Year: 2025

How Securis is Increasing Accuracy and Efficiency with Cutting-Edge Scanning Technology

Inventory accuracy is a cornerstone of effective IT Asset Management and Disposal (ITAD). Securis has recently invested substantially in state-of-the-art handheld mobile computers in our ongoing pursuit to provide industry-leading asset-tracking accuracy. Our latest investment propels us even further towards delivering the most accurate and efficient IT asset inventory tracking available.

Introducing Zebra TC58 Scanners Advancing Asset Tracking

Securis has recently upgraded our handheld scanners to Zebra TC58s, a powerful, enterprise-class handheld mobile computer designed to streamline and improve inventory management. The TC58 is fantastic at capturing barcodes, even if they are damaged or poorly printed. Powered by a robust Qualcomm Snapdragon 8-core processor, the TC58 enables faster and more efficient operation, allowing it to handle demanding applications effortlessly, ensuring a seamless and efficient scanning process.

Enhanced cameras in the TC58 (16MP rear and 5MP front) make it easier to capture high-quality images for proof of delivery, asset tracking, or inspection tasks. The enhanced cameras have improved the ability of our DriveSnap AI technology, our AI-powered asset label scanning innovation that enhances speed and accuracy in asset scanning and provides a photo record of each scanned asset slated for destruction. 

Beyond speed and accuracy, these handheld mobile computers align with our broader technology upgrades to tackle persistent IT Asset Management and Disposition challenges. Two key issues historically plaguing the industry are duplicate scanning and matching drives to their respective storage controllers, servers, and cabinets. Our enhanced scanning capabilities directly address these pain points, significantly improving efficiency and accuracy.

Eliminating Duplicates: Enhancing Accuracy and Efficiency

Mistakes are inevitable when scanning thousands of assets daily. Industry data suggests that scanning accuracy typically falls below 85%. A common issue is the inadvertent duplication of scanned items, leading to time-consuming investigations.

Our new scanning technology has significantly improved duplicate detection, allowing us to eliminate errors and streamline operations. This advancement has dramatically reduced the time required to investigate discrepancies, ensuring our clients receive the most accurate reporting possible. As our Mobile Device Administrator Michelle Armon notes, “Not having to worry about duplicate items being scanned has significantly increased our efficiency around asset scanning and brings us closer to our goal of 100% accurate reporting.”

One-to-Many Matching: A Tailored Solution for Client Needs

One of the most significant challenges in ITAD is ensuring that every asset is correctly matched to its corresponding storage device before being securely disposed of. Many of our clients, particularly those in the banking and financial services sectors, require assets to be matched to their storage cabinets for compliance and financial reasons.

For example, financial institutions often track their IT assets using asset tags and serial numbers. Before destruction, they must confirm that all drives in a storage cabinet have been purged or destroyed according to NIST 800-88 standards. Furthermore, some clients receive trade-in credits when they return storage arrays or servers to vendors such as IBM, HP, or Dell. Our new scanning technology facilitates the seamless matching of one storage array or cabinet to all associated drives, providing comprehensive and accurate inventory lists tailored to client requirements.

The Future of IT Asset Management at Securis

Implementing our new scanning technology marks a significant leap forward in our mission to provide the industry’s most precise and reliable IT asset inventory tracking solutions. By addressing key challenges such as duplicate scanning and one-to-many asset matching, we are enhancing our clients’ security, compliance, and efficiency.

Securis remains committed to setting new standards in IT Asset Management and Disposition as we continue to evolve and invest in cutting-edge solutions. Our latest advancements in scanning technology are just one example of how we strive to provide unparalleled service and innovation to meet our clients’ evolving needs.

Stay tuned for more updates as we push the boundaries of what’s possible in IT asset inventory management!

Sustainability Meets National Security-Interview  Transcript

Attendees

Kurt Greening, EVP Securis

Richard “Dick” C. Schaeffer, Jr

Mr. Schaeffer is a former Senior Executive with the National Security Agency (NSA), with almost 50 years in the Information Security, Cyber Security, and Intelligence space. Since retiring in 2010, Mr. Schaeffer has continued to pursue his passion for improving the security of U.S. and partner interests in the Cyber domain. He started a private consulting firm, Riverbank Associates, LLC, located in Severna Park, Maryland, bringing visionary leadership, management, technical experience and expertise to his client’s challenges. His client base has included a full range of private sector companies from small start-ups, middle market companies, large system integrators, commercial businesses, and international entities.  He also leads the Paladin Strategic Advisory Group and is a Principal in Endeavor Technology Group.

Bill Downer

Bill is a Managing Director at Rare Element Solutions, a company that was formed to solve supply chain challenges for the U.S. Department of Defense.   Before starting Rare Earth Element Solutions Bill was vice president of national programs at Seagate Government Solutions, a provider of data management solutions to federal agencies.  Downer previously held several sales-related directorial roles in companies such as Sun Microsystems, DEC, StorageTek, Quantum, Mellanox Technologies and DataDirect Networks. Downer earned a master’s degree in business administration from Averett University and a bachelor’s degree in religious studies from Randolph-Macon College.

Transcript

Kurt Greening: Welcome Dick and Bill. For anyone who doesn’t know,  my name is Kurt Greening and I am an executive VP with Securis. We’re an industry leader in drive shredding and IT asset disposal. And today we’re here to talk about two important issues, sustainability and national security. For those of you who may or may not know Bill and Dick, I’ll just read a quick bio, and if I miss anything, maybe the two of you can help me a little bit.

Kurt Greening: But Dick Schaefer actually is a former executive with the National Security Agency, NSA, and he spent almost 50 years in the information security cyber security, and, intelligence., and he’s still pretty active these days, doing things like working for Riverbank Associates, working for Paladin.

Kurt Greening: in terms of investing in some up-and-coming technologies. and he’s also a principal in Endeavor Technology. Did I miss anything Dick you want me to point out?

Richard Schaeffer: No, that’s it.

Richard Schaeffer: I’m an old guy who’s been seen a lot.

