Security architecture obsesses over how things enter: vetted people, inspected deliveries, badged doors. Almost nothing in the standard playbook governs how things leave. Yet a hyperscale refresh cycle pushes pallets of storage out of the building on a schedule, each drive a container of customer data, credentials, or model checkpoints, and the whole flow is typically managed as a facilities ticket with a disposal vendor attached.
Your last control is a certificate signed by the lowest bidder.
The inventory nobody keeps
The decommissioning program is only as good as its definition of data-bearing device. Drives, obviously. But also the flash inside management controllers, switches and appliances that hold configurations and credentials, accelerator trays with onboard storage, and the failed units that cannot be wiped because they no longer power on. If it stored anything, it leaves through the program. In our reviews, the failure bin is the most consistent gap: dead drives accumulate in an unlocked cabinet, owned by nobody, until a vendor sweep takes them somewhere on faith.
Engineering the exit
- Destroy on site where value or sensitivity is high: shredding at the loading dock ends the conversation. For model-weight media, treat off-site transport the way banks treat cash.
- Serialized manifests, reconciled twice: what left the rack, what entered the truck, what the vendor destroyed. Three lists, matched, with the deltas investigated.
- Dual custody from rack to truck: the same discipline the hardware enjoyed on arrival, kept on departure.
- Audit the certificates: sample serial numbers from destruction certificates against your own manifests quarterly. A certificate that has never been checked is a decoration.
- Own the failure bin: locked, logged, and reconciled like the live inventory it still is.
Decommissioning is where asset protection, data security and compliance converge on the same pallet. Sites that treat it as a program discover they already had the muscle: it is the intake process, run in reverse, with the same seriousness.
We have followed pallets all the way to the shredder. If your certificates go unchecked, we know that gap well.