The Successful Eradication of Data on Solid State Disks (SSDs)
First problem – how do you know if it’s an SSD?
First you must identify the drive. The bios in a laptop or array does not recognize an SSD. On the outside, they look exactly like a magnetic drive. New erasure software can read the firmware codes on the drives themselves, and identify solid state devices during the disk detection phase of running data erasure software. Those drives identified as SSD should have a somewhat different erasure process. So you don’t have to worry about having some laptops with magnetic drives and some with SSDs.
Technology – why they are difficult to erase:
Solid State Disks are comprised of memory cells. These cells tend to have a shorter lifecycle than traditional magnetic media. To adjust for this SSD manufacturer’s implement wear-leveling algorithms, to ensure all cells are utilized equally and do not allow any one cell to be overused. As part of the wear-leveling process SSD manufacturers also over-provision cells – so the actual capacity of the drive is higher than the stated capacity. These provisional cells are utilized interchangeably with the active cells to moderate cell usage and extend the life of the drive. So an active cell could become a provisional cell, and vice versa, over time as the firmware utilizes it’s wear leveling algorithm. The provisional cells, during the drive life, will contain user data and are not usually accessible to the operating system.
So what can you do?
To overcome the challenge of over provisioning and wear-leveling of SSDs, a combination of OEM firmware based security erase commands complimented with traditional overwrite techniques should be used. OEMs (or hard drive manufacturers) have implemented secure erase commands in SSDs, and now most of them also have secure erase enhanced, which was developed to address the issue of the erasing the over-provisioned cells. However not all SSDs have secure erase enhanced, and it’s efficacy cannot be verified for all manufacturers, on all models, for all firmware revisions. Supplementing OEM security features with a statistically optimized multi pass overwrite of random data will trigger the wear leveling algorithms and force accessibility to all cells including those which are over provisioned. The encryption key must also be discarded for solid state drives that employ data encryption.
International security certification agencies have not provided any guidelines on erasing solid state drives as this is a relatively new technology. LifeSpan and our partners are working with OEMs and academic laboratories in testing and validating SSD data erasure techniques.
For more details on SSD technology and data sanitization, request a free 20 minute briefing from LifeSpan.
More Tech articles from Business 2 Community: