Showing posts with label risk reduction. Show all posts
Showing posts with label risk reduction. Show all posts

Wednesday, September 22, 2010

Data Center Transformation Includes More Than New Systems, There's Also Secure Data Removal, Recycling, Server Disposal

Transcript of a sponsored podcast discussion on how proper and secure handling of legacy equipment and data is an essential part of data center modernization planning and cost reduction.

Listen to the podcast. Find it on iTunes/iPod and Download the transcript. Sponsor: HP.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you're listening to BriefingsDirect.

Today we present a sponsored podcast discussion on an often-overlooked aspect of data center transformation (DCT), and that is what to do with the older assets inside of data centers as newer systems come online.

DCT is a journey, and an essential part of that process is modernizing, but at the same time sun-setting older systems must come with data protection in mind, and even with an eye to monetize those older systems, or at least recycle them properly.

Properly disposing of data, and other IT assets, is an often overlooked, and under-appreciated element of the total data center transformation journey, but it’s one that can cause great disruption and an increase in costs, if not managed well.

Compliance and recycling issues, as well as data security concerns and proper software disposition should therefore be top of mind. We'll take a look at how HP manages productive transitions of data center assets -- from security and environmental impact, to recycling and resale, and even to rental of new and older systems during a DCT process.

Indeed, many IT organizations are largely unaware of the security and privacy risks of the systems that they need to find a new home for and can often find themselves delivered to the wrong hands. So thinking through the retirement of older assets should be considered early in the DCT process.

With us now to explain how to best take care of the older systems reducing risk, as well as providing a financial return, are Helen Tang, Worldwide Data Center Transformation Lead for HP Enterprise Business, and Jim O'Grady, Director of Global Life Cycle Asset Management Services with HP Financial Services. Welcome to the show.

Helen, let me start with you. As I mentioned, we've got a whole lifecycle to think about with DCT, but what’s driving the market right now? Where are the enterprises involved with DCT going, and how can we start thinking about the total picture in terms of how to do this well?

A total solution

Helen Tang: That’s a great question, Dana. HP really started marketing DCT as a total solution that spans hardware, software, and services throughout the entire life cycle in 2008, when we launched the solution. Since then, we've had about 1,000 customers take this journey to very successful results.

I would say 2010 is a very interesting year for DCT number one, because of the economic cycle. We are -- fingers crossed -- slowly coming out of this recession, and we're definitely seeing that IT organizations have a little bit more money to spend.

This time around, they don’t want to repeat past mistakes, in terms of buying just piles of stuff that are disconnected. Instead, they want a bigger strategy that is able to modernize their assets and tie into a strategic growth enablement asset for the entire business.

So, they've turned to vendors like HP and said, "What do we do differently this time and how do we go about it in a much more strategic fashion?" To that end, we brought together the entire HP portfolio, combining hardware, software, and services, to deliver something that helps customers in the most successful fashion.

When you look at the entire life cycle, some of them are starting with consolidation. Some of them already did a lot of virtualization, and they want to move to more holistic automation. So, throughout that entire process, as you mentioned earlier, there's a lot to think about, when you look at hardware and software assets that are probably aged and won’t really meet today’s demands for supporting modern applications.

How to dispose of those assets? Most people don’t really think about it nor understand all of the risks involved. That’s why we brought Jim here to talk to you more about this.

Gardner: Helen, as I understand it, it's often a 10- or 20-year cycle, when you completely redo or transform a data center. So there probably aren’t people around with the skills to remember the last time their organization disposed of a data center. This is a fairly new activity, something you might need to look to outside help for.

Tang: Absolutely. Of course, there are different pieces to the DCT picture. When you say 10 or 20 years, that’s generally referring to the lifecycle of facilities. Within that, hardware usually lasts between 5 and 8 years. But the problem is that today there are the new things coming about that everybody is really excited about, such as virtualization, and private cloud. Even experienced IT professionals, who have been in the business for maybe 10, 20 years, don’t quite have the skills and understanding to grasp all this.

