This is an interview on the Data Protection Gumbo podcast of our founder Rocco D’Amico, the founder and CEO of Brass Valley dives into various aspects of IT Asset Disposition, including the hidden threats of dark data and end-of-life assets, challenges of data center closures and mergers, cost management, compliance and regulations, chain of custody, and innovations in the ITAD industry.
Interview Transcript
Welcome back to Data Protection Gumbo. I am your host, Demetrius Malbrough. And today we have a great show lined up for you where we will get into some of those hidden threats inside of your network and also dealing with devices that may be end of life, not staying on top of all those assets that could be causing a potential problem within your network.
I would like to welcome Rocco D’Amico, who is the founder and CEO of Brass Valley, to the show.
Rocco’s Background and Brass Valley
Originally I come from an engineering background, but when I moved into the IT industry, I was working for a reseller and we were selling storage solutions for large companies. So we were doing multi host integration and things like that. Reselling for EMC and HP and companies like that. And eventually I peeled off and started my own business and I started off as a reseller.
In the process of selling a hundred or a thousand servers to a bank, I’d always get the question, “Well, what do I do with the old ones that we’re replacing?” I said, “I don’t know, but I’ll figure it out.”
So when I looked at the market at that time, it was like the wild west and there weren’t people I could bring in front of my clients. So I said, I think there’s an opportunity here. We jumped in that business and, uh, lo and behold, that’s the business that took off for us.
Now we’ve expanded this, and my company literally started in my basement and now we serve companies on a global basis.
Hidden Threats: Dark Data and End-of-Life Assets
One of the hidden threats or dangers is like dark data, like not knowing that you have all this data out within your environment, not to mention the assets that you have that, oh, they may be end of life or you thought you destroyed some data on a hard drive, but you actually just degaussed it or reformatted it, and you know that that still leaves data behind.
What do you normally see or the craziest thing that you have seen as it pertains to old assets kind of hanging around that people had no idea about?
There’s a few common threads. One is that I think folks always discover that there’s more stuff than they thought they had. And when we show up, when my team shows up, like people come out of the woodwork and say,
“Hey, oh, you guys are here. Let let’s, I got it, I got something for you.” And then they start running over to my guys. So there’s always more than you think there is from the outside looking in. And it’s hard to keep track of all that things. Cause everybody’s busy. And once you decommission something, it’s easy to let it just fall out of the mind’s eye and let it drift by the wayside.
The craziest things I see are usually when they built a data center around server or an STK powder horn, because you say, “How in the world did they ever get this in there?” And my teams are walking over pipes and up and down stairs to get these things out.
Data Center Closures and Mergers
The data center business is booming right now, especially with cloud and also artificial intelligence, and people still need more computing footprint for doing training artificial intelligence and their GPUs. But how often are you seeing data center closures? And I know you were telling me about a data center closure, like 49 different data centers all around the world, and they needed that done in like two months, 60 days, right?
That was a merger. One company bought another, the leases were expiring, and they said, “We’ve got two months to get this done. 49 data centers, 22 countries in two months, that was a challenging one.” What we’re going to see with artificial intelligence is that from a storage perspective with arrays, for years and years and years, they’ve been making them so that they’re smarter, they’re self-healing, they’re faster.
And what that does is it drives data into different areas of an array or an architecture that you’re not expecting it. So for example, we had a major banking client that sent us 15 arrays that happened to have been erased by the OEM. And just for laughs, one of my techs plugged one in and lo and behold, there was data on the drives, and we looked at it and said, “Where did it come from?”
Because these have all been certified erased. Well, there was battery-backed cache inside those machines, and so all that data was still in there.
ITAD Best Practices
What are some of the best practices around managing ITAD (IT Asset Disposition), and also when you’re dealing with these tight deadlines that you need to close a few data centers at a time?
The things that I look for are how the vendor communicates. We’ll usually use a platform like Google sheets or something like that, and we’ll set up a rudimentary project tracking, live project tracking spreadsheet. And so the folks that are working on the project, they’re communicating through this spreadsheet, they’re communicating issues or communicating deadlines.