Kurt Greening: Awesome. That’s great.  And Bill, it’s great to have you on as well. I’m excited to introduce people to Rare Element Solutions which is a company that recently has been created to solve supply chain issues for the US Department of Defense.

Bill Downer: Yeah.  Thanks, Kurt.

Kurt Greening: And I know you’ve been around also for a while working for people like Seagate, Sun, DAX, Storage Tech, Quantum if there’s an expert out there in the data storage industry, I think your resume kind of screams that. So I’m really excited to have you on and introduce people to what Rare Element is doing. So, maybe if I could start with you, to help our audience, can you explain to people how supply chain became a national security issue or became an issue that maybe more people are now aware of today?

Richard Schaeffer: Yeah, I think it’s more the latter. Supply chain has always been a national security issue. whether that is in the aerospace and defense, whether that’s in intelligence, whether anytime the US government has built something to execute or conduct a mission, the things that go into the technology that supports those missions has always been critical. we haven’t always thought about it in the context of supply chain.  We would design things, we would order material, we would build things, we would test them, we would deploy them. and eventually they’d reach end of life and they’d probably end up in a warehouse somewhere or I started out life in the Marine Corps. we were the folks that got everything after the other services were done using them.

Richard Schaeffer: So we learned how to do a lot with very little. But over the last 10 years the concept of understanding protecting the supply chain has become more and more important.  And then I think during the COVID era when all of a sudden the containers sat on ships in harbors on the west coast or on the east coast and components couldn’t be brought ashore because of the shortage of personnel or the inability to move the material off the docks and so forth.

Richard Schaeffer: people became more aware of just what it meant when you couldn’t order get material, build things, deliver things, and so forth. and there’s always been an issue with at end of life, how do you ultimately take something that has been a critical mission component? I’ll say all my years at NSA we worried about national security systems.  of those systems that procified that process classified information or were part of weapon systems and you worry how do you destroy devices that are part of that ecosystem such that if an adversary was to obtain those devices they couldn’t extract anything from them that was useful.

00:05:00

Richard Schaeffer: and NSA was responsible for setting the standards for how that was done. the discipline to do that I’m not always sure was at the highest level that it needed to be because I think IG’s and others would find warehouses where there was equipment stored that probably should have been destroyed years ago or things were done just out of expediency the people who were actually doing it weren’t even aware of the requirements for how things should be processed.

Richard Schaeffer: But I think we’re in a time now in a phase when supply chain’s important and it’s important to think about supply chain from whether it’s mining or that that creates the aluminum, titanium, other metals from which gearboxes or other kinds of devices that go into aerospace and defense components or whether it’s the sand that forms the silicon devices from which micro electronic devices are produced and then ultimately at the end how those things are recovered. I think it’s a much much bigger issue today but it’s not new.

Richard Schaeffer: It’s the attention we’re bringing to the capabilities that we can bring to that environment and then ultimately how do we ensure that we’re maximizing the value chain that’s part of this whole process as well.

Richard Schaeffer: So probably more than you wanted on just the national security aspects of it but it’s an extraordinarily complex topic. not well understood by a lot of people who are outside of the immediate area impacted by supply chains.

Kurt Greening:. Perfect. Yeah, thanks for that. Bill when I talk to a lot of people about sustainability, they’re thinking about Earth Day recycling cans, can I buy an electric car? But maybe an area that they might be less familiar with is electronics. How does electronics play a role in sustainability?

Richard Schaeffer: Well I’ll start and then maybe kick it over to Bill. As I pointed out earlier, NSA is responsible for the destruction piece.  So, there are materials that we’re able mine in partner, countries that become the feed stock, if you will, for the microelectronic devices. we used to produce a lot of them here. actually NSA used to have its own foundry. we used to build our own chips.

Richard Schaeffer: NSA doesn’t do that anymore. there are a few microelectronic fabrication facilities here in the US. Maybe there will be more in with thrust of the current administration, but a lot of that comes from offshore. and so the devices are fabricated, they’re manufactured, they’re delivered, and then they’re put into systems here. And it used to be that when we destroyed something like a solid-state drive or a hard drive or something like that, we crush it up and then take it to a landfill. it became part of the terrain.

Richard Schaeffer: and that was done because we didn’t have the ability to recover the devices, even the precious metals in a lot of cases. you look at a printer wiring board today, there’s silver there, there’s gold there, and a lot of cases, we just crush it up and it goes to the landfill. and you say now are there ways in which we can actually at a reasonable price point recover some of that material so that we can feed it back to the front end of that big supply chain loop.

Kurt Greening: Yeah, maybe we’ll talk about the economics at the end. Bill, any thoughts or things you want to add to that?

00:10:00

Bill Downer: No, and I agree with Dick and his opening remarks that there was a lot of focus coming to this prior to COVID and the pandemic and where a lot of our materials for what the US government uses and the banks and everyone else were coming from China.  But to Dick’s point, the pandemic really put a microscope on so much when we could no longer get it into the country.

Bill Downer: we really became very evident of where the products or the sub-asssemblies or materials are coming from and as a result created rightfully so an alarm around where are these things coming from and how much at risk was the US because it didn’t really understand all the dynamics of the supply chain and now it has really become very much a focus

Bill Downer: which I think is great. sorry it had to be a pandemic that brought us to this point but for good outcome as a result

Kurt Greening: To the good outcomes, what are some of the things, strategies or programs that the US government is employing to solve some of these issues?

Kurt Greening: I don’t know, Dick, you want to take that one?

Richard Schaeffer: Yeah. Let me start. And again, I’ll let let Bill chime in here as well. I think it’s okay. The US government now recognizes that there’s an issue. the problem is and we do with so many big challenges in the federal government, there’s a lot of people who are involved. And whenever there’s a lot of people involved, it usually ends up where no one’s in charge. So if you think of supply chain security today, everybody’s got a little piece of it. Everybody in the federal government. So you’ve got the Department of Defense, yeah, they’ve got a big role. You’ve got Department of Homeland Security, they’ve got a role. Department of Commerce has a role. and in defense, if you look down amongst all the defense departments and agencies, everybody’s got a little role. And there there really isn’t,  there are there are policies, there are regulations, there are best practices, but there really isn’t a US government champion who is what I would call the great advocate for both the materials and the processes and who can set priorities.

Richard Schaeffer: So if if we need I’ll do something simple like if we need aluminum for manufacturing of aerospace and defense systems that can be air breathers, it can be satellites, it can be remotely piloted vehicles, unmanned aerial systems, drones, it can be a whole series of things. and there’s probably 20 different kinds of aluminum. if you go to the mines and you say, “Okay, I think it’s oxite that you create aluminum Okay, here, here’s a mine, we mine the ore, we process it somewhere. We create the alloys of aluminum by adding stuff to them and then they go off to be satellite components or airframe components whatever they do. Oh and some of this stuff has to be of a form where it can be machined, where it can be and so the manufacturer, the supply chain for that from the mining all the way through to the delivery of the components is there’s probably 10 or 15 departments and agencies that are involved in that whole process. The health and human services from an OSHA standpoint, what can people do? what can’t they do?

Richard Schaeffer: but there’s nobody who’s sort of sitting at the top saying aluminum is a critical component to aerospace and defense and we need to ensure that we’ve got input into that supply chain into the beginnings of manufacturing the creation of the material and then in the end how do we recycle  that stuff? Okay, we’ve got an F-15 that’s longer serviceable. we were flying A4s when I was in Vietnam and when they got shot up, we took them out in South China Sea and a big CH53 would carry them out there and dump them in the ocean or dump them in the sea and they’re probably disintegrated by now. That wasn’t very effective.

00:15:00

Richard Schaeffer: But it’s kind of a government mindset if there’s nobody saying here’s the priorities, here’s the processes, here’s what we need to do in order to be able to create, here’s what we need to be able to do to at end of life to recover, and here’s how all the agencies will play together in order to make that all happen. We just don’t have that today.

Kurt Greening: Yeah, great great background.

Kurt Greening: So, you gave us some examples of, planes and weapon systems and aluminum. Bill, you’re kind of our resident expert here on the interview on data storage. Tell me about What do hard drives have in inside of them that make them so valuable to the DoD?

Bill Downer: So to Dick’s point, a lot of the connectors use precious metals. in fact, the platters have been different materials over time, whether they were aluminum or glass. and all of that is recyclable, well both of those particular things are very recyclable, but at the end of the day data storage is about zeros and ones and historically how we’ve created the data on any storage device. The zeros and ones has to do with magnetism and using magnets.  And as we get more and more sophisticated, as we shrink these things down, you made more and more sophisticated magnets, which has led us to building the magnets out of rare earth metals. because everything Dick said earlier about the difficulty in mining those ores, the difficulty in processing them, they have become more and more valuable. And that’s why responsible retirement and reclamation becomes such an imperative because those materials are so hard to

Kurt Greening: Thanks for that. Dick, you kind of answered this question that, telling us there’s at least 15 different agencies in the federal government helping with this problem. I have some knowledge that DOE is also helping with some research grants and in this area. Is there anything that stands out there in terms of work that’s exciting?

Richard Schaeffer: I’m probably not as sort of current on Yeah,…

Kurt Greening: And that’s an area outside of your experience.

Kurt Greening: I mean, I know that they’re one of the 15. yeah, right.

Richard Schaeffer: I would just say, from a DOE perspective I mean, the US government has long used the DOE labs as I’ll say think tanks, and basic research components to explore of doing kind of a simple term ways of doing things.

Kurt Greening: Yeah. Yeah.

Richard Schaeffer: Anytime we had a hard problem, whether it was nuclear fusion or fission or whether it is possibly recovery of material, we’ve used the national labs as think tanks within the government classified environments in many cases to explore solutions to big hard problems and so the ability to create those solutions is interesting, but it’s not very helpful if you can’t get them out and then make them commercially viable. And tech transfer is always hard.

00:20:00

Richard Schaeffer: But if you can find ways to move the science, move the process from the laboratory to the commercial entity that can create a value proposition for executing the process, then what we’ve got is a winner. We’ve got government investment in a national lab creating a solution to a problem that can then be productized and turned into a moneymaking commercial entity which then satisfies the need of a large group of people not just a couple of scientists inside a lab.

Kurt Greening: That’s a good point Dick. So, speaking of winners and commercial viability, Bill, what made you think that you needed to start a company to help solve this problem?

Bill Downer: It’s funny and it perfectly goes off what you just talked about. While still working at Seagate Federal, they were looking for a more responsible way to they’re very much into doing the responsible things for the Earth.  And I got tasked by my manager to go figure out what was going on in responsible retirement and reclamation around hard drives. It led me to do a year-long research to look at various technologies.

Bill Downer: What I found was multiple DOE labs had developed differing technologies to get the magnets out of hard drives and to effectively get the materials back to a certain state. and we evaluated all those and the DOE and I’ve been on the hill a number of times since while I was doing this project. they started doing a lot of this research in 2010 before it was quite the crisis that it is now. and they have now created these various technologies. They have made them licensable to commercial firms, so we stood up a firm purpose-built to go take some of these DOE technologies and prove them out commercially but in particular with a focus on how to help DoD and the intelligence community responsibly retire the equipment from those sites in a certain manner, and to get the materials into the strategic reserve that has been set up for the rare earth elements. And so a perfect cycle to take both in from terms of chain of custody. These are devices owned by the government and giving back whatever products are produced back to the government for their own use.

Kurt Greening: I love it, solving some of both the economic problems, the data security problems as well as sustainability.

Kurt Greening: Is there anything more that you want to say about the methods that you plan to use or more detail? You talked about how you’re going to recover and then store the rare earth. Anything more you want to say about either of those, Bill?

Bill Downer: Yeah, I would say that we’re not fixated on just doing this with hard drives. DOE has done a great job of research reclaiming rare earth elements from all manners of magnets in everything, whether it’s in EVs or it’s in windmills or whatever. the windmills are a huge issue on how we retire those and what we do with them.  So we’re looking at all manners of technology that have been developed by the US government labs and how to build a commercial capability that allows us to do a full life cycle of anything that has been pot bought and paid for by the government whether it’s the research or it’s the actual devices.

