, even should the product fall into the wrong hands, without our knowledge or consent, they would have to contact us enable functionality and bring any value back to the solution.  Thus enabling us to keep control of it use and lifespan.

Initial design and production methods are taken into account when developing solutions.  Genesis is designed in a modular format.  Where possible, non-proprietary products have been utilised, so that in the event a particular piece of equipment being no longer required, it can be repurposed for general use, outside of our intended application.

Proprietary components of the solution have been designed in a method whereby individual components can be upgraded while retaining the highest number of standard components, such as metal chassis and drive load bays etc.

Since we lease our solutions and the customer is not the owner of the equipment, it is very easy to run client upgrade programs when required, as we have knowledge of the locations and ownership of the product.

This approach is far from being unique, but is generally rare for a small to medium size manufacturer.  However, it is a model that can be adopted by many and would greatly support the achievement a more sustainable existence.

We are happy to talk about our experiences and challenges, so please do feel free to make contact.

‘Can I make my ITAD process more profitable’?

Absolutely you can, let us explain how & why. We fully understand that End-User clients will stipulate which Data Erasure methods and certifications (CPA, Common Criteria, DIPCOG, TUV, NATO, ADISA etc.) to be used. Some may even demand a specific software vendor. It’s a minefield for customers, understanding what is current or historic, best practice or not and what is legally required. OK, so let’s see how ITAD’s can compliment or in some cases replace some of today’s model with innovative & clever technology.

ADISA is the only body to certify erasure on Solid State Drives (SSD) as part of their accreditations .

All ITAD’s have a existing method for ‘in-situ’ data erasure (wipe-in-device), for laptops, desktops & servers, as well as ad-hoc solutions for loose drives. We’ll explore how adding a complimentary technology, like Genesis, can add value to the process .

How do things operate today? In the traditional ITAD model (as per the fig. 1), if the drive fails the data wipe it would need to be physically destroyed to meet contractual obligations.

Ultimately, the “Enhanced Recovery Model” provides; better sustainability through reduced waste, higher quality of products (with less RMA’s!) and an increased revenue stream by yielding more product for resale.

BEWARE… “An erased drive is not a fully tested drive”.

Not only does Genesis test, repair and erase a drive, it also runs a complex health-check algorithm to provide you with an accurate Guardian Score (% health). Delivering the highest confidence in product quality.

Taking it to the next level, you can use Genesis as your ‘one-stop-solution’ for repair & data erasure, providing even stronger financial gains, with reduced labour and licencing fees.

We’re confident of our technology… but, rather than taking our word for it, we’d be happy for you to trial our solution. Contact us and we’ll be happy to discuss your requirements.

Genesis is available in a range configurations to meet everyone’s needs. To find out more please click here.

*Yield figures are based on data from typical usage from devices that are not deemed as physically faulty or damaged.