How to Securely Erase Flash Storage
Making Sure Sensitive Data Cannot be Recovered
Flash storage such as memory cards and solid state drives (SSDs) are great for storing and processing large amounts of data. However, making sure that sensitive data is permanently and securely erased can be a challenge – and this is an important thing to make sure before disposing a NAND media. If the data could be retrieved by an unauthorized person this could have severe consequences.
Erasing Data on a Flash Storage Device is Not as Easy as It Seems
The process of removing sensitive data from a storage device so it can no longer be recovered nor reconstructed is called "sanitization." Proper sanitization ensures confidentiality and enables organizations to have appropriate control over the information they are safeguarding.
Some of the sanitization methods available on the market today, however, have been designed for mechanical drives such as HDDs and do not entirely fit with the specific attributes of a NAND Flash based media.
The Unique Nature of Flash
A NAND cell consists of a number of blocks which consist of a number of pages, each of them storing data. But as only full blocks can be erased, deleting one or several pages in a block usually means that this “deleted” data is simply marked as inactive and the operating system will not show it any more – but it is still physically stored on the NAND and will remain so until the internal garbage collection processes of the media erase the block to free up space.
On top of that, every NAND based storage device has to keep some portion of the available NAND as buffer for more efficient operation (also called overprovisioning). This area is neither visible nor accessible for the user, and it may consist of blocks storing “inactive” data, which the host assumes to be deleted.
Why “Deleting” is Not Enough
When a user deletes data through the operating system it is usually not physically deleted on the storage media. In some cases it may be moved to a temporary folder such as “recently deleted” to allow the user to recover data that was deleted by accident. But even if the data is permanently deleted in the operating system this initially only deletes the respective file names from the directory. On the storage media, the respective data is marked as invalid but remains there until the block is fully erased and filled with new data.
In addition, due to wear leveling and garbage collection, the same data may be stored redundantly on various locations.
Why Common Sanitization Techniques May Not Work for SSDs
As stated earlier, not all sanitization techniques are suited to SSDs, as they had originally been designed towards other storage media technologies.
Mechanical drives are, by design, sensitive to magnetic and physical forces – which has been adopted by some erase mechanisms. Degaussing effectively deleted data using magnetic fields and also physical destruction was relatively easy due to the large disk size.
NAND based storage devices however are insensitive to magnetic forces, shock or vibration – so destruction mechanisms based on these do not work for them. Also, physical destruction is far more challenging due to the small size of the NAND chips compared to the large disk of a HDD.
Hence, securely erasing data on flash devices requires the use of mechanisms that are optimized for the specific attributes of NAND.
Solution – ATP’s SecurWipe feature – part of the SecurStor feature family
SecurStor is ATP’s answer to the growing data security concerns in the industry and is integrated into most of ATP’s new or upcoming industrial only flash storage solutions.
Its feature set can be customized to the individual requirements of an application or a system and with that helps protect mission-critical applications against unauthorized access to data or systems.
SecurStor’s feature range includes, but goes far beyond, conventionally available data at rest protection mechanisms such as encryption or
TCG Opal to assure protection not only of data that is stored in the NAND but also of data that is being processed inside a system or sent across a network.
SecurWipe
ATP’s SecurWipe is a very fast and secure mechanism, optimized to the specifics of a NAND based media. It ensures that all user data is permanently deleted, including spare areas such as overprovisioning and any data marked as inactive.
SecurWipe comprises a set of mechanisms that are integrated into many of our products; the actual implementation may vary between products. SecurWipe features include:
- Cryptographic Erasure (Crypto Erase), which is also referred to as “cryptographic shredding,” erases the encryption key that is used to encrypt/decrypt incoming/outgoing data. Crypto Erase makes it impossible to decrypt or recover data while it still on the storage device, making the data unrecoverable.
- Overwriting with a fixed pattern, such as binary zeroes, makes data unrecoverable for magnetic drives. This usually takes several passes and takes up an enormous amount of time. The goal of overwriting is to replace all data (user data as well as areas that are not accessible to the user) with non-sensitive data.
The ATP SecurWipe Solution protects the confidentiality of user data by ensuring that all data is completely removed and cannot be recovered. ATP products supporting SecurWipe are ideal for critical applications such government and defense uses with heightened security requirements. For more information visit the ATP website or contact an ATP Representative or Distributor in your area.