And we also give our customers visibility to that as well. So they can see in real time what’s going on. Communication is the absolute, absolute number one priority when you need to do it like that, when you need to have several in a different location.
You also need to have a good escalation plan, because stuff’s going to go wrong.
Murphy’s still alive.
So you need to have that buy-in ahead of time and say, “This has got to get done. It’s got to get done in this time. And if it doesn’t, we’ve got a big problem.”
Cost Management
How important is it, or how difficult is it, to manage the costs when you are dealing with these ITAD type projects?
There’s a couple of dynamics that take place there. One is the quality of the knowledge going into the project. Do you have accurate inventory lists? Do you have accurate configurations of the equipment going in?
And then there’s the human side of this, where the client may have just built this data center two or three years ago and spent $3 million on it, and they want to get money out of it. And then there’s the vendor’s perspective, where they want to try to give you money, but sometimes they may try to show you the shiny side of the apple and say you’re going to get more than you may get.
So you may get disappointed in that. The other aspect could be the people that are involved. If your vendor is using subs, if something gets broken, you need to make sure that you’ve got the proper insurance in place to be able to cover that.
Security, Compliance, and Chain of Custody
How often do you have to educate someone on the insurance and the whole aspect of compliance and regulations when it comes to disposition?
I always recommend if you can visit your vendor, go do it and just do your own audit and see with your own eyes and get a sense, get a gut-level feel for the company. Short of that, vendors like us carry certifications like R2 or e-Stewards for environmental, and we’ve gotten a AAA certified for data security.
But I’m going to tell you something – you’ve been in business long enough, you’re going to know that the prisons are full of guys that had all these same certifications.
So you’ve got to see for yourself. The last word is going to be that service agreement.
Chain of custody is really there to show the movement of the equipment and that it was handled at each step of the way responsibly and in the data security laws take that into account. If you had to go to court, God forbid, that’s the kind of documentation that you’re going to need.
Innovations in ITAD
What are some of the innovations in the IT or ITAD practice area that can contribute to achieving a no-breach record in these extensive de-installation and data destruction activities?
We have implemented high reliability practices at our company and I’m becoming an evangelist for it now, industry-wide. Basically, what it is, is it’s a way to prevent catastrophic failure.
And it was originally developed and implemented in the nuclear industry, which you can see, “Hey, we don’t want a nuclear incident.” And then it was adopted by the airline industry and then it was adopted by the healthcare industry. Before the healthcare industry implemented these practices, they were losing the equivalent of a 747 jet a day worth of people to needless deaths.
So it’s teaching humans how to interact better and how to not make mistakes.
Advice for Students
What advice would you give to a college student who is majoring in computer science right now and they watch this episode and say, “You know what? I want to get into the IT asset disposition.”
I think as an industry, we are sticky. We’re not, our jobs can’t get outsourced.
We’re a service that people need.
They’re going to continue to need it. And we become an integral part of the business because the equipment’s got to go somewhere and it’s got to be handled correctly because there’s a big downside to not doing those things.
So we’re a sticky industry, not easy to replace. We’re a labor-intensive industry and I think we’re going to be around for quite a while.
Some data on a hard drive, but you actually just degaussed it or reformat it. And you know that that still leaves data behind. What, what, what do you normally see or the craziest thing that you have seen as it pertains to old assets kind of hanging around that people had no idea about? Well, there’s, there’s a few common threads.One is. I think folks always discover that there’s more stuff than they thought they had. And when we show up, when my team shows up, like people come out of the woodwork and say, and they say, Hey, oh, you guys are here. Let let’s, I got it. I got something for you. And then, and then they start running over to my guys.
And so there’s always more than you think there is from the outside looking in. And it’s hard to keep track of all that things. Cause everybody’s busy. And once you, once you decommission something, it’s easy to let it just fall out of the mind’s eye and let it. Drift by the wayside. So I think all the larger of the organization, I think the more they struggle with that.
And I don’t know about the craziest thing I’ve seen, but that’s a common thread that I see. The craziest things I see are usually when they built a data center around server or, uh, or like an SDK powder horn or something like that, because you say, how in the world did they ever get this in there and.
