The Solid State Drive Erasure Challenge – Securing Data Erasure in an Evolving Market

By Sami Tuupanen, Blancco

Solid state drives (SSDs) are transitioning from a boutique product to mainstream use in servers and desktop computers, driven by a decrease in cost and an increase in memory density. Research predicts that consumer and enterprise shipments of SSDs will reach around 83 million units in 2013 – a more than 100% increase in drives sold during 2012. (1) As SSDs grow in popularity, information technology (IT) asset managers will increasingly face the challenge of securely erasing data from these complex devices when they are retired, reassigned or disposed.

The rapid transition of SSDs to mainstream use for consumer and enterprise applications is a major reason that erasing data from their advanced and complicated flash-based memory is such a challenge. Because the SSD market has become so lucrative, it has a large number of vendors, each with its own array of SSD models that feature different internal hardware components. This presents a challenge for asset managers and data erasure providers, especially with the pace at which SSDs are evolving.

For IT asset managers, as well as third-party recyclers and IT asset disposal specialist (ITADs) who support them, it is important to understand the SSD market and technology, why SSD erasure is challenging, and how to address data sanitization with an effective erasure product. Information and ongoing research from a professional data erasure company is critical to the secure removal of sensitive business data from all types of hardware, whether an established or emerging equipment choice like SSDs. This expertise prevents a disconnect between the user’s expectations of erasure and what happens in reality, which could result in a costly data breach if the right erasure technology is not used.

SSDs Answer Market Needs

SSDs use a type of flash media to store data and do not have any moving mechanical parts, unlike electromechanical hard disk drives (HDDs), which have spinning disks and movable read/write heads. Compared with electromechanical disks, SSDs are smaller, quieter, faster and less susceptible to physical shock.

While SSDs are now common in servers and desktops, mechanical HDDs offer more in terms of capacity per dollar and are still the primary choice in the laptop, PC and server markets. However, as costs continue to slide downward and memory densities move upward, SSD shipments are predicted to rise to 239 million units in 2016 ― 40% of the HDD market.

Figure 1: As SSD costs continue to slide downward and memory densities move upward, SSD shipments are predicted to rise to 239 million units in 2016 ― 40% of the HDD market.

Research also shows a declining trend in the use of desktop PCs and a preference for mobile computing devices as additional drivers for the use of solid state storage technology. Because SSDs are about half the size of a hard drive, weigh half as much, and use half the power, they are ideal for smartphones, tablets, and netbooks. In addition, with low power consumption, SSDs are a good fit for data centers and other mass storage environments.

Flash Memory: It’s Not All the Same

Flash memory has been used for years in USB drives, portable music players, mobile phones, memory cards and more, but is now used as a replacement for the role traditionally played by magnetic spinning disks. A major difference between flash memory in devices like memory cards and flash memory in SSDs is the way data gets stored in the actual memory blocks of the flash memory, as decided by a flash controller in the SSD. Also, simple flash memory devices usually have only one flash memory chip, whereas SSDs have several chips.

Figure 2: The difference between flash memory in SSDs and flash memory in USB sticks, memory cards, and smartphones lies in the way the data is stored in the actual memory blocks of the flash memory as decided by the flash controller.

While the internal memory chips in SSDs (called NAND flash) are very similar to those in portable USB drives, memory cards and mobile phones, their internal flash controller performs very different and much more complex operations. SSD controllers have advanced software modules that prolong the drive’s performance and lifespan through “covert” operations that are invisible to the operating system and the user.

When simple flash controllers are used, as in a portable music player, the operating system has a good idea about the physical location of the data stored in the flash memory chip. SSDs, on the other hand, use smart flash controllers that translate and optimize the operating system’s commands to ensure fast and efficient memory read-write cycles. The operating system does not see the physical location of the data stored in the flash chips. 

Figure 3A: With simple flash controllers, as in a portable music player, the operating system has a good idea about the physical location of the data stored in the flash chips.

 Figure 3B: With the complex flash controllers in SSDs, the operating system does not see the physical location of the data stored in the flash chips.

Challenges with SSD Erasure

Due to major physical and logical differences between SSDs and HDDs, as well as the differences that separate SSDs from the rest of flash-based storage, using the right SSD erasure technology is critical. In addition, with the proliferation of SSD providers on the market, the vendor of a drive may be different from the producer of the internal controller chip, which can also be different from the manufacturer of the flash chips used to store data. These scenarios further complicate SSD erasure.

