This report analyses the Iron Mountain Secure IT Asset Disposition (SITAD) service offering in the IT Asset Disposition (ITAD) market. At The ITAM Review we advocate an integrated, sustainable and responsible approach to ITAD as a key part of the overall asset lifecycle our readers manage. This report is based on analyst calls with Iron Mountain’s SITAD team conducted in Q1 2020.
Iron Mountain are veterans in Information Management for organisations worldwide, having been founded in 1951 with the aim of protecting vital records for financial institutions. Through organic expansion they are now the worldwide leader in storage and information services, with over 230,000 worldwide customers on 5 continents. Iron Mountain’s portfolio includes;
These five product lines seek to address the physical and digital information management needs of customers who need to comply with legal and regulatory frameworks around information management, improve agility through digital transformation, and ensure that IT assets are disposed of in the right way.
IT Asset Disposition is a lifecycle stage in IT Asset Management primarily concerned with the end-of-life/end-of-service of an organisation’s physical IT assets – computers, servers, mobile devices, and so on. Increasingly, and this is the case with Iron Mountain’s SITAD offering, ITAD is also concerned with managing the entire lifecycle of the physical layer of an IT organisation. Without managing the whole lifecycle, it isn’t possible to manage the end. This is a concept familiar to IT Asset Managers who realise that software and hardware asset management requires their attention throughout the lifecycle from Request and Procurement through Deployment and Servicing and all the way to Retire. It’s important to understand that ITAD is no longer just an end-of-life exercise.
Companies are motivated to manage IT Asset Disposition for the following reasons:
In a recent survey of customers conducted by IDG on behalf of Iron Mountain C-Level executives listed Sustainability & Data Privacy as their primary motivators for managing IT Asset Disposition, closely followed by Regulatory Compliance & Cost Management.
Iron Mountain name their service Secure IT Asset Disposition, or SITAD for short. Why Secure? Iron Mountain provide a secure chain of custody through their entire lifecycle. They do this by leveraging their physical presence in the markets in which they operate. Iron Mountain’s Information Management business requires global secure transportation and logistics services to meet customer needs, and these services are leveraged by SITAD. This existing infrastructure comprises people, physical locations, tools, and processes. Service components include:
SITAD customers have access to services and infrastructure from the rest of the Iron Mountain portfolio. These include fleets of service vehicles able to provide a range of on-site services, accredited and vetted employees and partners, and secure logistics. Additionally, Iron Mountain’s online SITAD Management System (SMS) provides chain of custody and tracking for customer assets. Certificates of data destruction and asset recycling are provided. SITAD services are currently available across 26 countries and 5 continents, including the necessary permits for multi-region e-waste management.
Iron Mountain SITAD provides the ability for organisations to outsource much of the “heavy lifting” associated with provisioning new hardware. This includes Deploy & Decommission, Configuration, Asset Tagging, OS Imaging, and Logistics. The latter is particularly important as organisations shift to remote working and need to get functional, operational, and secure hardware into the hands of new and existing employees as rapidly as possible.
Reselling end-of-life IT assets allows enterprises to recover operating capital and reduce electronic waste. However, most companies have neither the internal resources nor expertise to remarket their IT assets. Remarketing/resale of retired IT assets is a source of revenue for most organizations. Indeed, it is the critical denominator in the core ITAD cost-benefit equation, and often determines whether the client receives a check or an invoice
Destruction services remain an important part of any ITAD program. SITAD offers Secure Data Wiping that complies with NIST 800-88 guidelines, and Hard Drive shredding/destruction/degaussing. Media shredding (e.g. CDs/DVDs/Magnetic Tape) is also provided, as is tape wiping. These services can either be performed offsite at a processing facility or on site at the customer using Iron Mountain’s fleet of shredder-equipped vehicles and accredited and security-cleared employees.
Iron Mountain is certified to ISO 14001, the global environmental management system standard. This in turn is consistent with many regional regulations, such as the EU’s WEEE Directive. Iron Mountain is an eStewards Enterprise and also offers R2 compliant recycling through its global processing partners. Recycling services include de-manufacturing, commodity recovery, and battery recovery. Iron Mountain’s SITAD recycling service also offers reporting and certification. The service aims for a near-zero landfill impact.
Pricing is largely based around asset volume, against a rate card. Metrics include per pallet, per device, per pound, and percentage of fair market value for asset remarketing. Bulk and Serialized Data Destruction is also available, with Serialization (the recording of device serial numbers prior to destruction) being the more expensive option and required for NAID certification.
Iron Mountain’s differentiators are as follows:
Iron Mountain is vastly experienced across the Information Management space of which ITAD is an increasingly important part. Iron Mountain SITAD is well-placed to meet the needs of organisations grappling with the rapid change to their secure perimeter brought by the move to remote working. The focus on the whole hardware lifecycle is evident, with companies able to engage Iron Mountain to manage device deployment as well and end-of-life/end-of-service. With remote working potentially becoming the norm, the ability for companies to have Iron Mountain manage their deployment/reclaim process as part of employee onboarding/offboarding will become increasingly important.
Large enterprises often seek to partner with a single global provider and Iron Mountain can meet that requirement. The ability to service a customer across the whole Information Management space offers synergies, as evidenced by the SITAD product’s use of Iron Mountain’s existing secure vehicle fleet.
Asset Remarketing services will also gain in importance as we head into a recession and companies focus on cutting costs. Hardware refresh cycles may be impacted by this and Iron Mountain’s experience in the remarketing market will enable companies to maximise market value for their old assets.
A further industry trend is the seemingly unending and ever-increasing burden of regulation, either industry standards such as PCI-DSS, privacy laws such as CCPA & GDPR, or broader regulations such as HIPAA, MEGABYTE, and SOX. All these require organisations to manage the lifecycle of their physical assets. This will undoubtedly result in an increase in demand for the type of full lifecycle integrated services offered by Iron Mountain SITAD.
Iron Mountain SITAD Analyst Report – The ITAM Review