Securely erase SSDs and flash memory

Securely erase SSDs and flash memory
20 Aug 2021

It is impossible to imagine today’s companies without Solid State Drives (SSDs). However, data saved on them cannot be destroyed as easily as it can on normal hard disks. What needs to be considered when erasing SSDs and who can help you?

The first SSDs were already developed in the 1970s and 1980s. At that time, however, they were so expensive that they could only be used in supercomputers from manufacturers such as IBM or Cray. In the early 90s, SanDisk then launched the first flash-based SSD, which had a capacity of 20 Mbyte – at that time an impressive achievement. In recent years, the prices for SSDs have dropped sharply, while at the same time they have increased in size. This has made them interesting for widespread use in companies.

Drop in prices for SSDs

With the drop in prices, the unstoppable rise of flash technology began. Today it can be found almost everywhere. The digitalisation of companies, accelerated once again by the Corona pandemic, has led to increasing demands on data centres. The continuously growing amounts of data must be processed both quickly and efficiently at the same time. This is only possible with – or at least in combination with – flash memories. Today, SSDs are therefore used in almost all IT devices, be they notebooks, desktop PCs, servers or all-flash storage systems. While they are used as the sole storage medium in high-end computers, many companies rely on a mix of SSDs and HDDs to meet their storage requirements.

If you look at the big picture and not just at the price, SSDs are not necessarily any more expensive than conventional hard drives. Depending on the intended use, they can even be cheaper than HDDs. When it comes to erasing data on SSDs and flash memory, however, there are some serious differences that you should be aware of.

Why erasing SSDs is more difficult than HDDs

Due to their construction, SSDs are significantly different to HDDs. Hard disks are based on several rapidly rotating magnetic discs, for example. Each of these discs is equipped with a movable arm as well as a write and read head that are moved by motors. For better data management, the discs are organised into tracks and sectors.

SSDs, on the other hand, do not store data on discs but on NAND semiconductor arrays. These are divided into blocks, pages and cells. While new data is written at page level, it can only be erased again at block level. To make matters worse, the respective cell must be erased before each new write operation. Due to these repeated processes, the quality of the cells continuously decreases over time. Sooner or later, the point is reached where they can no longer be reliably used to store data.

In addition, to increase the speed of processing, the data on an SSD is usually distributed over various segments. This leads to data being moved, copied or duplicated again and again. Gradually, a complex structure emerges that is managed by the controller. These special conditions lead to problems when erasing data on SSDs.

Ways to erase data on SSDs

The degaussing method used on conventional hard disks, for example, does not work on SSDs. If a company wants to use it for its data carriers, then the existing SSDs must be separated from the HDDs beforehand. Otherwise, the data stored on them will be preserved. Alternatively, SSDs can also be shredded. However, it is important to ensure that the service provider complies with the requirements of the General Data Protection Regulation (GDPR) and offers certified data destruction.

However, if data carriers are to be reused or possibly even sold, which makes perfect sense for economic reasons, then the data present on the SSDs can be reliably erased using suitable software. Here, there are also several options. It is easiest if the data carriers are fully encrypted. It is then not necessary to overwrite them multiple times. Only the keys that were stored to decrypt the data must be destroyed. The Crypto Erase process used for this is comparatively inexpensive and requires little time. However, any keys that may still exist elsewhere must also be destroyed, otherwise the data may still be recoverable.

Secure and professional data erasure with Blancco

Complete security can only be ensured by completely overwriting the entire data carrier multiple times with random values. Restoring the previously existing data is then impossible. Tools that work for HDDs, however, are not sufficient for SSDs. Due to the way SSDs work, as described above, not all data may be overwritten when these tools are used. Green IT Solution GmbH therefore uses the proven data erasure software from the market leader, Blancco. This company has developed a patented process for erasing SSDs that not only destroys the existing data, but also ensures, at the firmware level, that there are no recoverable remnants.

Blancco supports all common SSD interfaces, be it SATA, SAS, eMMC or NVMe. All remaining data is identified and overwritten multiple times with random data. This ensures that the full logical capacity of the SSD is overwritten and not just the compressed capacity. Blancco not only uses the internal erase commands of the SSD such as Block Erase or Cryptographic Erase to clean it up, but also an automated process. In this way, the software ensures that all necessary steps are carried out in the correct order. A tamper-proof report is then produced, which is signed with a digital certificate.

Green IT Solution GmbH has made it its business to reliably and securely erase your data and to protect it from third party access. Immediately after receiving your hardware, the revision-proof erasure procedure is started. This is how we ensure that your data does not fall into the hands of unauthorised persons. Feel free to contact us. We will be happy to help you.

Andreas Th. Fischer