You know, my, my teams are walking over pipes and up and down stairs. Is that a thing? Like you, you, and just, just for the, the Gumbel audience and STK powder horn is a huge, I think it’s like an octagon shaped. Cream colored, huge tape library. And it’s sometimes they, they build it’s, I swear, they built around these things and that’s when it gets really tricky.
That’s when it’s hard because you can’t, typically they want the building intact when you can’t knock down walls or anything to get it out. So usually you have to take it out by pieces or chunks. So, okay. Now, knowing what I know, I know the data center business is booming. Right now, and especially with cloud and also artificial intelligence and people still need more computing footprint for doing training artificial intelligence and their GPUs because, you know, NVIDIA is just killing it right now with all of the innovation that they’re doing over GPUs and the whole.
Blackwell platform that they just introduced at the GTC conference that they have going on as well. But how often are you seeing data center closures? And I know you was telling me about a data center closure, like four 49 different data centers all around the world. And they needed that done in like two months, like 60 days, right?
That was a merger. One company bought another, the leases were expiring and they said, they came to us and said, Hey, we’ve got two months to get this two months before you can start 49 data centers, 22 countries in two months, that was a challenging one. And so a couple of thoughts on that. One is that what we’re going to see with artificial intelligence is.
From a storage perspective with arrays for years and years and years, they’ve been making them so that they’re smarter, they’re self healing, they’re faster. And what that does is it drives data into different areas of an array or an architecture that you’re not expecting it. So for example, we had a, a major banking client that sent us 15 arrays that happened to have been erased by the OEM.
And just for laughs, one of my techs plugged one in and lo and behold, there was data on the, all of a sudden there was data on the drives and we, we looked at it and we said, where did it come from? Because these have all been certified race. Well, there was battery back cache inside those machines. And, and so.
All that data was still in there. So I guess what I’d like your listeners to, to realize is that just don’t think of the hard drives anymore. Think about where the other areas that data could reside, and you’re going to be well on your way to creating an environment where that you have that is more secure.
And so this acronym ITAD, what are some of the best practices? Around managing those. And also when you’re dealing with these, these tight deadlines that you need to close a few data centers at a time. Yeah. So there’s a few things. One is experience is the best, is the best indicator. So if somebody has done it before, look for them to do it again.
And just so you know, just so your audience knows, I’m not only a provider of ITAD services, I’m a consumer as well, because we can’t be all places at all times. And so I’ve got. A network of people that I have vetted. And so the thing, so I I’ll give them a chance to peek over my shoulder here a little bit.
So the things that I look for are how do they communicate that’s, that is like the most important thing. So for example, we’ll usually use a platform like Google sheets or something like that, and we’ll set up a root rudimentary type of project tracking, live project tracking spreadsheet. And so the folks that are working on the project.
They’re communicating through this spreadsheet. They’re communicating issues or communicating deadlines. And we also give our customers visibility to that as well. So they can see in real time what’s going on is the status center being decommissioned. pictures and things like that. We’re allowed to take where if we’re allowed to take pictures and.
So I would say communication is the absolute, absolute number one priority when you need to do it like that, when you need to have several in a different location and you do that and you have to have a good escalation plan. And because guess what? Stuff’s going to go wrong. Murphy’s still alive. Right? So, so you need to have a good escalation plan and be able to get.
To the power structure within the vendor that you’re working with to pull in a lever. So if you’re working with a very large vendor and they have to go through three levels of approval, that could be an issue if you’re on a tight deadline or tight schedule. So, so you need to have that buy in ahead of time and say, say, guys, you know what, this has got to get done.
It’s got to get done in this time. And if it doesn’t, we’ve got a big problem. And you usually, you usually can. Build that into an MSA, the master service agreement. So that way, and that’s what I recommend folks do is like, try to get some guarantees in there. Okay. And you mentioned things can go off the rail pretty quickly.
Now, the first thing that popped in my mind is cost, right? That. You may have budgeted for one thing, but it’s almost like building a house, right? You want to do some renovations and you go out and price, you know, how much a stove and some new cabinets and paint and contractors, but then once they get in there and they actually demolition.
