Highly-regulated organizations are used to the regulatory microscope. A growing spate of international, national, regional and state regulations now prescribe the secure handling and disposition of sensitive information. What they don’t always cover, however, is a seldom-discussed subset of secure data disposal: the secure SSD (solid state disk) erasure process used at an SSD drive’s end-of-life.

To address this subset of secure data disposal, this article poses two valid questions: “Is your ITAD vendor’s SSD erasure process really secure?” and, “Why should you care?”

Why Should I Care About a Secure SSD Erasure Process?

While the price decreases for SSDs have stabilized, recent market trends continue to show these types of drives are widely used in global enterprise companies. SSDs can be found in PCs and laptops, servers (using various forms, such as PCIe cards, etc.) as well as hybrid or all-flash arrays. Database systems that require fast processing also rely more on underlying SSDs to replace or augment slower, “spinning” hard disk systems.

On the other hand, many highly-regulated organizations are in the midst of a technological paradigm shift. Most are now transforming their approach to data storage and operations, moving sensitive information systems to the cloud. This leaves their IT teams faced with decommissioning on-premise storage devices, including those using SSDs.

Many IT or IS teams trust their IT asset disposition (ITAD) vendors to take care of such secure, end-of-life disk sanitization and disposal for them. Unfortunately, many ITAD service providers are not always clear about how well various methods work to securely erase the contents of an SSD.

Is Your ITAD Vendor’s SSD Erasure Process Really Secure?

It pays to take a closer look at whether your ITAD’s data erasure process used for SSDs is truly secure. Unfortunately, in too many cases, the answer is “No.”

Many ITAD vendors rely on common industry practices for sanitizing or wiping data. These practices are based on traditional hard disk drive (HDD) systems. However, because SSD technology differs so much from HDD technology, most traditional HDD erasure and disk wiping methods are ineffective with SSDs. These and other ineffective methods for sanitizing SSDs are listed below:

• Shredding. Because SSDs typically come in small chipset form factors, most current ITAD vendors’ disk-shredding equipment is not designed to shred SSD chips into small enough pieces as to make their contents unrecoverable. This is a case where one size does not fit all: What’s adequate for HDD shredding leaves plenty of data available when used on SSDs.
• Degaussing. SSDs do not use magnetic fields like HDDs do. Because degaussing relies on a process of decreasing or eliminating portions of magnetic fields to destroy data, this process is ineffective on SSDs.
• Overwrites that use a repeating bit pattern. SSD technology can compress or deduplicate this type of “zero-filling” (or repeating bit data) so that it won’t be fully written to the physical layer of the SSD.
• Encryption. Some IT teams might think that encrypting a device, then throwing away the encryption key, is adequate protection for an SSD’s end-of-life. Yet, many SSD systems supporting drive-level encryption tend to include the associated key directly on the device itself. Even if the key is obscured, the data remains on the device. As long as the underlying data remains, it risks the potential to be decrypted at some future point.
• Built-in deletion functions. Other IT teams believe if they use an SSD manufacturer’s built-in deletion utilities, SSD command set and proprietary algorithms for deletion, they will resolve any encryption or overwriting issues. Unfortunately, these SSD manufacturer practices often leave recoverable data behind. In recent years, university professors at both the University of California San Diego (UCSD) and the University of Northern Iowa have found issues with the efficacy of such internal SSD manufacturer methods toward secure SSD erasure. In the case of UCSD, researchers found that certain SSD systems delivered false positives. In their research, the SSD device indicated it had performed a secure deletion of SSD data, yet the underlying data remained. For organizations trying hard to reduce any irregularities or false assessments in their own algorithms, such news in the proprietary algorithms of SSD vendors is troubling.

Even NIST’s SP 800-88 Rev. 1 “Guidelines for Media Sanitization” draws attention to the “variability of implementations” when it comes to SSD sanitization issues, as well as the concurrent need for additional verification of secure deletion for any specific methods used (See our NIST Quick-Start Guide here).

Conversely, secure SSD erasure methods remove data completely.

Building a Better Mousetrap: How to Avoid False Positives in SSD Erasure

As the SSD market matures, new standards will ultimately help refine or correct many issues, including those surrounding secure erasure of SSDs. But, in the crowded SSD market with multiple iterations of current and legacy SSD products, discrepancies between manufacturer implementations (and vendor algorithms) will remain.

So what can enterprises or their ITAD providers do to ensure secure erasure of their SSDs? It helps to start looking to external, third-party software vendors to do much of the heavy lifting for you.

• Look for vendors with their own “super-algorithms” designed to work with all supported SSD security protocols, including all vendor makes and models. Such super-algorithms should be able to identify, then overcome, the unique discrepancies or weaknesses in vendor-specific erasure implementations.
• You should also search out independent software that works to erase SSD data at both the logical and physical layers of the device. This includes firmware-level erasure. It should also include the ability to compensate for compression via multiple, random overwrites that ensure data is written across the full logical capacity of the SSD. Such software should also be able to override system BIOS freeze locks that prevent the use of internal SSD erasure commands. (Using such commands properly is necessary to achieve a NIST Purge-level erasure.)
• Finally, look for software that performs its own detailed verification, audit trail and reporting to ensure the contents of SSDs have been truly erased.

Software vendors should be able to demonstrate proof of their successful erasure process via independent testing by data forensics or recovery organizations and groups like the Asset Disposal & Information Security Alliance (ADISA). Or, go the extra step and choose a vendor with a patented and secure SSD erasure process (PDF) that covers all common SSD interfaces, such as Blancco Drive Eraser.

Related resources

The GovInsider Guide to Secure Data Disposal

How Blancco Helps Organizations Achieve Compliance with NIST SP 800-88

[Infographic] An International Look at Public Sector SSD Destruction

ADISA Verifies & Certifies Blancco’s SSD & Mobile Erasure Software