Risky Business: Unfettered IT Purchasing and Lack of Accountability Put Brands in Jeopardy

Blog by Carol Baroudi
Sep 6, 2016 9:00 AM ET
Carol Baroudi works for Arrow’s Value Recovery business, promoting sustainability awareness and action. Her particular focus is electronics at their end-of-life stage, and everything connected.

Arrow Value Recovery Blog | Risky Business: Unfettered IT Purchasing and Lack …

Sustainability leaders are known to quote Peter Drucker’s “You can’t manage what you don’t measure,” though they may not know where the quote comes from. I’d add, “You can’t protect what you don’t know you have,” and “You can’t protect what you don’t control.” When it comes to protecting data, the environment and ultimately the brand, unknown and uncontrolled assets pose serious threats, and those threats are on the rise.

One reason for an escalation in risk is that as the prices of IT devices drop, the equipment is easier to buy, and traditional approvals needed for higher-ticket items no longer apply. They can be expensed as “office supplies” and may never come under any direct IT asset management. And that is a serious concern. How can an organization protect its data if data-bearing assets can come and go without accountability?

Another reason that threats are on the rise is that the less something costs, the lower its perceived value is. Add to that the misguided notion that unwanted IT equipment is trash and the exposure grows. Because the apparent dollars involved are low, oversight of rogue devices and unwanted assets barely hits the radar. And this neglect is not limited to small companies. Within the past year, I’ve spoken with multibillion-dollar companies that:

  • Never collect used IT equipment from their employees – they just let them do what they want with it and continue to provision new equipment.
  • Let their landlord handle their e-waste, just like the rest of their trash.
  • Have no asset management in place, and thus do not even know what they own.

Beyond the myriad of data privacy regulations that apply to all organizations, the operational and brand risks posed by data retrievable by digital dumpster divers ought to send shivers up the spine of any executive worth his or her salt. If your organization doesn’t have strict IT asset procurement and management policies in place or doesn’t enforce them, you need to escalate the issue. Don’t know where to start? Drop me a line at cbaroudi@arrow.com – I’m happy to help.

Carol Baroudi works for Arrow’s Value Recovery business promoting sustainability awareness and action. She is the lead author of Green IT For Dummies. Her particular focus is on electronics in the Circular Economy, with an emphasis on the IT asset disposition stage, e-waste and everything connected. Follow her on Twitter at @carol_baroudi and connect with her on LinkedIn at www.linkedin.com/in/carolbaroudi.