Lapses in PC Disposal Security Put Data at Risk

By CIOinsight  |  Posted 12-17-2010 Print


EUC with HCI: Why It Matters

Weak IT asset disposal policies can endanger your company's data, according to a recent audit done by NASA.

Protecting PCs doesn't stop when they are still being used by employees; it continues to the very end of a machine's life -- the day when it heads to the dump.

This was underscored recently by a NASA audit that revealed a number of security failures connected to machines slated for disposal. At NASA's Ames Research Center in California for example, there was no "sanitation verification testing" for PCs at the end of their life cycle. The situation was found to be the same at the Lyndon B. Johnson Space Center in Texas.

And the audit also found that 10 computers from the John F. Kennedy Space Center in Florida had been released to the public despite failing sanitation verification tests -- meaning they had not been properly wiped. Four other computers that failed the tests were confiscated by the auditors when they found the machines were being prepared for sale or release to the public.

"When we tested the confiscated computers, we discovered that one contained data subject to export control by the International Traffic in Arms Regulations (ITAR)," according to NASA's report (PDF).


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that cioinsight.com may send you cioinsight offers via email, phone and text message, as well as email offers about other products and services that cioinsight believes may be of interest to you. cioinsight will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit