White Papers: The Challenge of Sanitizing Obsolete
or Defective Solid-State Data Storage Devices
Solid state data storage has become the standard for all mobile devices and is rapidly becoming an integral technology used in data center storage devices. We are seeing significant implementation of this technology in network devices. This technology is rapidly becoming a major part of your secure data destruction challenge.
The same old sanitization techniques used on hard drives and tapes doesn’t work with SSDS
Degaussing doesn’t work because SS technology is not magnetic. Old hard drive shredders and punches don’t work because solid state storage is so small. Using manufacturer’s data erasure tools are problematic because no two manufactures use the same storage algorithms and even the same manufacturer uses different algorithms in different models and product updates. If you don’t apply the exact match to the storage methodology of a device, it doesn’t completely erase the data. Adding to this challenge is that once you’ve applied the erasure tool there is no method other than laboratory analysis to determine if the erasure is complete.
Solid State Data Storage Technology has Built-in Obsolescence
Solid state data recording has a limited number of times data can be recorded to a particular spot. Due to this, SSDS devices have a substantially greater storage capacity than what the device is rated for. When the error checking and correction procedure detects a weak area on the device it copies that information to an unused section of the device. This is another reason manufacturers erasure tools can be ineffective. They simply don’t know where the data is located. As with magnetic tapes a schedule for retirement should be maintained.
You Must Destroy Sensitive Data on to-be Retired Data Assets
Proper data destruction techniques and procedures are required under data privacy laws, the payment card industry security standards (PCI-DSS) and electronic data discovery litigation rules as well as your own internal data security standards. Proper technique is defined by the National Institute of Standards and Technology’s (NIST), the federal agency responsible for setting government standards, “Guidelines for Media Sanitization”. The Guidelines establish shredding SSDS devices to a minimum ½” particle size as the baseline sanitization standard. Regulatory and industry requirements state that you must maintain documented evidence of your destruction activity and if you use a 3rd party vendor perform rigorous “vender due diligence” which includes confirming that the vendor has all required certifications and license to perform the task.
Back Thru The Future Computer Recycling is one of a very few licensed electronic recyclers that has both mobile shredding and plant based shredders that meet the NIST standard and is also NAID AAA certified for both mobile and plant based secure data destruction.