In HP, we're in a unique vantage point of being the number one technology company. We're about 300,000 strong in terms of headcount, and about half of those are consultants who have expertise across all these data center technologies. As I mentioned earlier, we've helped over 1,000 customers. So, we have a lot of practical hands-on experience that can be leveraged to help our customers.

Gardner: Jim O'Grady, it sounds as if the risk here is something that a lot of these organizations don’t appreciate. What are the levels of risk that are typical, if you wait until the last minute and don’t think through the proper disposal of your existing or older assets?

Brand at stake

Jim O'Grady: We're not trying to overstate that risk too much. But the risk may be that you are simply putting your company’s brand at stake, through improper environmental recycling compliance, or exposing your clients, customers, or patients’ data to a security breach. This is definitely one of those areas you don’t want to read about in a newspaper to figure out what went wrong.

We see that a lot of companies try to manage this themselves, and they don’t have the internal expertise to do it. Often, it’s done in a very disconnected way in the company. Because it’s disconnected and done in many different ways, it leads to more risks than people think. If you know how to do it correctly in one part of your enterprise and you are doing it differently in another part of your enterprise, you have a discrepancy that’s hard to explain, because you're not learning from yourself and you're not using best practices within the organization.

Also, a lot of our clients choose to outsource this work to a partner. They need to keep in mind that they are sharing risk with whomever they partner with. So, they have to be very cautious and be extremely picky about who they select as a partner.

You have to feel very comfortable that your partner’s brand is as respected as your brand, especially if you are defending what happened to your board of directors or, worse yet, you get into a legal proceeding. If you don’t kick the tires with your partner and you don’t find out that the partner consists of a man, a dog, and a pickup truck, you just may have a hard time defending yourself as to why you selected that partner.

This may sound a bit self-serving, but I always suggest for enterprises to resist smaller local vendors. Use the fewest number of vendors that can manage your business scale and geographic coverage requirements. This is an industry where low barriers to entry really just don’t match up to the high levels of customer accountability required to properly manage your end-of-use asset disposition.

We also suggest that they have a well thought-out plan for destroying or clearing data prior to the asset decommissioning.

Gardner: So while we can have very significant risk, on the other hand we also know that there are proper, well-established, well-understood ways of doing this correctly. Even though the risk might not be understood, doing this right is possible.

Tell me some of the basic steps of doing this properly, where you don’t run into these risks, where you have thought it through or found those who have established best practices well under control.

O'Grady: Some of the best practices that we recommend to our customers is to have a well-established plan and budget up-front, one that’s sponsored by a corporate officer, to handle all of the end-of-use assets well before the end-of-use period comes.

We also suggest that they have a well thought-out plan for destroying or clearing data prior to the asset decommissioning and/or prior to the asset leaving the physical premise of the site. Use your outsource partner, if you have one, as a final validation for data security. So, do it on site, as well as do it off site.

Vendor qualification

Also, develop a very strong vendor audit qualification and ongoing inspection process. Visit that vendor prior to the selection and know where your waste stream is going to end up. Whatever they do with the waste stream, it’s your waste stream. You are a part of the chain of custody, so you are responsible for what happens to that waste stream, no matter what that vendor does with it.

So, you need to create rigorous documented end-to-end controls and audit processes to provide audit trails for any future legal issues. And finally, select a partner with a brand name and reputation for trust and integrity. Essentially, share the risk.

Gardner: What about environmental issues? These can vary pretty widely. Maybe you don’t know about these risks, but as you say, you're going to be responsible for them. Tell me about the environmental and even recycling aspects of this equation.

O'Grady: You're right. That’s one of the most common areas where our clients are caught unaware of the complexity of the data security, the e-waste legislation requirements that are out there, and especially the pace of its change.