Kurt Greening: Perfect. thank you for that answer, Bill. Dick    , I understand you worked at the NSA. You were explaining a little bit of this to me earlier. You mentioned it’s the center for storage device sanitization try to get it right I think now it is under what is called the cyber direct directorate can you talk about any of the standards that NSA has developed or maybe working in concert with some of the NIS standards that protect the DoD and also the DIB or  the defense industrial base when it comes to cyber security risk associated with end of life electronics,

00:25:00   

Richard Schaeffer: So again I’m going to use this term life cycle.  If there is a national security system, so a system that processes classified information, then NSA as in its national manager role sets the standards for destruction. So they set the standard for we’ll use Bill’s example of a hard drive. they’ll tell you, you’ve got a  big, you’ve got to try to remove all of the information that’s on the drive. So, you want to degauss it, you want to make  sure that you’ve done as much as you can do. we talk about writing ones and zeros to the platters. that’s a method. but ultimately you’re gonna grind that thing up. you’re going to turn it into essentially a handful of metallic particles and what NSA will say this is how small those particles have to be.  And so they will set the specification for the machine. Think of it as a grinder. so you’re going to throw it into a grinder, and it’s gonna, a bunch of particles are going to come out the bottom and they’re going to be of a size that NSA will say we have a high degree of assurance that no one could recover information from that device when processed through this cycle this writing of ones and zeros or degassing or grinding and ultimately you’re left with something and NSA will do that  for not just hard drives, but they’ll do it for micro electronic devices, solid state drives, and so forth.

Richard Schaeffer: The challenge is so people in the national security community are aware of those specifications because they’re part of that community, but they also form a corpus of best practices that private sector that has sensitive information on their devices should also be following.  So it’s in this life cycle and this happens quite often, it’ll be the Department of Defense or the intelligence community will create a process because of classified information data objects that are very sensitive and ultimately as the private sector looks at that and says it’s not classified in a national security sense but it’s damn important to me. it is the lifeblood of my company and therefore I’m going to treat that information, those data objects in the same way that the US government might treat their classified information. I’m going to be assured that in the end, nobody can recover that information and steal my intellectual property or whatever.

Richard Schaeffer: So gradually things leak from the defense and intelligence space into the private sector become common usage and the nation is better off from it. We don’t do enough, and this is where I get back to nobody being in charge.  Nobody’s really pulling all the pieces together and saying, Yes, we have national security information, but we also have very industrial information. We have very sensitive health care information and we’ll all have to ensure that we’re treating all of these categories of data appropriately.

00:30:00

Richard Schaeffer: And ultimately scale means everything. if Bill’s company is only processing a thousand hard drives a week,  that’s one price point. But if somebody said, Bill, I need you to process a 100,000 a week.” He’s going to get a whole lot more efficient in the way that he does that.  And then the output which is sort of these rare earth elements that are ultimately recovered from these processes, become more plentiful. They become less expensive.

Richard Schaeffer: And by the way, there’s more of them that can go back into I don’t care whether they come out of the private sector or whether they come out of the national security sector. If I can feed them back into that national need for rare earth elements, I’m minimizing then the amount of material that we’ve got to import from other countries. and so there’s this term life cycle takes on a much more significant meaning because it’s Bill and rare earth elements is sort of sitting almost at the end of that life cycle.

Richard Schaeffer: something has to be done probably to process that material to get it back into the national stockpile. But that becomes a very critical part of the supply chain not just for government, but for private sector as well. And I use private sector to mean everything that’s not US government.

Kurt Greening: Thank you for that Dick. We do have some educated customers that come to us here at Securis, and they will ask us about the National Industrial Security Program operating manual. many times they will quote, 32 CFR part 117. some of my older customers will still ask about DoD 5220, which is pretty outdated. but you talk about what’s spilling into the private sector.

Kurt Greening: You know, traditionally what I hear from civilian agencies is that they are following NIST publication 800-88. but I’m also hearing that from banks and hospitals in the private sector.  So the good news is the work that the taxpayer is funding around cyber security that is flowing out into organizations that are protecting citizen data our financial systems energy sector etc.

Richard Schaeffer:  Let me just give you one additional piece of good news or what should be good news. NSA creates specifications, NIST creates specifications. and I’ll say people inside the system understand those things but you don’t understand the specifications for the tires that are on your car right?  You just go to Goodyear, and you buy a set of tires, or you go to Firestone or whoever you go to. you go there and you buy a set of tires for your car, that’s the endpoint.  That’s where we’ve got to get this to where people don’t need to know the specifications. They don’t need to know sort of, is the grinding machine, does it meet this spec?

Richard Schaeffer: What they need to know is that for the national good, they’re taking their outdated, no longer usable microelectronic devices and they’re putting them into a process that ultimately ends up doing good for the nation. And again I’m looking for this grand pooba, who’s going to be the sage on the mountain, but we don’t talk about it in that way. we talk about it in terms of the geek speak for those organizations that are mandated to do it, most of whom do.

Richard Schaeffer: But if we made it easy, if we made it economically feasible if we made it so that they felt like they were contributing to the national good in some way, and sort of other hats that I wear, I meet with investors who don’t have a clue about national security. They don’t have a clue about complex IT systems.  But what they say is, “I’ve made a lot of money in my life. It’s real estate or it’s whatever they’ve done.” and I want to contribute to the national good. and so that’s the context, I think, that when we can get companies to understand that they’re contributing to the national good simply by not throwing this stuff into a landfill somewhere.

00:35:00

Richard Schaeffer: and it’s it beyond recycling. it’s actually a contribution to the national and then I think we begin to build scale. We begin to bring prices down. We begin to fill that national supply need for rare earth elements. we do the things that we need to be to become a much more self- sustaining and truly a much more self- sustaining because we’ve got the life cycle part down. Then companies Securus become a critical link in that chain as well because you’re the outward-looking face to the private sector.

