Flash-based memory has been an industry standard for years, but solid state drives (SSDs) are just now becoming affordable enough to be included in original equipment manufacturer (OEM) devices. Solid state hard drives replace the traditional hard disk drive for storing system data as well as user documents, settings, records and credentials. SSDs are particularly favored in mobile computing, due to their resilience, portability and low voltage. The Macbook Air, the Acer Chromebook and the Samsung Chromebook all rely on flash storage, for example.
But in spite of the benefits for the end user, solid state drives pose new challenges for data security. A recent study conducted by researchers at the University of California, San Diego concluded that securely erasing data on SSDs is more difficult than on HDDs for a number of reasons. Important takeaways from the study include:
Solid State Drives Cannot Be Degaussed
For years, degaussing was an important and highly effective step in decommissioning hard disk drives and other digital media. Data on tapes, hard disk drives and floppy disks is stored magnetically. By exposing these types of media to high powered magnets, the data was erased or rendered completely irrecoverable. Because of the way solid state drives store data, degaussing has little to no effect on them. This includes mass solid state drives as well as USB thumbdrives, SD cards and USB pendrives.
Secure Deletion Methods on SSDs Don’t Always Work
Software-driven secure file deletion methods usually involve formatting a drive and then overwriting the sectors where the data was stored. This process is sometimes called sanitization. You can buy commercial software that automates this process for you. The problem is, however, that the majority of such software is designed for hard disk drive interfaces. Because the method by which solid state drives physically write data to sectors is fundamentally different than the read/write process for hard disk drives, the secure deletion commands often do not get carried out properly for SSDs. To remedy this issue, some SSD manufacturers have implemented built-in secure erasure mechanisms for SSDs, but even these features are less than 100% reliable.
Physical Destruction is Still the Most Secure Practice
As with hard disk drives, solid state drives that contain or formerly contained sensitive information should be shredded. The lesson that we’ve learned from other types of digital media is that no file can truly be eradicated electronically. With today’s technology, this is even more true for solid state drives.