That spot, they find something else that’s going on. Right. So how important is it, or how difficult is it to manage the costs when you are dealing with these, these ITAD type projects? So there’s a couple of dynamics that take place there. One is, uh, the quality of. Of the knowledge going into the project.
Like, do you have accurate inventory lists? Do you have accurate configurations of the equipment going in? And then there’s, there’s sort of the human side of this and the human side of this says, I just, I, I just. Built this data. So I just put the infrastructure in this data center, you know, two, three years ago, I spent 3 million on it.
I want to get money out of it. Right. And then, and then there’s, there’s the, the vendor’s perspective that they say they want to try to give you money, but sometimes guys try to show you the shiny side of the apple. And, and, and they say you’re going to get more than you may get. So you may get disappointed in that because they’re trying to win the business.
If you haven’t worked with them before, you don’t have a longstanding relationship with them where they’re just going to come flat out, come and tell you. So, so that’s kind of where, that’s kind of where it can go sideways a little bit was creating the proper expectations for what you’re really going to get for the equipment and cause nobody wants to hear after they spent 3 million that, you know, they’re going to get.
30, 000. I mean, it’s just human nature. And so, and so that’s one, that’s one aspect of it that where it goes sideways. The other aspect could be just the, the, the people that are involved. If your vendor is using subs, if you know, something gets broken. You need to make sure that you’ve got the proper insurance in place to be able to cover that.
So you’re going to want some kind of Bailey’s insurance or Inland Marine or something like that to make sure that if something gets broke, it either your, either your company is going to have insurance for it, or the vendor is going to have company insurance for it. And that falls back to when the vendor takes control, it takes custody of the equipment.
Do they take custody of it at the dock? Or do they take it when it reaches their doc? So you need to pay attention to those little nuances to make sure that. That you’re covered because that’s a gap if, if you’re not paying attention, that could bite you. Yeah. And as far as the security aspect of it, like I’m sure there are different regulations and compliance things that has to be done as far as making sure that when you’re disposing of certain assets that you just have to make sure that you are adhering to.
And if the client doesn’t know, then. I’m sure you have to know, how often do you have to educate someone on the insurance and the whole aspect of compliance and regulations when it comes to disposition? Yeah, so there’s, there’s, there’s a couple, a couple ways to look at this. One is, I always recommend if you can visit your vendor.
Go do it and just do your own audit and see with your own eyes and, and get a sense, get a gut level feel for the, for the company short of that vendors like us carry certifications are to V3 or East for environmental. We’ve gotten a AAA certified for data security. Now. I’m an ITAD vendor and I’ve got the certifications, but I’m going to tell you something.
You’ve been in business, right? In this business long enough. You’re going to know that the prisons are full of guys that had all these same certifications. So, so you got to see for yourself. There’s a reason why they do spot in spot audits on these, on the companies that hold these certifications because people do cheat them.
And so it’s the first word there’s perfectly fine. I’m not arguing against them. They’re the first word, but they’re not the last word. And in my view, the last word is going to be that service agreement. And what, where does chain of custody come in when you’re dealing with these types of projects? Sure.
So, so chain of custody is, is, is sort of, I think it evolved from the hazardous waste industry where you had to show movement of the material. You’re responsible for the material from cradle to grave, right? So you have to show that. Yes, you owned it. Yes, you didn’t. Here’s a bill of lading that moved it to your recycler, and then you’re also going to want to see where it went after that recycler downstream.
So that that’s a complete chain of custody is really there to show the movement of the equipment and that it was handled at each step of the way responsibly and in the data security laws take that into account to now. So it is a complete chain of custody shows that cradle to grave movement of the material.
Mhm. You need, if you had to go to court, you know, God forbid, if you had to go to court, that’s the kind of documentation that you’re going to need. Okay. Okay. And I know we talked about artificial intelligence a little bit earlier, but what are some of the innovations in the IT or ITAD practice area that can contribute to achieving like a no breach record?