Kurt Greening: Yeah, perfect.

Kurt Greening: And I probably should have mentioned the good work that folks over at NSA have done on the evaluated products list for shredders and degausers. So that’s certainly helpful. But maybe I wanted to switch the conversation a little bit. I’ve got a lot of friends who are chief information security officers, sisos, and the defense industrial base.

Kurt Greening: And I’ve had conversations with them and some of the hot cyber security topics today are software supply chain cloud security that’s all the new rage and what you have these folks talking about but do you think that the defense industrial base and the government should be paying as much attention to end-of-life electronics as some of these new hot cyber security issues?

Richard Schaeffer: Without a doubt. I believe that there are devices sitting in warehouses that have highly sensitive industrial secrets on them. I’ll use the term secrets. Maybe that’s a small S but intellectual property I think. So I’m going to give you another example, and it can be edited away but my wife has a friend who does estate sales and so occasionally he’ll need help setting up somebody’s parent dies or grandparent or some friend or some there’s nobody left and they hire a company to come in and sort of run an auction or run a sale and get rid of all the stuff. So, she did this a couple of weeks ago and she comes home and she says, “You’re not going to believe this”. This guy who died had a box and I think there were 27 hard drives in a cardboard box. and the guy who runs the estate sale said we’ll sell them for $2 a piece or $5 a piece or whatever it was. and I said, go tell Duke, don’t you dare. I said, ‘You have no idea what is on those hard drives. What if you’re selling somebody’s pornographic library? worse, what if it’s child pornography on there?

Richard Schaeffer: What if there is? You have no idea. What they ought to do is take them to a place that’s going to grind them up and shred them and get rid of them. And I think that situation occurs, all over the country probably a thousand times a day. It’s probably not pornographic libraries, but it’s probably personal banking information. social security numbers, all sorts of personal information and it’s so easy for somebody to go to a sale. I mean, these estate sales are all over, go to a high netw worth area, go to an estate sale and buy a used computer and see what’s on it.  

00:40:00

Kurt Greening: Yeah Dick you’re right. So I-Sigma did a study and bought electronics off of eBay. More than 40% of them had either corporate or personal personally identifiable information on them. Rapid 7, who’s a cyber security company, they bought infusion pumps off of eBay that were in hospitals and they were able to get the wireless configuration data from seven hospital chains. So, you’re right, those things are a risk. So, I’m going to ask one last question and then maybe we’ll call it a wrap. this has been awesome. Thank you, Dick, and thank you, Bill.

Kurt Greening: So, Bill, not too long ago, maybe, I think in the last two years, it was probably going back to your time at Seagate, you started to approach Securis to, help what now became, your company, and I’ll post the link in the show notes to help the DoD solve this issue that is at the intersection of supply chain, cyber security, and sustainability. what made you decide to partner with Securus on this?

Bill Downer: So just like I did a due diligence on all the various reclamation technologies, I did a similar thing on information technology asset disposal companies and the name of Securis came up multiple times for the quality of the recordkeeping, the responsible method in which they did the work, and the fact that you were doing work for both the federal and state and local governments.  And I became such a fan, and this predates you, Kurt, that I actually hosted multiple tours, I’m not sure if you’re part of these, but we hosted the industrial policy people for supply chain from the Pentagon. We hosted Defense Logistics Agency who’s responsible for the strategic reserve.

Bill Downer: we hosted the Department of Energy industrial or advanced manufacturing group and it’s interesting to me every time I was at a meeting with various government executives often that were set up by Dick what we found was that many of the people that set the policies around the supply chain around defense logistics had never visited an asset disposal facility. and so I brought them out and typically they’d say, ” I’ll give you 45 minutes and I’m out.” Couple of times, Dan and I had to run them off the facility at the end of the day because they didn’t leave because they had so many questions and here they are setting policy around responsible destruction and reclamation and yet have not had an opportunity to tour such facility.

Bill Downer: Given your proximity to the beltway, your company, it is ripe for bringing people out from various headquarter locations in the federal government to see a very responsible company do what you do. and how you do worry about the full supply chain, and keeping the proper records and keeping up to speed and being a leader in the certifications required in that industry. You are always ahead of the game. And so it was easy for me to become an advocate and host those tours. And y’all did a great job of hosting the various government representatives so they could learn more about how their policies were affecting industry.

Kurt Greening: Thank you, Really appreciate having you on, your partnership, what you’re doing for sustainability, what you’re doing to protect our national security interest, and looking forward to more great work on solving these problems.

Richard Schaeffer: Yeah. Thank you,  And I just leave you with you should be unapologetic and ruthless in demanding of your government, and my government, the  best process, the best approaches, you’re you live it day to day. You know what works. You know what doesn’t work. You know what what works well, what needs to be fixed.And you should be demanding of the government solutions that actually work for the masses, not just for the people as Bill pointed out, people that set the policy who’ve never actually done the work to understand what do those policies actually mean. So, be unapologetic and be ruthless.

Kurt Greening: With that, we’ll end.

Kurt Greening: Thank you for that advice, Dick.

Richard Schaeffer: Thank you.

The transcript and the full video of the conversation between Kurt Greening, EVP at Securis, Greg Crabb, and Nick Crabb of TEN EIGHT Cyber appear below. 

Contact Information

Gregory Crabb:  https://www.linkedin.com/in/gregorycrabb/

Nicholas Crab: https://www.linkedin.com/in/nicholas-crabb/

Kurt Greening:  https:https://www.linkedin.com/in/kurtgreening

Website Information

Securis:   https://securis.com/

Ten Eight Cyber:   https://teneightcyber.com/ 

Assessment mentioned in the video:  https://assessments.teneightcyber.com/

 

Kurt Greening, Securis: 

For those of you who don’t know me, my name is Kurt Greening, and I am an EVP with Securis. Securis is an industry leader in IT asset Disposal. Today, we are here to discuss how to lower the risk associated with the disposal of organizational I.T. assets. Gregg, before we get into that topic, can you briefly introduce yourself and tell me who TEN EIGHT Cyber is?

