Sprachen Businessbereich Bezugsquellen
Speicher
SSD-Laufwerke
USB-Sticks
Flashspeicher
Wireless
Support
SPEICHERSUCHE

Community


SSD Data Wiping: Sanitize or Secure Erase SSDs?

Media reports, such as this Computerworld article, caused a lot of Kingston customers to be concerned about their procedures for securely erasing all data from their Kingston SSDs. Many similar articles were based upon a University of California San Diego study that revealed that certain processes to wipe data from SSDs actually left data behind.

We will look at what the study says, and provide you with step-by-step instructions to do a Secure Erase which will wipe out all data from Kingston V Series G2, V100, V+ G2, and V+100 SSDs.

Study: SSDs store data differently from hard disk drives

The ability to totally erase data from storage devices is a critical component of secure data management, regardless of whether the organization is just throwing away an old system or repurposing it for someone else's use. Researchers from the Department of Computer Science and Engineering and one from the Center for Magnetic Recording and Research at the University of California have found that existing disk sanitization techniques originally used for hard drives don't work on SSDs because the internal architecture of an SSD is very different from a that of a hard disk drive.

"Reliable SSD sanitization requires built-in, verifiable sanitize operations," the researchers wrote.

Most modern SSDs have built-in commands that instruct on-board firmware to run a standard sanitization protocol on the drive to remove all data. Since the manufacturer has "full knowledge" of the drive's design, these techniques should be reliable, but researchers found that many of the implementations were flawed.

Sanitizing a storage device using ATA Secure Erase

Sanitizing is the removal of sensitive data from a system or storage device with the intent that the data can not be reconstructed by any known technique. For data that resides on hard drives and solid state drives (SSD), a method known as ATA Secure Erase is the most effective.

ATA Secure Erase is part of the ATA ANSI specification and when implemented correctly, wipes the entire contents of a drive at the hardware level instead of through software tools. Software tools over-write data on hard drives and SSDs, often through multiple passes; the problem with SSDs is that such software over-writing tools cannot access all the storage areas on an SSD, leaving behind blocks of data in the service regions of the drive (examples: Bad Blocks, Wear-Leveling Blocks, etc.)

When an ATA Secure Erase (SE) command is issued against a SSD’s built-in controller that properly supports it, the SSD controller resets all its storage cells as empty (releasing stored electrons) - thus restoring the SSD to factory default settings and write performance. When properly implemented, SE will process all storage regions including the protected service regions of the media.

Secure Erase is recognized by the U.S. National Institute for Standards and Technology (NIST), as an effective and secure way to meet legal data sanitization requirements against attacks up to laboratory level. Kingston SSDNow drives support the ATA Security Command for proper data sanitization and destruction.

Data sanitation regulations and organizational requirements

There are numerous state and federal regulations that contain provisions related to the sanitization and disposal of data. For example, at least 10 states have enacted laws that require destruction of “personal information” when it is no longer needed for business.

The Health Insurance Portability and Accountability Act (“HIPAA”) requires formal documentation of disposal procedures to ensure health information is properly sanitized prior to being discarded.

The Payment Card Industry Data Security Standard (PCI DSS) requirement 9.10 stipulates that storage media be destroyed when it is no longer needed for business or legal reasons. PCI-DSS is setup to verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media.

Additionally, many large private companies are now requiring that data on all electronic storage media be sanitized prior to the media’s sale, donation, transfer of ownership and disposal.

ATA Secure Erase tools

A shareware DOS tool called HDDErase can be used to execute a Secure Erase. HDDErase is available here.

HDDErase is an easy-to-use tool that runs from a DOS bootable drive. In order to run HDDErase the system BIOS must be set to “IDE” or “Compatibility” mode in order for the drive to be recognized by HDDErase. HDDErase can only be run on drives that are attached to a systems IDE or SATA ports directly and not through a USB bridge or enclosure.

Running HDDErase

To execute a Secure Erase using HDDErase, boot from a DOS bootable drive containing HDDErase and type hdderase, at the command prompt.

Next, HDDErase will confirm you want to run this program, select “y” to proceed. This step will be followed by additional disclaimers and a license agreement. Follow the on-screen instructions.

Next, HDDErase will confirm that all data will be “Deleted” from the selected drive. Select “y” to proceed.

Next, select the drive to be erased. In this example P0 should be selected.

Next, select “1” to execute a Secure Erase.

Confirm by selecting “c’ to continue

When Secure Erase has finished a message will appear that Secure Erase is complete.

Just enter N and exit.

The web site has detailed documentation on this utility.

Proper Sanitation of Kingston SSDs: Use Secure Erase Only

Secure Erase using a utility that properly implements the ATA Secure Erase command is the best way to effectively wipe all data from a Kingston SSD.

One key benefit for IT — Secure Erasing an SSD no longer requires the 6 or more hours required for a multi-pass hard drive wipe. On a 256GB Kingston SSDNow V+ 100, a Secure Erase can be completed in 2 minutes. Some SSDs can take longer, but not nearly as long as mechanical hard drives!

Author: Cameron Crandall - Kingston Technology

runCallbackScript();runCallbackScript();