In a recent conversation with Russ Ernst, Chief Technology Officer at Blancco, we explored the critical considerations for organizations facing the end of Windows 10 support and the growing challenges of e-waste management.
With a background in product strategy and technology leadership, Ernst provided valuable insights on best practices for hardware evaluation, data sanitization, and sustainable IT asset disposition.
This Q&A offers guidance for businesses looking to balance the need for up-to-date technology with environmental responsibility.
Q: With Microsoft ending Windows 10 support next year, many older PCs may not meet the specifications for Windows 11. What are the best practices for organizations to evaluate their current hardware and determine if it can be upgraded or should be replaced?
RE: Windows 10 was first released in mid-2015 and its official support will end on October 15, 2025. Meanwhile, Windows 11 has already been on the market for almost three years, giving organizations ample time for planning for the transition. Organizations that have not yet had a chance to map out the transition process are feeling a sense of urgency now because there is only about a year left to address Windows 10 support end-of-life.
Windows 11 requirements are a little bit more stringent than Windows 10, as Windows 11 is more Internet-facing and microservices-based. And now, with the addition of ChatGPT and other AI assistants built in within Windows 11, there is less flexibility with hardware configurations and the system requirements.
For organizations working on their transition checklist now, here are six tips to consider:
For those organizations not yet ready to initiate Windows 11, Microsoft does offer what they call a long-term servicing channel or LTC, which is available solely for corporations and requires additional licensing. So as a last resort, enterprises can opt to hold off on upgrades, pushing the end date to January of 2027.
Q: The potential for older devices to contribute to the growing e-waste problem is significant. How can organizations implement strategies to extend the life cycle of their existing hardware and integrate these devices into the circular economy?
RE: The UN’s 2024 Global E-waste Monitor revealed that a record 62 billion KG of e-waste was produced in 2022 with e-waste generation outpacing formal recycling by 5x. These findings are starting to drive the need for sustainability to be top of mind in the enterprise, even for those roles that don’t pertain to sustainability. Organizations have been highlighting (with good reason) the importance of data security to all their employees across the organization – not just tech, but it’s also important that every worker understands that sustainability should be top of mind, almost in parity with data security.
Management teams must foster a culture of, not only recycling, but also reuse strategies. The goal should be to change mindsets about the role that sustainable IT practices can play. This can be achieved by quantifying benefits of reuse – i.e., identifying the residual value of repurposing equipment – as well as educating staff on how to permanently eliminate data without destroying functional assets (in compliance with data security best practices) through proper data sanitization.
Q: Data sanitization is a critical component of extending device life and managing end-of-life processes. Can you explain how effective data erasure contributes to both the security and efficiency of redeploying or recycling older devices?
RE: First and foremost, it’s important to understand that data sanitization is broader than data erasure. Data erasure can be accomplished in many different ways: through software means, physical destruction, and even with free open-source tools. Proper data sanitization at the enterprise level is an effective means of erasure combined with a verification that the erasure took place and an auditable compliance report. These critical components are really at the heart of data security.
If at any time we're talking about extending the life cycle of a device, we have to consider the data that's being driven through that device, especially if you're thinking about strategies like cascading of devices or moving a device from one functional area to another, or from one employee to another. That machine must go through effective data sanitization before it is repurposed because every employee has their own user level and role-based access controls, and each user will be creating their own data on that device.
An extreme example would be taking the CFO's machine with critical financial information and moving it to someone else in the organization – you want to be absolutely sure that all that information is permanently eliminated off of that machine before it gets redeployed. Effective data sanitization needs to be top of mind when considering extending the life cycle of these machines or cascading them from one employee to another.
Q: What role does the IT asset disposition (ITAD) process play in ensuring that older devices are responsibly recycled or repurposed? How can organizations ensure they are partnering with ITAD providers who follow best practices in data security and environmental responsibility?