Legislation resides at the state, local, national, and regional levels, and they all differ. There's some conflict, but some are in line with each other. So it's very difficult to understand what your legislative requirements are and how to comply. Your best bet is to deal with a highest standard and pick someone that knows and has experience in meeting these legislative requirements.

Legislation resides at the state, local, national, and regional levels, and they all differ.

Gardner: Now, part of the process that you're addressing is not just what to do with these assets, but how to make the transition seamless. That is to say, your service level agreements (SLAs) are met and that the internal users or external customers for your organization don't know that there is this transition going on.

So, in addition to what we've talked about in terms of some of these assets and environmental and security issues, how can you also guarantee that all the lights stay on and the trains keep running on time?

O'Grady: HP Financial Services (HPFS) has a lot of asset management capabilities to bring to bear, to help customers through their DCT. A lot of it is financial-based capability and services and a lot of it is non-financial based.

Let me explain. From a financial asset ownership model, HPFS has the ability to come in and work with a client, understand what their asset management strategy is, and help them to personalize the financial asset ownership model that makes sense for them.

For example, perhaps a client has a need to monetize some of their existing IT asset base. Let's just say there are existing data center assets somewhere. We have the asset-management expertise to structure a buyout for those targeted data-center assets and lease those same assets back to the client with a range of flexible terms, potentially unlocking some hidden capital for them to exploit elsewhere, perhaps funds for additional data center capacity.

Managing assets

hat's just one of many examples of how we help our clients manage their assets in a more financially leveraged way. In addition to that, customers often have a requirement to support legacy gear during the DCT journey HPFS can help customers with pre-owned legacy HP product.

We're able to provide highly customized pre-owned authentic legacy HP product solutions, sometimes going back 20 years or more. We're seeing a big uptake in the need to support legacy product, especially in DCT. The need for temporary equipment just scaling out legacy data center hardware platform capacity that’s legacy locked is an increasing need that we see from our clients.

Clients also need to ensure their product is legally licensed and they do not encounter intellectual property right infringements. Lastly, they want to trust that the vendor has the right technical skills to deal with the legacy configuration and compatibility issues.

Our short-term rental program covers new or legacy products. Again, many customers need access to temporary product to prove out some concepts, or just to test some software application on compatibility issues. Or, if you're in the midst of a transformation, you may need access to temporary swing gear to enable the move.

Finally, customers should consider how they retire and recover value for their entire end-of-use IT equipment, whether it's a PDA or supercomputer, HP or non-HP product.

We can help educate customers on the hidden risk and dispositioning that end-of-use equipment into the secondary market.

In summary, most data center transformations and consolidations typically end with a lot of excess or end-of-use product. We can help educate customers on the hidden risk and dispositioning that end-of-use equipment into the secondary market. This is a strength of HPFS.

Gardner: Jim, you mentioned global a few times. Help me understand a little more about the global benefits that HP is bringing to the table here in terms of managing multiple markets, multiple regulation scenarios, and some of these other secondary market issues.

O'Grady: From what I see in the market, there are tremendous amounts of global complexities that customers are trying to overcome, especially when they try to do data center consolidation and transformation, throughout their enterprise across different geographies and country borders.

You're talking about a variety of regulatory practices and directives, especially in the EU, that are emerging and restrict how you move used and non-working product across borders. There are a variety of different data-security practices and environmental waste laws that you need to be aware of.

Gardner: Let’s look at some examples. It’s one thing to understand this at a high level, but seeing it in practice is a lot more edifying and educational. So, I guess HP is a good place to start.

What did you learn when you had to take many different data centers from a lot of merger and acquisition activity in many different markets? Tell me a little about the story of HP’s data centers, when it comes to properly sun-setting and managing all of those assets.

Creating three data centers

O'Grady: First, let me explain what were up against in terms of the complexities of consolidating HP’s data centers. There were about 85 worldwide data centers located in 29 different countries, and we were consolidating down to 6 data centers within three U.S. geographical zones. Essentially, we were creating three prime data centers and three backup data centers.

