← Insights
Offboarding6 min read

The Laptop You Never Got Back

Every company with a remote workforce is accumulating a shadow fleet: devices assigned to people who no longer work there. It's a cost problem, a data problem, and an audit problem — and it exists because nobody owns the return.

Ask any IT leader with a distributed workforce a simple question: how many of your devices are currently in the possession of people who no longer work for you?

The honest answer, almost everywhere, is "some — we're not sure how many." That uncertainty is the tell. Somewhere out there is a shadow fleet: laptops assigned to former employees, sitting in closets and junk drawers, each one still carrying whatever data it carried on the person's last day, each one still a row in the asset register marked assigned.

It's easy to dismiss as petty loss — a laptop here, a laptop there. It's three problems wearing one disguise, and only the smallest of them is the hardware.

Three problems in one closet

The asset problem is the visible one. Each unreturned device is capital written off — and worse, it's usually replaced, because the next hire needed a machine and the recoverable one wasn't recovered. The company quietly buys its fleet twice at the margin. Recovered devices, by contrast, are assets: wiped, re-provisioned, and back in inventory for the next hire, they're the cheapest laptops you'll ever "buy."

The data problem is the serious one. A device in an ex-employee's possession is company data — files, cached email, saved credentials, customer information — outside company control, on hardware nobody is patching, in the custody of someone with no remaining obligation to you and, in a contentious departure, possibly a grievance. MDM remote-wipe helps only while the device is online and enrolled; a laptop that's been sitting powered-off in a drawer since the exit interview has never received the wipe command. You cannot certify the destruction of data on a device you don't possess.

The audit problem is the one that arrives later. Security questionnaires, SOC 2 fieldwork, cyber insurance renewals, and — in healthcare — privacy officers all ask versions of the same question: account for your endpoints and demonstrate data was destroyed on the retired ones. "Assigned to a former employee, location unknown" is a finding, every time. In regulated environments, an unrecovered device that touched PHI isn't a loose end; it's a potential incident with a paperwork trail you don't want to write.

Why recovery fails: it's nobody's job

Device recovery doesn't fail because it's hard. It fails because it's orphaned. HR's process ends at the exit interview. The manager's job ended when the farewell email sent. IT finds out late, if at all, and "chase a laptop from someone who doesn't work here anymore" lands on no one's goals.

And the work itself is genuinely awkward in ways ticket queues aren't built for. It requires contacting someone with zero obligation to respond, making return effortless enough that they actually do it, following up politely but persistently, escalating when polite stops working, and doing all of it across weeks — for every single departure. Left to good intentions, it decays to an email that says "please return your laptop" and a spreadsheet nobody reconciles.

What a recovery operation looks like

Run as an operation instead of an errand, recovery is unglamorous and highly solvable:

  • Triggered by the departure signal. The moment the exit hits the HR system, the recovery process starts — no ticket, no memory required. Best case, the return kit is in motion before the last day.
  • Effortless for the departing employee. A box arrives with padding, instructions, a prepaid label, and a drop-off option that doesn't require printing anything. Every ounce of friction removed measurably raises return rates; the employee's cooperation is the scarce resource, so the process spends nothing of it.
  • Tracked, with a cadence. The return has a tracking number and an owner. No movement in a week triggers the next contact; the contacts escalate on a schedule, from friendly reminder to formal notice, without anyone having to decide to be the bad guy — the process is the bad guy.
  • Received like it matters. The returned unit is checked in against its serial, its condition recorded, its custody documented from carrier scan to shelf.
  • Closed with certainty. The device is wiped with a certificate filed against the serial, then re-provisioned into inventory or retired through documented disposal. The asset record flips from assigned to resolved with evidence attached — which is the sentence your next audit wants to read.

The output isn't just recovered hardware. It's a clean answer to the question every security review eventually asks — produced as a byproduct of process, not as a scramble.

The test

Pull your asset register and count devices assigned to people no longer on payroll. If the number is zero and you can prove it, you have a recovery operation. If the number is unknown, that's the answer too — and the shadow fleet is growing by one with every departure that ends at the exit interview.

Talk to us about device recovery

/ Diagnose your environment

Run the diagnosis on your own environment.

Surya runs the physical device lifecycle — regional configuration and distribution, same-day swaps, serialized chain of custody — from Research Triangle Park.

Book a diagnostic call