RE: Great question. IT asset disposition (ITAD) can play a huge role in helping organizations keep their commitments on sustainability. My advice to organizations is to partner with an ITAD that is accredited by either the Responsible Recycling (R2) Standard for Recyclers or the Standard for Responsible Recycling and Reuse of Electronic Equipment (e-Stewards). According to the EPA, “Both are based on strong environmental standards that maximize reuse and recycling, minimize exposure to human health or the environment, ensure safe management of materials by downstream handlers, and require destruction of all data on used electronics.”
As experts in the business of reusing and repurposing and refurbishing hardware, accredited ITADS can help companies meet specific standards, and safely recycle and manage their electronics. They can also be the strategic partner that enables companies to decide whether to extend the life of their IT asset fleet and/or get the most residual value out of the components in those devices.
With the transition to Windows 11 imminent, this is the ideal time to start looking for an accredited ITAD partner. Windows 11 is much more resource intensive, even some of the more recent, advanced Intel processors may not be compatible with it which is prompting a lot of the discussion about refresh cycles.
Another reason why organizations should partner with an ITAD is because they are incentivized to keep devices in the circular economy – this is a core component of their business model. They usually take a full end-to-end approach, including making sure each device is sanitized of all data using industry standard, auditable processes. Some also have their own processing facility so the chain of custody of each machine can be verified. This is really important because ESG and sustainability reporting requires organizations to maintain control over the devices and know exactly what’s happening to each machine as it’s being processed.
Q: Microsoft’s decision has sparked concerns about a potential increase in e-waste. How can the tech industry as a whole address these concerns and promote more sustainable practices in device management and disposal?
RE: The three main areas where tech can improve sustainability are: energy efficiency, the reuse of existing IT assets, and the reduction of use of new plastics in those IT assets. Organizations can first and foremost promote reuse in general, as well as design IT assets for reuse and efficiency, and promote longer support for those IT assets. Furthermore, there's an opportunity to look at your own internal IT support lifecycle.
In many organizations worldwide their IT asset lifecycle is just based on the number of years – e.g., once that PC is three years old, it needs to be replaced. Why not consider extending the timeline to four years or five years? As I mentioned earlier, depending on the type, a PC can be effective anywhere from three to eight years. When a machine is getting older, it’s worth asking – what can I still do with that machine? Once you’ve answered this question, organizations can get more specific about the effective life of that machine. An alignment with business purpose is more important than having a strict time scale.
Q: In terms of the circular economy, what opportunities exist for repurposing older PCs that can no longer support the latest operating systems? Can you provide examples of how these devices can still offer value in less resource-intensive use cases?
RE: We’re currently at a crossroads when it comes to security and sustainability. Security always must be the top priority for organizations, no matter how big or small. While it’s possible for companies to repurpose older PCs by re-imaging them using Linux, I’m skeptical that many will use their time and resources to do so. As I mentioned previously, if a PC is running a non-supported operating system, such as older Windows operating systems and it's connected to the internet, it becomes an immediate security risk and a breach gateway. Enterprises must weigh the risks of using older devices with the value that device might bring them as a so-called “dumb terminal” and risk of it getting infected or hacked, and then compromising their entire IT ecosystem. Embracing a security-first mentality should ultimately drive decisions regarding device use and/or reuse.
Q: How should organizations balance the need for maintaining up-to-date and secure systems with the environmental impact of replacing older hardware? What factors should they consider in making decisions about upgrading versus extending the use of existing devices?
RE: Balance is the key word here. I’m a huge proponent of extending the life of older PCs, tablets and mobile phones through promotion of re-use, as well as phasing out planned obsolescence. When it comes to company policies on device refresh cycles, I’d recommend internal support be aligned with business purposes rather than a strict timescale. As I stated earlier, the effective life of a PC is three to eight years; however, there is a tradeoff between keeping older devices, data security and employee productivity that must be considered. It’s highly possible for companies to have PCs still in use that aren’t compatible with newer operating systems and are no longer being supported. These are all considerations IT administrators must weigh as Windows 10 support ends and the transition to Windows 11 begins.