HP decommissioned over 21,000 assets over a one-year period. In addition, there were another 40,000 data center related assets. The majority of the data center servers were being ported to new technologies. So, this really left a tremendous amount of IT product to be decommissioned, retired, and to recover value for.

HPFS was asked to come in and take control of the entire global reverse logistics, the off-site data security plan, as well as the asset re-marketing and recycling process.

The first thing that we had to do was establish a global program office with dedicated support. This is almost required for every larger global asset recovery project in the market, so there can be a single coordination point and focus to make all the trains run on time, so to speak, and to manage and reconcile a single financial and asset reporting process. This is critical.

HP wanted to have one place, one report, with reconciled asset level detail that demonstrated that every single asset came back was audited, wiped of data, and was recycled in an environmentally compliant way.

We also needed to set up a global reverse logistics strategy that proved to be extremely challenging as well. HP had SWAT teams deployed for time-critical de-installs in some of the smaller remote locations. They needed us to position secured truck vehicles to be there within a one-hour window, where there was no local storage available to store the data center equipment as it came out of the data center.

We were able to hand back apparent net recovery, versus a bill for our services. They were quite pleased with that result.

We also had to act as a backup for data eradication. HP’s policy was to wipe the data on-site, but they realized that that’s not always a perfect process, and so they wanted us to again wipe all of the equipment as it came back into our process.

Last, but not least, recovering value for the older end-of-use assets was one of our highlighted strengths. We found 90 percent of the decommissioned data center products to be re-marketable, and that’s not unusual in the market. We were able to hand back apparent net recovery, versus a bill for our services. They were quite pleased with that result, and it must have worked out more than okay, because I am still around to describe what we did.

Gardner: I can see now why this is under Financial Services. This really is about auditing, making sure that every asset is managed uniquely and fully, and that nothing falls through the cracks. But, as you point out, there is this whole resale, with the regulation and recycling issues to be managed as well.

Tell me a little more about this. Obviously for HP, you were doing it for your own good. Are there some other examples that we can look to where that bill has been much lower because of the full exercise of your financial secondary market activities?

A key strength

O'Grady: Sure. That’s where we think our strength is. If you look at a leasing organization, when you lease a product, it's going to come back. A key strength in terms of managing your residual is to recover the value for the product as it comes back, and we do that on a worldwide basis.

We have the ability to reach emerging markets or find the market of highest recovery to be able to recover the value for that product. As we work with clients and they give us their equipment to remarket on their behalf, we bring it into the same process.

When you think about it, an asset recovery program is really the same thing as a lease return. It's really a lot of reverse logistics -- bring it into a technical center, where it's audited, the data is wiped, the product is tested, there’s some level of refurbishment done, especially if we can enhance the market value. Then, we bring it into our global markets to recover value for that product.

Gardner: While the IT folks don’t necessarily always want to think about the financial implications, they're certainly more likely to get the okay to move ahead with their technical transformations, to get the new tools and systems that they want, if they can better appreciate that there is a way to recover costs safely from existing systems. I think it's probably an important lesson for IT people that they might not have thought of.

Helen, do you have any thoughts about that, about the culture between a financial side and the technical side in DCT?

The customer asked us to recreate their old data center environment at that new location, with the exact legacy spectrum of the original data center.

Tang: We're seeing some interesting shifts right now. So, you're right. Classically, there was this conception that the CFO’s office didn’t understand the needs of IT, and IT didn’t understand how best to save money, and also optimize for those tricky CAPEX and OPEX issues.

But, in the last five years, we're seeing a shift, and these two organizations are working harder together. A lot of it is because they have to do it, with the recession, and a lot of the limitations. But, we're starting to see sort of this IT hybrid role called the IT controller, that typically reports to the CIO, but also dot-lines into the CFO, so that the two organizations can work together from the very beginning of a data center project to understand how best to optimize both the technology, as well as the financial aspects.