Greg Crabb, TEN EIGHT Cyber: 

Absolutely. Thank you so much, Kurt. My colleague Nick and I work together here at TEN EIGHT cyber. We’re a cybersecurity advisory firm focused on empowering organizations to build resilience against cyber threats. And we provide a variety of different offerings. Today we’ll talk about what we’re doing in order to be able to support organizations, in conducting assessments against, proper I.T asset management practices. And, we provide a variety of other advisory services, anything from incident response and management to third-party risk management. So thanks for having us, Kurt. Really excited to collaborate, and Nick and I are really excited to support you.

Kurt Greening, Securis: 

Yeah. Great. Yeah. We’re glad that you’re here. Nick, can you do the same thing? introduce yourself. I understand that over the last few months, you’ve been doing a lot of research, around this space. Maybe you can introduce yourself, but then also share some of the things that you found, in terms of vulnerabilities, breaches, fines, really in the space of  IT Asset management.

Nick Crabb, TEN EIGHT Cyber: 

Yeah, totally. So my name is Nick Crabb. I currently work as a cyber security engineer for TEN EIGHT Cyber, and I create presentations, policies, assessments, and daily threat reports. every day, talking about anything from ransomware to, end-of-life systems and kind of nation-state threat actors. And today I kind of want to go over some end-of-life systems that pose risks to organizations. And I’ve done a little bit of, research on that. And there are two main breaches I kind of want to go over. The first one is the Filefax HIPAA violation. And this is a great example because even after shutting down, Filefax was fined $100,000 for improperly handling 2150 patient records. And they were later sold at a recycling center. And, these threat actors were able to sell that information. And obviously, they had to go to court and HIPAA was able to, fine them for not properly, disposing their assets.

The next one is Morgan Stanley and they were  fined $60 million by the U.S. Treasury Department for failure on IT Asset destruction. And this includes,   proper oversight and decommissioning, two data centers, failure to track customer data and inadequate vendor management. Now, more than ever, I think, companies need to focus on IT Asset Destruction And from when I was researching it from kind of knowing nothing to knowing a lot, now I think, I took a new company perspective.

It’s hard to think about IT Asset destruction when you’re a new company, when you have a small inventory and new equipment. But as the years go on and the equipment that you use gets older and the inventory grows week after week, without secure IT Asset destruction policies and kind of procedures go out the window. And I think, organizations can’t kind of live with the regulatory fines, legal liability and the devastating breaches that the two, kind of examples I went over.

Kurt Greening, Securis: 

Yeah, I agree, I mean, it’s the big companies that, tend to have the lawsuits, tend to have the fines. And obviously that creates the biggest risk of, you know, breaches, employee or customer, data. So that’s a big deal. And, yeah, Nick you didn’t mention that you produced a cyber threat report on a daily basis. I’ve seen that. I will, post in the show notes. You’re on LinkedIn for those who want to follow you, you want to make sure that, there avoiding vulnerabilities and risk in multiple areas. So, thanks for that. Greg, I’m going to throw you a question here. So, maybe people don’t know you’re a former CISO. You served, in the federal government, both in law enforcement and later, as a CISO of the U.S. Postal Service. But one of the things that I’m curious about as I talk to, other CISO’s, I’m just curious why other CISO’s might not be doing more to lower risk in this particular area.

Greg Crabb, TEN EIGHT Cyber: 

Yeah, really good question, Kurt. And I’m going to kind of look at it from a couple of different lenses. The first is competing priorities. CISOs are focusing on so many different things, whether it’s ransomware prevention, supply chain attacks, all of the NIST CSF controls or CIS controls. There’s a lot there, and quite frankly, IT asset disposal gets overlooked. And there are other reasons as well. Because they’ve got so many different things going on, they might delegate that to the IT  help desk function for the organization. You know, you  distribute the technology, you know, you also get rid of the technology. You know, I don’t want to worry about it. You guys do it. And that also speaks to some of those business processes in that  I.T. technology management asset, management track and that many organizations don’t have a comprehensive IT asset inventory, so it makes it difficult for them to track, even if they have assets that need to be decommissioned, right. And that kind of speaks to that cross-departmental responsibility confusion that I, that I alluded to. 

So, you know, and I think, we need to kind of re-examine, I think we’re getting to the point where, from a NIST, and policy perspective, we need to take a look at this whole concept of encrypted hard drives and reexamine that in the face of what threat actors are doing right now is buying, outdated, hard drives and decommissioned hard drives with the hope that, you know, when, quantum cryptography, is developed and the ability to break that encryption, arises. and so we need to look at those policies and think, you know, BitLocker is great right now, but BitLocker, in the face of, the quantum threat will not be sufficient. And, you know, is that five years from now is that ten years from now, we don’t know. But I don’t want any of the information that’s on my drives exposed ten years from now because we didn’t take care of our assets properly today.

Kurt Greening, Securis: 

Yeah. I definitely agree with the competing priorities. And, you know, I don’t think we’re on this call to beat up CISO’s because they get beat up enough and, you know, just, I think just watching Nick’s threat report every day, can make it difficult to get sleep at night. So, thanks for that. So, Nick, in  the vein of trying not to be beat up organizations, you know, we talked about some of the risks and where organizations have made mistakes, but there’s probably more people that are doing things right than making mistakes. Can you provide a few examples? in terms of the research that you’ve done or companies that you’ve talked to and things that you’re seeing them do right in terms of I.T. Asset Management?

Nick Crabb, TEN EIGHT Cyber: 

Yeah, totally. So these are more kind of, general examples, companies that are getting their IT Asset destruction process correct, are typically the ones not in the news. And that makes a lot of sense. So, to ensure secure and compliant IT Asset destruction I think it’s important to align with NIST 800-88. From my journey learning about NIST 800-88 was significant, and I’ve learned a lot through that. And I think some leading practitioners are Amazon,  financial institutions, and government agencies, and they implement strong asset tracking and secure disposal processes. And I think that’s very important for organizations to secure all their assets after end-of-life. So organizations that maintain a comprehensive inventory and enforce proper destruction protocols not only enhance security but also build customer trust and regulatory compliance.