However, the upgrade to Windows 11 isn’t exactly straightforward, in fact, even PCs more than five years old may not be compatible with the new OS. My advice to IT teams is to conduct an asset audit to determine the age and compatibility for each device. The quality of today’s laptops, Macs and PCs alike, has made it easier to extend the refresh cycle from three years to four years, or even more. which is good news. Go beyond four years and IT administrators will run into a bigger question of whether keeping older laptops online makes sense because of the extra IT headaches they could cause, including more help desk tickets, a lack of worker productivity, and again, an increased threat footprint.
Q: Beyond data sanitization and hardware repurposing, what other strategies can organizations adopt to minimize their environmental impact and contribute to reducing the overall volume of e-waste?
RE: Extending the device refresh cycle will help reduce environmental impact but I would highly recommend that larger organizations find a trusted IT Asset Disposition (ITAD) partner they can collaborate with to develop strategies to further reduce the impact resulting from e-waste. While it’s worth reexamining the device refresh cycle and how the migration from Windows 10 to 11 will impact it, there’s a bigger conversation to be had about sustainability in data center decommissioning. CISOs and security officers still believe that drive destruction is the only way to securely decommission a data center – when in fact they couldn’t be more wrong.
There’s a widespread belief that data center server drives must be destroyed, 100% of the time. By some estimates, 20 to 70 million very expensive HDDs reach end of life every year in the U.S., most of which are shredded and dumped into landfills – that’s a lot of scrap metal.
However, it is not necessary to destroy these drives for security-purposes when an ITAD partner can use software-based data sanitization on each drive and then ready them for the circular economy.
There also seems to be some confusion about the standards that guide the decisions that result in destruction. CISOs no longer need to follow DoD 5220 overwriting guidelines as they are more than 15 years out of date. Organizations should rethink their policies and let more recent standards, including NIST 800-88, and the even more recent IEEE 2883, both which provide guidance on data centralization best practices and techniques guide their decisions. Changing hearts and minds will lead to more sustainable practices not only across enterprises, but also across the data center and hyperscaler community.
Q: Looking forward, how do you see the role of technology companies like Microsoft and others in leading the way towards more sustainable and responsible device lifecycle management practices?
RE: I’ve been very encouraged by the steps technology OEMs are taking to be more sustainable organizations. I’m seeing broad support across the industry, not just from Microsoft, but Apple, HP and Lenovo are also stepping up to help their customers meet their own ESG and sustainability goals. Microsoft is currently taking the energy usage of Azure cloud into consideration. From a sustainability standpoint, Azure has the potential to make a much larger impact on environmental sustainability over the long run than the upgrade from a Windows 10 to a Windows 11-capable device.
Apple’s use of aluminum in their laptops is key, because aluminum is one of the most recyclable materials in the world and increases the potential for reuse. And of course, Apple has one of the best used mobile device refurbishing programs in the industry.
The HP Renew program is notable because it offers an extensive portfolio of refurbished HP computing products. These are very high-quality refurbished devices that offer the same reliability and performance as new HP products, but for a significantly lower price than an equivalent new laptop or computer making the program ideal for smaller organizations or those that have a limited IT budget. Because products in the HP Renew portfolio are returned to HP from various sources, there are often concerns about data being removed before the products are resold – but there shouldn’t be. As part of HP’s rigorous refurbishment process all Renew products are reformatted and retested. During this process every drive is wiped clean of any data and every disk is separately overwritten.
Another program that deserves a mention is the Lenovo Intelligent Sustainability Solutions Advisor (LISSA), which is an umbrella of solutions underneath that includes TruScale Device as a Service and asset recovery. Through Lenovo, a well-respected global brand, LISSA provides enterprises with a much clearer end-to-end path for their fleet of devices at the end of their useful life.
The transition to Windows 11 and the challenges of IT asset management call for a forward-thinking, strategic approach from organizations. These valuable insights emphasize sustainability, data protection, and efficient lifecycle management, offering a blueprint for companies aiming to reduce the environmental impact of their technology decisions.
By cultivating a culture of reuse and implementing responsible recycling practices, businesses can contribute to a more sustainable future while maintaining robust security standards. We thank Russ Ernst from Blancco, for sharing his expertise, which provides a clear roadmap for companies navigating these complex technological and environmental considerations.