SSDs are awesome; I can't believe it's taken so long. With dual NVMe drives in RAID 0 I'm back to waiting on the CPU for the first time in – well maybe ever. But secure is ever the afterthought is it not? When you need to decommission that hardware how do you erase the data? As you may have read in various articles, traditional methods of erasing HDDs don't work on flash-based SSDs. This includes:
- Degaussing
- Formatting
- Military spec overwrite algorithms for HDDs
- Shredding – only works if you can ensure very small chips are destroyed. Not to mention the fact that shredding is unauditable, expensive, messy, ecologically unfriendly and wastes valuable hardware
In this real training for free ™ webinar I will explain how SSDs are different and how
- You don't have direct access to flash the way you do with magnetic drives
- The Flash Translation Layer (FTL) gets in the way
- Flash memory wears out and why the over-provisioning method designed to deal with that problem creates a different problem when trying to remove the data
- Freeze-lock creates additional challenges
- ATA commands like ERASE UNIT may or may not work
Crypto-erase is often put forward as a solution. In this scenario you don't destroy the data – you just destroy the key. Theoretically – great. In practice, it all comes down to the implementation and key handling. Cryptography is really, really difficult. As Bruce Schneier says, cryptographic systems “must be implemented exactly, perfectly, or they will fail.” (https://www.schneier.com/essays/archives/1997/01/why_cryptography_is.html)
How much do you trust cryptography implemented by non-experts and how many firmware level programmers are working with SSD manufacturers who are also crypto-experts? Just look at the useless cryptography in other hardware - like automobiles.
So we will look at proven methods for securely destroying the data on SSDs. We will look at:
- Why high quality random data is important
- How a multi-stage method is critical to ensure can handle any model and generation of SSD
- How to verify the data is really gone
Joining me will be Russ Ernst and Jonathan Brew from our sponsor Blancco, who will briefly show how their data erasure software provides turn-key, military strength, independently verified erasure of SSDs and actually every other storage technology out there.
Please register now!