Gardner: Thanks to Jim, we've heard quite a bit about HP's story. Are there some other users out there who have gone through this, and that we can look to for some more understanding of how this should apply to future DCT? Back to you, Jim?

O'Grady: Sure. There was a case that involved an internationally known food services company that had a data center consolidation and move requirement. This company had 12,000 locations in 35 countries. Their basic need was to economically migrate to a new facility, where there was room for expansion and consolidation.

Their existing server environment was only a couple of years old, and it wasn’t economical for them to replace them at this point in time. So, the customer asked us to recreate their old data center environment at that new location, with the exact legacy spectrum of the original data center.

Legacy solution

We were more than happy to provide them with a highly customized HP legacy server solution, that was identical to their existing equipment, and we did it on a short-term rental basis. Once the new cutover data center was fully operational, we simply brought back all of the equipment located in the original data center.

We did it as a trade for the legacy servers that were rented and installed at the new data center site. Essentially, it was an asset swap. We rented some equipment to them. We brought back their original data center. And, we just called it a day. So it was an extremely pleasant and easy transition for the customer to get through.

We also helped the customer manage the license transfers from their prior owned servers to the ones that we just provided to them.

Gardner: These are things that organizations on their own probably don’t have the visibility and understanding to pursue. Is it fair to say, Jim, that a lot of companies are just leaving money on the table, so to speak, if they try to do this themselves, if they look for some of those local secondary market folks, and are maybe not as creative as they could be in some of these financial approaches to the best outcome for these assets?

O'Grady: I think they do. They typically try to disconnect some of this activity and they don’t put it into a holistic view in terms of the DCT effort. Typically, what we find with companies trying to recover value for product is that they give it to their facilities guys or the local business units. These guys love to put it on eBay and try to advertise for the best price. But, that’s not always the best way to recover the best value for your data center equipment.

Your best bet is to work with a disposition provider that has a very, very strong re-marketing reach into the global markets, and especially a strong demonstrative recovery process.

We're now seeing it migrate into the procurement arm. These guys typically put it out for bid and select the highest bid from a lot of the open market brokers. A better strategy to recover value, but not the best.

Your best bet is to work with a disposition provider that has a very, very strong re-marketing reach into the global markets, and especially a strong demonstrative recovery process.

Gardner: I suppose there is a scale issue too. An organization like HP can absorb a football field full of laptops, whereas not every other entrant in the market, at least the local players involved, can absorb that sort of scale. So tell me a little bit about the size issues, both scaling up, in terms of the largest types of data centers and IT issues, but also perhaps scaling down in terms of where specialization or even highly vertical systems are involved?

O'Grady: That’s a good point. Especially in the large DCTs, you're getting back a lot of enterprise equipment, and it's easy to re-market it into the secondary market and recover value. You could put it on the market tomorrow and recover very minimum value, but we have a different process.

We have skilled product traders within our product families who know how to hold product, and wait for the right time to release it into the secondary market. If you take a lot of product and sell it in one day, you increase the supply, and all of the recovery rates for the brokers drop overnight. So, you have to be pretty smart. You have to know when to release product in small lot sizes to maximize that recovery value for the client.

Gardner: Tell me how you get started on this Jim? As we said, this is sort of a black box for a lot of people. The IT people don’t understand the financial implications, and the financial folks might not understand what’s involved when a data center is going to be transformed and what’s coming down the avenue that they need to then disposition.

So, how do we merge these cultures? How do they get started, and who do you target this information at? Is there a Chief Disposition Officer? I tend to doubt it. Who should be involved? Who should be in charge?

C-level engagement

O'Grady: We recommend that a C level executive is in charge, whether it's the CIO, the CFO, or the Security Officer. Someone at a very high level should be engaged. To engage us is very simple. Your best bet is to contact your HP account manager. They would know how to get in contact with us to bring our services to bear.

