Contact Us

Securing the End of IT: Why End-of-Life Assets Are a Growing Cybersecurity Risk

As cyber threats grow more sophisticated, organisations are investing heavily in security awareness, monitoring, and prevention. Yet one critical stage of the IT lifecycle often remains overlooked: what happens to technology at end of life.
In this interview, Tom, Group IT Director at SK tes, shares why decommissioned IT assets represent one of the most underestimated cybersecurity risks today — and how organisations can close the gap between data security, compliance, and sustainability

From Infrastructure to Cybersecurity

With nearly two decades of experience spanning IT infrastructure, information security, and cybersecurity, Tom brings a practical, end-to-end perspective. His career path - from apprentice to group IT leadership - has shaped a strong belief that cybersecurity cannot be treated as a siloed function.

“Cybersecurity has to be embedded across the entire lifecycle of IT assets,” he explains. “That includes what happens after those assets leave your organization.”

 

Why End-of-Life IT Is Often Neglected

In many organizations, responsibility for IT assets sits with procurement or sustainability teams. Devices are leased, refreshed, and returned - often without cybersecurity teams being involved in the final stage.

The result?
Data risk at the very moment organizations believe an asset is no longer their problem.

“Cybersecurity isn’t always front of mind when equipment reaches the end of its lease,” Tom notes. “But the data doesn’t disappear just because the asset has.”

This disconnect is increasingly being recognized as a material risk - one that organisations are now actively trying to address.

 

Factory Reset Is Not Enough

One of the most common misconceptions Tom highlights is the belief that factory resets equal secure data removal.

In reality, residual data frequently remains - particularly on network and data centre equipment.

“We’ve seen network configurations, VLAN tables, credentials, and other sensitive information still recoverable after a factory reset,” he says.

That’s why recognized standards matter. Frameworks such as NIST 800-88 and IEEE 2883 require a purge approach - a physical, verifiable process that communicates directly with the device firmware to ensure data is permanently removed and validated.

Without this, organizations risk leaving sensitive information exposed long after assets have moved on.

 

Security and Sustainability Are Not Opposites

A key theme throughout the conversation is that data security and environmental responsibility do not have to be at odds.

Electronic waste is one of the fastest-growing waste streams globally. With the right partner and processes, organizations can protect data while extending the useful life of technology assets.

“At SK tes, our priority is always to securely sanitise data first,” Tom explains. “From there, we focus on reuse, refurbishment, and value recovery wherever possible — and ethical recycling when reuse isn’t viable.”

This approach supports both cybersecurity objectives and circular economy goals, proving that sustainability and security can reinforce each other rather than compete.

Practical Advice for IT and Security Leaders

For organizations looking to strengthen their cybersecurity posture, Tom’s advice is clear:

  • Adopt a recognized framework and follow it consistently

  • Look beyond audits - frameworks provide practical guidance that can be implemented day-to-day

  • Treat end-of-life assets as a core cybersecurity risk, not an afterthought

  • Avoid reliance on factory resets - logical deletion alone is insufficient in most cases

  • Work with ethical ITAD partners who can certify secure data sanitization and responsible reuse

He also stresses the importance of both technical and organizational controls - ensuring that processes clearly define who handles returned assets, where they go, and how security is verified.

 

Key Takeaways

  • End-of-life IT assets represent a major, often overlooked cybersecurity risk

  • Factory resets do not guarantee secure data removal

  • NIST and IEEE purge standards provide verifiable data sanitisation

  • Compliance frameworks are increasingly enforcing stricter controls

  • Security and sustainability can - and should - work together

  • Trusted ITAD partners play a critical role in managing risk and value

E-waste recycling solutions

SK Tes provides secure, certified e-waste recycling solutions that prioritize reuse, data security, and sustainability. Our seamless e-waste pickup and management solutions also provide verified emissions reporting, aligned with global and local compliance.

Read more about E-waste Recycling
Comprehensive data center decommissioning

No matter your project - cloud migration, server upgrades, facility consolidation, data center relocation, or architecture changes - SK Tes specializes in comprehensive data center decommissioning services that ensure your operations transition smoothly and securely.

Explore this service
Committed to sustainability for us and our clients

At SK tes, we prioritize both sustainability and data security in every aspect of what we do. Through specialized processes, we help reduce waste and advance the circular economy by ensuring that technology assets are repurposed and recycled safely and responsibly.

READ MORE ABOUT SUSTAINABILITY

Keep watching

Data Center Services • ITAD •

Tour SK Tes: Your ITAD & Data Center Partner [Video]

Tour SK Tes, a top ITAD company. Learn how we prioritize your data security, maximize IT asset value recovery & boost sustainability. Watch the video now!
Sustainability • ITAD •

About Sustainable Technology Lifecycle Solutions

Explore how we are meeting the sustainable technology lifecycle needs of organizations all over the world, in this short video.
Sustainability • ITAD •

'Reuse. Not just recycle'

The average lifespan of a laptop before it's replaced: 2.92 years. And then what? We have a way to solve this.
ITAD • Ewaste Recycling •

Why ITAD matters for ITAM

Join us on the 6th May 2021, on this co-hosted webinar with the ITAM review, to learn how to build a build a business case for an ITAD program.