There are a variety of options for SSD data erasure, carrying its own element of risk:

Delete/Format commands: Users cannot assume that simply deleting, emptying recycle bins or formatting an SSD will effectively destroy data, because data may actually remain in many cases. This data may prove difficult for an average user to recover, but skilled hackers or computer forensic experts could rebuild the file system and access the data.

Physical destruction: Ineffective destruction of SSDs may present recovery opportunities for a skilled expert from drive fragments. This research from 2011 also notes that SSD particle sizes may have to reach as low as 0.5 mm to prevent data recovery. Expensive equipment is needed to destroy SSDs at these dimensions, which leads to outsourcing and other chain-of-custody risks like transport of assets. Physical destruction also leaves a drive inoperable and denies the opportunity for a return on investment or to exhibit sustainable, environmentally friendly practices.

Software-based overwriting: The specific properties of an SSD result in potential issues when attempting to apply traditional overwriting methods such as DoD 5220.22-M or HMG Infosec Lower Standard to obfuscate stored data, a claim supported by empirical results.

Firmware-based erasure: Research on firmware-based erasure commands, such as ATA’s Secure Erase, have shown that this approach is not universally reliable for SSDs, (5) due to the unstandardized approach to erasure adopted by drive manufacturers.

Cryptographic erasure: In some cases, it may be possible to make data unusable through modification of the key used to encrypt/decrypt data on a drive. Reliance on this approach presents significant risks to data, which is still present on the drive, as it is susceptible to improper implementation of the cryptographic system. Challenging verification mechanisms and the lack of a visible audit trail are also problems with this erasure method.

Selective erasure: Targeted data erasure may be required at different stages during any disk’s lifetime, rather than only at the decommissioning stage. In HDDs, it is possible to securely sanitize individual files on a drive, but SSDs present different challenges.

Due to the nature of flash memory and the need to maintain performance levels, SSD controllers tend to write data to new locations, instead of “in-place.” Wear leveling techniques also mean that data is actively moved around the drive to prolong its lifespan. These factors indicate that selective erasure currently should not be considered for SSDs.

Advanced Erasure Software Handles SSD Nuances

With the escalation in use of SSDs, adherence to a standard hardware architecture ended up as something of an afterthought. Because there are so many SSD providers, IT asset managers cannot assume that one SSD’s behavior will match another’s, so an erasure software provider’s technical knowledge and ongoing research activities are critical.

Advanced data erasure software tools should be developed by providers who thoroughly understand the caveats of SSD technology. This software provides a wide range of approaches to sanitization so it can adapt to SSD memory variations, offering greater assurances that secure erasure was accomplished. It can also detect internal errors, corrupt firmware, or the inability to effectively erase the SSD. Without such capability, faulty drives that contain security risks are not identified so that appropriate procedures are implemented.

Also, less-advanced data erasure software may claim to remove data by overwriting or issuing a firmware command alone. In addition to only offering one approach, this software overlooks a critical element that advanced data erasure provides – production of a verifiable and secure report with vital hardware details and disk health information. This drive-specific information helps meet regulatory compliance and ensures safe redeployment of the device.

In addition to robust reporting capabilities, advanced data erasure software comes from a vendor who closely researches and participates in industry and regulatory activities around flash media sanitization. For example, the National Association for Information Destruction (NAID) has explicitly highlighted the challenges of SSD erasure and created a task force to standardize approaches to SSD sanitization.

IT asset managers should also consider an advanced data erasure vendor that offers third-party certification or approval that its technology effectively sanitizes data from a recognized agency, such as the UK-based Asset Disposal & Information Security Alliance (ADISA). Application of current government and industry erasure standards can help organizations with a growing number of compliance requirements, including a verifiable audit trail.

Also, because advanced data erasure software offers an automated process, it is possible to erase assets securely and in less time than other methods. The inclusion of a management console where erasure reports are archived also supports a more effective system for managing SSD erasure.

SSD Erasure Realities

As part of a robust data security policy, IT asset managers need to understand the differences between HDD and SSD data erasure requirements. The reality of erasing SSDs, due to their complexity and lack of hardware standardization, is that it requires R&D investment and constant analysis by a competent vendor who provides advanced data erasure software.

Advanced data erasure technology approaches SSDs with very specific knowledge and agile practices in order to handle the various hardware permutations or industry developments. Other relevant changes, such as the modification of legislation or sanitization standards, will likely affect the approach to erasing SSDs. Only an organization that maintains its awareness and understanding through effective research, industry analysis and ties with relevant partners can hope to maintain this.