Kurt Greening, Securis: 

Yeah, I agree, Nick. I haven’t reviewed Amazon’s policies, but I have reviewed Microsoft’s policies. And they’re pretty good in this area. I’ve also worked with some banks that have incredible, I.T. asset management, policies. They have really good oversight of third-party, ITAD vendors. So there are definitely some people out there getting it right, and people that in the industry that we can learn, some best practices from.  Now, Greg, switching gears and going back to you, how does getting I.T. asset management, right, relate to cybersecurity best practices?

Greg Crabb, TEN EIGHT Cyber: 

Several lenses that, Nick kind of, opened us up into, I think I want to expand on and, first and foremost, it’s risk reduction. Right. Improperly disposed of I.T assets are targets for cybercriminals, and, a CISO’s role is to reduce risk for the organization. So, making sure that, a proper I.T. asset management practices are in place are critical. The next is really looking at this from a zero-trust perspective. When you look at both the data pillar, and the device pillar, they converge at  I.T. asset destruction. Right. When you look at, you know, the, termination of those life cycles, are at I.T. asset destruction. And so, to have a proper zero trust, organization, based on those principles, I think you really need to look at, I.T. asset destruction as an endpoint for those, and then, obviously, the regulatory compliance aspects Nick’s talked about HIPAA. Organizations that face GDPR, and the FFIC regulations, obviously with what Nick reported on relative to Morgan Stanley, those are excellent examples of, kind of the regulatory, compliance requirements that exist in this area. So, you know, those are kind of the lenses that I’m thinking about relative to some of the cybersecurity best practices.

Kurt Greening, Securis: 

Okay. Yeah. Great. that’s helpful. Greg, I got another question for you. So, I talked to a couple of lawyers about this area and some other risk management professionals, and they referred to a, I guess, a term of having defensible IT asset management policies. Can you help our audience understand what they might be referring to?

Greg Crabb, TEN EIGHT Cyber: 

Yeah. So, I think any regulated agency or, maybe that’s the DOD supply chain for CMMC perspective or the financial services from a FFIEC perspective, defensibility, documentation, compliance and verification, those kinds of terms rings through. So, do you have a well defined asset management lifecycle, including,  asset destruction policies and procedures? Are you complying with those policies and procedures? And do you have a means to verify that the performance of those controls are done in a complete manner? And so, I think it goes back to, like I say, documentation compliance and verification.

 Kurt Greening, Securis: 

And Greg, I would guess that proper oversight of third-party vendors would be included. In those three things.

Greg Crabb, TEN EIGHT Cyber:

Absolutely. You know, just, I guess I generally alluded to it when I mentioned CMMC, that’s a that’s a whole supply chain related, body of compliance requirements. And so, by all means, having a proper, third party, visibility and assurance is necessary. When you think about the complexities of the supply chain and, any technology service provider or financial institution or, or government contracting context,

Kurt Greening, Securis: 

Perfect, great answer, I think. I think I have a better understanding now. Nick, So I’d love to hear from you again. I understand that you and your team have actually developed an offering that’s going to help busy CISO’s lower this risk in the area in particular. I think what got me excited is I talked to a number CISO’s and they said similar things are busy. you know, one said, hey, you know, the most amount of time my team has spent on it is to set up a policy and then, you know, expect that the team follows it. But, you know, this particular individual did acknowledge, hey, if there was something else I could do, like, maybe hire a third party to help me with this. He seemed really open to it. So, could you describe the offering that you developed or the assessment that you developed and then maybe let people know how they could get started with ten eight cyber if, you know, they think, hey, I probably need to improve my I.T. asset management or my I.T. disposition practices, but I maybe I don’t know my level of risk, or I don’t really know what things I should be improving on first. You know, how could they approach your team?

Nick Crabb, TEN EIGHT Cyber: 

Yeah, totally. So I just want to preface first. They’re definitely cost-effective. TEN EIGHT is currently offering a few different I.T. asset disposal assessments with various tiers aligning with large and small organizations. The introduction assessment is our first one. It’s very basic, with 12 questions allowing the company to answer them on their own, and then a consultation will be scheduled with TEN EIGHT to go over and kind of go in and talk about their, depth and the specific gaps they have in the company’s answers. We then create in a report an analysis on how the company can best improve based on that. We then have larger assessments that allow TEN EIGHT to go into the organization, which we can be on-site or on a call, and we can talk about how an organization can create a comprehensive I.T. asset destruction process based on the company’s personnel, policies, and procedures. And this is all aligning with NIST 800-88. The easiest way to get started with us is to visit our website to set up an introduction meeting with TEN EIGHT and we get to start with the company right away and kind of help them develop a strong I.T. asset destruction process that is safe and secure for not only them, but their clients as well.

Kurt Greening, Securis:

Sounds like an easy choice. And and to get to TEN EIGHT cyber, I believe it’s, is it www.teneightcyber.com or can you help me with your, I will post it in the show notes. 

Greg Crabb, TEN EIGHT Cyber:

It’s, www.teneightcyber.com

Kurt Greening, Securis: 

Thanks, Nick. Thanks, Greg. I think I learned something. I think that there’s an opportunity here, with a relatively small, financial and time investment that organizations can lower their, their risk in this area. And and I think CISOs can have one less area to stress about. So really appreciate you guys, and, thanks so much.

Greg Crabb, TEN EIGHT Cyber:

Thank you, Kurt. Really grateful for the opportunity. and collaborating with Securis.

Nick Crabb, TEN EIGHT Cyber: 

Yeah. Thank you I appreciate it.

Organizations across various sectors use NIST Special Publication 800-88 (SP 800-88) for media sanitization guidelines due to its comprehensive approach to securely erasing sensitive data and preventing unauthorized access. NIST SP 800-88 was originally developed for U.S. federal agencies under the Federal Information Security Management Act (FISMA) but is now used by healthcare organizations, financial institutions, educational institutions, private sector companies, and international organizations. By adopting NIST SP 800-88 guidelines, these organizations enhance their data security posture while ensuring compliance with both national and international standards. Below is a handy infographic detailing the guidelines for the three categories of NIST Media sanitization: Clear, Purge, and Destroy.   To learn more about the NIST 800-88 standard, please read our blog about NIST 800-88 here.