Yeah. In some of these. Like extensive de installation and data destruction activities. Yeah. We have implemented high reliability practices at our company and I’m becoming an evangelist for it now, industry wide. So basically what it is, is it’s a way to prevent catastrophic failure. And it was originally developed and implemented in the nuclear industry, which you can see, hey, we don’t want a nuclear incident.
And then it was adopted by the airline industry and then it was adopted by the healthcare industry. And before, to give you an order of magnitude, a sense for what an impact this could make, before the healthcare industry implemented these practices, they were losing the equivalent Of a 747 jet a day worth of people to un to to needless deaths So wow picture of 747 falling out of the sky every day And that’s that’s what the american health care system was losing just because they didn’t implement these practices and really what it comes down to It’s, it’s teaching humans how to interact better and how to, how to, how to not make mistakes.
So, and I’m, I’m really high on it. And I started out as a skeptic. My wife was telling me about it and I’d have a bad day of work and she’d say, you ought to think about this high reliability stuff. And I’d say something very sensitive, like, that sounds great. Could you pass the potatoes? And then, and then.
And so after one day, I finally said, well, you know, tell me about that high reliability stuff. And then she did. And I started to pay attention, which I should have done in the first place, as she often remind me. And, and now I’m an evangelist for it. Okay. Awesome. And one more question here. Sure. What is your typical conversation like?
With your, let’s say this is your typical client. Is there a theme that runs across the conversations that you have? And I’m not quite sure the, because I’m in marketing. So we call them personas or is it just the it director, the operations manager, data center manager, mostly that, those folks, what does that conversation look like?
Is that. Super technical tactical down in the weeds, or is there more of a high level paperwork type checklist process that you go through with them? You know, that’s a great question. So it’s driven by the culture of that company. So if I’m dealing with a bank, they’re going to be very sensitive about data security, right?
If I’m dealing with a broadcast company that doesn’t want their equipment to end up in some third world countries with little kids picking through it, they’re going to be very focused on the environmental aspects of it. So that kind of drives the conversation. And then from that, that point on, I always like to educate them as to what they’re out.
I don’t try to tell them what to do. I try to. Tell them, I tried to get them where they need to go. So, so I tell them what their options are, what the, the, the pros and cons are of each option. And, you know, there’s a cost trade off and let them make the decision on what’s right for them. Great advice there.
You have a lot of layoffs happening right now. The tech industry is, it’s a little wonky with, with layoffs that it’s happening. It seems to be happening more, but. I think the numbers are still below, like the unemployment number is still kind of low, but something’s happening right now. I can’t quite put my finger on it if it’s AI or is it just a market that’s shifting or what?
But what advice would you give to a college student? Let’s say they’re majoring in computer science right now and they watch this episode and say, you know what? I want to get into the it asset disposition. Yeah, I think as an industry, we are sticky. We’re not, our jobs can’t get outsourced. We’re a service that people need.
They’re going to continue to need it. And we become an integral part of the business because the equipment’s got to go somewhere and it’s got to be handled correctly because there’s big downside to not doing those things. So we’re a sticky industry, not easy to replace. We’re a labor intensive industry and Yeah, I think we’re going to be around for quite a while.
All right. Well, Rocco, thank you so much for appearing on data protection gumbo. Is there a final shout out that you would like to give your website or any other information you’d like to share with the listeners? Sure. My, my website is www. brassvalley. com and. If you want to connect with me on LinkedIn, I publish, I publish their weekly or bi weekly with all kinds of updates and news and things that I discover, I share it with everybody.
So it’s a great way to keep in touch with what what’s coming out. And I try to look around corners where I can, and I try to share that information wherever I can. So nice, happy to connect with anybody that’s up. Well, uh, Rocco, thank you so much again for being a guest, taking time out of your day. This is super.
And before I let you go, I want to let the audience know, once again, as I do in each podcast that we do have a backup and recovery professionals, LinkedIn group, and there are over 26, 000 individuals and professionals from storage, cybersecurity, data backup, recovery, disaster recovery, literally that entire market is in In that group.
And we’re having similar conversations to the ones that we are right here on data protection gumbo. So Rocco, thank you again.
