Solid State Drives (SSDs) are here to stay. They offer better data reliability, faster read and write times, and a more quiet computing experience. On top of all of this, they are more energy efficient to boot! With prices dropping, they are becoming more and more standard in data centers around the world. With all of that comes some interesting new problems to tackle.
SSDs contain no moving parts which is why the data is harder to destroy. If you’ve ever dropped an older “spinning rust” hard drive on the ground and found that all the data is lost then you know how attractive having a shock resistant data storage medium can be! This is great while the device is in use, but can present problems when trying to remove data before recycling the drive when it reaches end of life.
SSDs might stop working effectively (after awhile writing to them is impossible) but they can always be read from. This can leave your data exposed if not handled properly. When the drive no longer works, it can be tempting to just throw it out, but wait! There’s still a lot of valuable personal data on there! Your passwords, banking information, social security numbers, medical files, all of them could be exposed. This brings us to our first pitfall:
DON’T throw your SSD in the trash
This one should be obvious, but let’s face it, people do weird things sometimes. Not only is it illegal to dump e-waste in most places, but it is actually legal to go through someone’s trash in most places as well. As a result if you throw your SSD out, then you’re inviting someone to come by and pick it up and mine that data for all it is worth!
DON’T degauss your SSD
Degaussing a drive is nothing more than exposing it to a very strong magnet. This works wonders on spinning rust, but because SSDs do not rely on magnetism to store data, this does absolutely nothing to remove any data on your SSD device.
DON’T drill holes in your SSD
Causing physical damage to your SSD won’t even ensure all the data is erased. With spinning rust, data is stored on platters that fill the entire case of the HDD. Drilling a hole through that medium will certainly make the entire disk unreadable. However, if you pry open an SSD drive that looks like a small HDD, you’ll just see a bunch of chips. Any of those chips (or even any piece of those chips) can store data independently of the rest. So while you may be a little better off using a drill, it doesn’t do anywhere near enough to ensure all your data is gone.
DON’T “zero out” your SSD
Secure erase programs that write all 0’s to every bit of data on your HDD was a slow, but effective way of removing all data. For SSD’s though, it is a different story. Without getting into too much detail, SSDs actually have much more storage than they are rated for. This is so they can get around the “wearing out” problem mentioned earlier. As a result, the SSD may be pulling data or writing data to a part of the drive that is different. Thus, a single pass simply won’t do. Two passes? Nope. You would need to write the drive to death in order to ensure the data is cleaned off completely. Even then, if there’s any areas that are already worn out, there’s still data on there. Long story short, don’t do it. It is a waste of time.
But it isn’t all doom and gloom. There are actually two ways you can deal with your data risk…
DO MITIGATE your risk by encrypting your data
While quantum computing may be around the corner (5 to 10 years out), encrypting your data is still a great way to mitigate your risk. Just make sure you “throw away” the key when you do. There’s no need to erase anything this way. It is a jumbled mess of data to anyone without the key, but a perfectly ordered device to you! However, there is really truly only one way to know FOR SURE that your data is gone forever…
DO ELIMINATE your risk by SHREDDING your SSD
No, a woodchipper won’t do. We mean turn that drive into dust! NIST standards dictate 2mm particles or smaller. We like to go smaller, but we’re overachievers like that.
You can’t be sure your data is safe until it is sand. This isn’t something you should try and do yourself though. If you’re a regular consumer, be sure to take your devices to a trusted e-waste disposal facility. However, if you’re a business that is storing private information about your business or customers, you may be legally obligated to destroy your data within the 4 walls of your own building. (We can help you figure that out by the way.) And if you are in that category, what are you doing to track and contain your data prior to destroying it? Do you have a verification process?
Don’t worry, most businesses don’t. Or at least they aren’t doing it particularly well. That’s where TechR2 can help you with the Tear-A-Byte patented process, products, and procedures to “Track, Contain, Destroy, and Verify” your data bearing devices that have reached end of life.
Do you know where your hard drives go at night?
Matthew Bradford has been in the IT industry for over 25 years serving in Fortune 500 companies and smaller enterprises alike. He is currently the VP of Architecture and Development for TechR2, the premiere IT Data End of Life Management Company.