Companies that are storing and utilizing massive amounts of data are finding solid-state drives (SSDs) enticing as an alternative to traditional, electromechanical disks. These new, efficient drives employ memory chips instead of spinning platters to store information. Because there are no moving parts to the drive, they are typically smaller, last longer, and consume less energy.
A few months ago, we were approached by one of our customers to help them develop a solution with us to securely destroy their solid-state drives that have failed or have been decommissioned. We accepted the challenge and here’s what we found out about the destruction of solid-state drives:
1. Degaussing won’t work. A solid-state drive uses integrated circuit assemblies to store data, unlike traditional hard disk drives. The data on SSDs is virtually unaffected by the method of degaussing. Although degaussing is the absolute best practice for traditional hard drives, it erases data by reducing or eliminating the unwanted magnetic field (information). Because SSDs do not store data magnetically, they are not able to be securely destroyed via traditional methods.
2. Shred particle size is critical. The best practice to destroy a solid-state drive is via hard drive shredding. After a few tests with our client, we discovered that the shred width (particle size) was critical to the success of destroying the small memory chips where the data is stored. Typically, a shred width of ½” or smaller is needed to break through the small memory chips and securely obliterate the data. Many standard industrial shredders will shred to 1” particle size, thus allowing the memory chips to slip through the hammers that shred the data, leaving sensitive information intact. When destroying SSDs, awareness of the appropriate shred width distinction to break through the memory chips is crucial.
3. Trackable inventory is necessary. From cradle to grave, management of IT assets requires a leak-proof system that accounts for the location and status of each asset. With an auditable, trackable, and indisputable inventory record of each destroyed SSD, liability and risk are greatly minimized. If you have sensitive data, assurance that it is gone for good with the correct documentation is not only peace of mind, but can also save you from damages in the event of a breach.
The modernity of this technology has sparked the need for innovation in responsible and secure disposal for SSDs. Knowledge of the best practices when it comes to the last 100 yards of an IT asset’s end-of-life is essential to managing risk. With solid-state drives, always make sure your in-house solution or current vendor is utilizing the correct shredder to guarantee physical destruction of the data. The emergence of solid-state drives is why Securis has invested in the necessary technology to dispose of them properly.