The Growing E-Waste Problem: A Call for Responsible IT Recycling

In a fast-paced digital environment, businesses must constantly upgrade their technology to remain competitive. Millions of electronic devices are discarded or replaced yearly, creating an escalating e-waste recycling dilemma. Many of these devices still function perfectly but have become obsolete for corporate use. At the same time, there is a significant demand for technology in schools, non-profits, and developing communities. The challenge is ensuring that data security is not compromised while responsibly recycling these electronics. The solution lies in a robust process combining data security, electronic recycling, and environmental responsibility. Secure data destruction and IT recycling play a critical role in this effort, ensuring that sensitive information is completely erased without the complete physical destruction of hard drives. This ultimately benefits the schools or non-profits that receive the donated electronic assets and keeps e-waste out of the environment. 

A Comprehensive Solution for Secure Data Erasure and Electronics Donation

Ultra-secure IT recycling services, such as those offered by Securis, provide businesses an efficient and responsible way to recycle computers and donate electronics. Securis ensures that companies can donate their old equipment without exposing sensitive corporate data to risk by utilizing secure data destruction techniques. Companies can confidently recycle their electronics using advanced data erasure software and certified destruction processes, allowing them to donate these unneeded IT assets with the assurance that their data has been completely and securely destroyed before donation. 

 

The Process of Secure Data Erasure and Electronics Recycling 

1. Collection and Inventory
   Securis starts by collecting and inventorying the company’s outdated devices. Every item is carefully cataloged to maintain a complete chain of custody.
2. Data Erasure and Destruction
   The data destruction process can occur onsite using our mobile services or offsite at the secure Securis facilities. Using advanced software, Securis completely overwrites all data on the devices, ensuring no recoverable data remains. This secure data erasure is a far more secure solution than simple file deletion or re-formatting.
3. Verification and Certification
   After the data is securely erased, each device is verified to confirm that no data remains. Securis then provides a certificate of data destruction for each device, which can be used to prove compliance with industry regulations and offer peace of mind.
4. Refurbishment
   Once the devices are completely wiped clean, they are refurbished if necessary. This may involve cleaning, minor repairs, or software updates to ensure the devices are in good working condition for their next user.
5. Donation or E-Waste Recycling
   Finally, the refurbished electronics are ready to donate to schools, non-profits, or other needy organizations. If the devices are beyond repair, they are responsibly recycled, ensuring they do not contribute to harmful environmental impacts. Our R2V3 certification ensures environmentally responsible electronics recycling practices.  

Meeting Global Standards for Secure Data Destruction

Securis’ data erasure processes meet or exceed industry standards such as NIST 800-88 and the U.S. Department of Defense’s DoD 5220.22-M. We also comply with many other specific industry standards for data protection, as detailed on this web page.  Our mobile services and facilities are NAID AAA certified to ensure the highest data security standards. 

Benefits of Secure Data Destruction and IT Recycling for Companies

Partnering with Securis for IT recycling and secure data destruction offers numerous advantages for businesses:

• Enhanced Data Security: Companies can rest assured that their sensitive data will not be exposed to unauthorized individuals, minimizing the risk of data breaches and the associated financial and reputational damage.
• Regulatory Compliance: Securis’ certified data erasure process helps companies meet strict industry regulations, providing comprehensive documentation for data protection compliance.
• Corporate Social Responsibility (CSR): Donating refurbished electronics supports communities in need and enhances a company’s CSR efforts, improving its public image and potentially providing tax benefits. 
• Environmental Impact: Companies that donate working devices reduce e-waste and contribute to environmental sustainability. Devices beyond repair are responsibly recycled in compliance with e-waste recycling standards.
• Cost-Effective: The cost of securely erasing data and donating or recycling electronics is significantly less than the risks associated with data breaches or the storage costs of outdated devices.

Real-World Impact: Bridging the Digital Divide Through Donations

The benefits of computer and device donation extend beyond the donating company, making a significant impact on communities in need:

• Bridging the Digital Divide: Many schools and non-profits operate with limited resources, making it difficult to provide up-to-date technology. Donations of refurbished electronics help close this gap.
• Supporting STEM Education: Donated devices provide students with hands-on experience, support STEM education, and prepare them for careers in technology and engineering.
• Empowering Entrepreneurs: Some donated devices are given to small businesses or aspiring entrepreneurs, helping them get the technology they need to grow their ventures.
• Global Impact: Donated recycled electronics can also be shipped to developing countries, where they improve access to technology, education, and healthcare, making a lasting difference in underserved communities.

Choosing the Right Partner for Data Security and IT Recycling

When selecting a partner for secure data destruction and electronics recycling, choosing a reputable provider like Securis is essential. With certifications such as NAID AAA and R2v3, Securis ensures that your electronic assets are handled securely and responsibly. Securis also offers comprehensive logistics solutions to simplify the process, even for large enterprises with multiple locations.

The Future of E-Waste Recycling and Electronics Donation

As technology evolves, the need for responsible e-waste recycling and secure IT recycling will only grow. Increased awareness of data protection and electronic recycling challenges will likely encourage more companies to adopt IT Asset donation programs. This shift towards a circular economy, where devices have multiple lifecycles, will help reduce e-waste and support environmental and social causes. 

Conclusion: Protecting Data and the Planet with Secure Electronics Recycling

In an increasingly digital world, data security and environmental responsibility are critical priorities. With services like secure data destruction and IT recycling, companies can protect their sensitive data while contributing to a more sustainable and equitable future. By partnering with trusted providers for e-waste recycling, businesses safeguard their information and help bridge the digital divide, support education, and reduce environmental impact. It’s a win-win for both business and society.

As we move toward a more sustainable digital future, the importance of secure IT recycling and data protection will continue to grow. Companies that prioritize responsible IT Asset disposal today will be better positioned to meet the challenges of tomorrow.