You can also look at, under, and get to HPFS, and that’s really simple. From there, it's an easy process to engage us. If you're looking for pre-owned or rental equipment, we would provide a dedicated rep, or you can just access this product through most authorized HP enterprise resellers. They know how to access legacy product from us as well.

Asset recovery is a much more complex engagement. We start with a consultation with the client on a whole range of topics to educate them on what the whole used IT disposition market is all about, especially things to watch out for. There are things like comparing price versus risk, when you are selecting a vendor, and what to think about to ensure you comply with the emerging legislation and directives that you need to be aware of and deal with, especially environmental waste stream management, data security, and cross-border product movement of non-working IT products.

We also help clients understand strategies to recover the best value for decommissioned assets, as well as how to evaluate and how to put in place a good data-security plan.

We help them understand whether data security should be done on-site versus off-site, or is it worth the cost to do it on-site and off-site. We also help them understand the complexities of data wiping enterprise product, versus just the plain PC.

The one thing we help customers understand, and it’s the real hidden complexity is how to set up an effective reverse logistic strategy.

Most of the local vendors and providers out there are skilled in wiping data for PCs, but when you get into enterprise products, it can get really complex. You need to make sure that you understand those complexities, so you can secure the data properly.

Lastly, the one thing we help customers understand, and it’s the real hidden complexity is how to set up an effective reverse logistic strategy, especially on a global basis. How do you get the timing down for all the products coming back on a return basis?

Gardner: Helen, it sounds as if there is a whole lot going on with this cleansing and regrouping of assets in such a way that you get the most financial return. To me this is a real educational issue for the DCT process and that this needs to be really considered early on and not as an afterthought.

Tang: That’s absolutely true, which is why we reach out to our customers in various interactions to talk them through the whole process from beginning to end.

One of the great starting points we recommend is something we called the Data Center Transformation Experience Workshop, where we actually bring together your financial side, your operations people, and your CIOs, so all the key stakeholders in the same room, and walk through these common issues that you may or may not have thought about to begin with. You can walk out of that room with consensus, with a shared vision, as well as a roadmap that’s customized for your success.

Gardner: Back to you one last time, Jim. Tell us a little more about how people should envision this? If we're in the process, what’s the right frame of mind -- philosophy, if you will -- of this disposition element to any DCT?

Well-established plan

O'Grady: My advice is to have a well-established plan in the budget and think about that way up front in the process. This is the one area that most of our clients fail to do. What happens is that, at the disposition point, they accumulate a lot of assets and they haven’t budgeted for how to disposition those assets. They get caught, so to speak.

Customers should educate themselves about the market complexities involved with dispositioning your own products from the data security standpoint, as well as environmental legislation.

As you try to recover value in the secondary market, you own the result of that transaction. So, you could be putting your company brand at risk, if you're not complying with the morass of legislative directives and regulations that you find out there at a global and local level.

Gardner: We've been hearing about trying to make the most productive transitions with data center assets and transformation activity from the vantage point of security and environmental impact, recycling, and resale. I suppose the idea here now is to get your older assets out with low risk, but also get the highest financial return from them as well.

I want to thank our panelists for helping us sort this out. We have been here with Helen Tang, Worldwide Data Center Transformation Lead for HP Enterprise Business, and Jim O’Grady, Director of Global Life Cycle Management with HP Financial Services. Thanks so much, Jim.

O'Grady: Thank you, Dana.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. You've been listening to a sponsored BriefingsDirect podcast. Thanks for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Download the transcript. Sponsor: HP.

Transcript of a sponsored podcast discussion on how proper and secure handling of legacy equipment and data is an essential part of data center modernization planning and cost reduction. Copyright Interarbor Solutions, LLC, 2005-2010. All rights reserved.

You may also be interested in: