Shorter lifecycles and rapid turnover in IT equipment pose a significant business challenge. But Hewlett-Packard has found a growing opportunity in helping IT centers decide what new technology to deploy, how to finance the purchase or lease of new IT equipment, and how to use it to expand capabilities or boost productivity.
Jim O'Grady heads HP Financial Services' Technology Value Solutions (TVS) organization, the company's lifecycle management arm, and manages HPFS's asset recovery services program for off-lease and older IR equipment in the Americas. He also is responsible for end-to-end profit and loss management of TVS in the United States, Canada, Latin America, and the Caribbean.
The program is designed to ensure disposal in an environmentally friendly manner, protect customers' proprietary information, and help customers recover residual value from older equipment. TVS also remarkets pre-owned and off-lease equipment to HP customers.
O'Grady says nearly 90% of IT equipment can be resold if processed promptly after coming offline. Every day it sits in a storeroom, its value drops. There's also the security factor. The equipment needs to be protected until all data is eradicated.
He says laws and regulations are a key element to best practices, particularly when it comes to the privacy of financial (the Gramm-Leach-Bliley Act) and medical records (the U.S. Health Insurance Portability and Accountability Act, or HIPAA) and corporate governance (Sarbanes-Oxley).
"What we're finding at the global level is that it's not good enough to do things differently within an organization," he says. "If you’re doing anything in one part of the organization that is less in compliance than another part of the organization, you may get into a legal proceeding because the courts may ask you why the other part of your organization didn't know how to do it. Aren't you an organization that shares consistent processes across the enterprise? So, companies are beginning to realize that if they do this inconsistently, they may be exposed to more risk."
Education is another big factor in HPFS's efforts. "This is one of the biggest changes I have seen in the market over the past few years," he says. "There are risks in getting value for your assets. Two or three years ago, I would talk more to department and facilities managers. Then it sort of moved into procurement, because they wanted to get the best value for their product. Now, I'm talking more to CEOs, CIOs, and CFOs because they're balancing the recovery values they expect to get and what it's going to take them in cost to manage the end-of-use assets with the risks to the company, especially with data security issues."
Business has been good. HPFS generated more than $4 billion in volume for the four fiscal quarters ending January 31. Its portfolio of assets totals $7 billion globally.
O'Grady says the object is to get a return on the residual value of the equipment. "We have an invested interest in putting infrastructure in place that can recover the remaining equity value of those assets," he says. "We're looking at putting value back into assets so we can do what we call reuse, not recycling."
This includes organizations that own, rather than lease, their IT assets. With that in mind, HPFS developed a program that allows customers that own their assets to recover value from them. The program covers PDAs to supercomputers
Most of the time HPFS either buys an organization's IT assets outright at competitive prices (it invites its customers to scout the market), or it will audit the equipment right down to its technical specifications, then buy it or sell it for the customer and split the proceeds.
Much of the discussion with HPFS's customers today focuses on data security. "Data breach has significant financial implications to a major enterprise if it doesn't have the right due diligence and compliance procedures in place," says O’Grady.
He says the most startling statistic to come out of a study sponsored by PGP, a software encryption company, and conducted by the Ponemon Institute, was that when clients are notified that their data may not have been fully protected, the data center immediately loses, on average, 19% of its customers. Another 40% considers terminating its relationship at a later point, according to the survey. "You start to run into market share and brand issues," the study says. The study also notes that 12% of consumers have received notification of a breach of their data over the past year.
Another aspect of protecting corporate data is a process called data wiping. "Most of the market hasn't solved the problem of eradicating data on high-end server technology," notes O'Grady. "We have tools that can eradicate data on desktop equipment as well as enterprise gear." O'Grady says there are some specialized techniques that everyone needs to be concerned about and most service providers don’t seem to have those capabilities.
"Many enterprises don't know enough to ask how their data is going to be protected," he says. But he also notes that a data eraser is just an event. "We tell them that it's meaningless unless you can provide validation that a data wipe occurred."
In other words, get it in writing.