While completely erasing old data from storage devices is critical to the security of an organization, newer flash-based solid state drives (SSDs) make it difficult to erase data, according to a new study.
Researchers at the University of California at San Diego found that existing disk sanitization techniques don’t work on SSDs because the internal architecture of an SSD is very different from that of a hard disk drive.
“Sanitization is well-understood for traditional magnetic storage, such as hard drives and tapes,” said the researchers’ in their study summary. “Newer solid state disks, however, have a much different internal architecture, so it is unclear whether what has worked on magnetic media will work on SSDs as well.”
While SSDs aren’t the dominant form of storing data currently, nearly one-quarter of organizations have deployed SSDs in their data center and more than half plan to increase their use of SSDs this year, according to then 2011 InformationWeek State of Enterprise Storage Survey.
Most modern drives have embedded commands to run a standard sanitization protocol on the drive to remove all data. While these techniques should be reliable, the researchers found that many of the implementations were flawed. They tested 14 different file sanitizing techniques on SSDs, but found that every one left at least 10MB of recoverable data from a 100MB file. Some techniques left all the data intact, including overwriting the chip with pseudorandom data or using a British HMG IS5 baseline.
“Our results show that naively applying techniques designed for sanitizing hard drives on SSDs, such as overwriting and using built-in secure erase commands is unreliable and sometimes results in all the data remaining intact,” they said.
The solution, the researchers suggest, is to encrypt all data from the beginning, then destroy the encryption key and overwrite every page of data to securely wipe the SSD and block future key recovery.