Securing stored data against nefarious users has never been more important. Whether that data is military in nature or it relates to a highly sophisticated skunkworks project your company is endeavoring to take to market, information getting out of your control and into the hands of bad actors can be devastating in financial and even human cost.
How do you reconcile secure storage with the growing popularity of solid state drives (SSDs)? In a few ways: faster encryption and different ways of securing and erasing the data on the drives.
Encrypting SSDs
Obviously, theft of confidential information is a chief concern, especially now that an unattended, unencrypted device might contain spreadsheets full of personally identifiable information, such as one computer that was stolen from an Indiana-based healthcare provider, according to Healthcare IT News. To protect against this particular case of bad luck, a tremendously important best practice is to automatically encrypt the data written to a drive. In this case, even if a system or an individual drive were stolen, the data would be unreadable, and while the thief could reformat the drive and use it for his or her own purposes, the data on the disk would be protected from access.
Understanding SSD Endurance and Over-Provisioning
White Paper
Get your free guide to optimizing SSD over-provisioning for improved cell endurance. Download Now
Will this encryption affect performance? It wouldn’t be accurate to say there is no performance hit from encryption; obviously reads and writes from a drive are affected by the computations necessary to encrypt and decrypt data. However, because a Samsung SSD runs at such high performance to begin with, the overhead required to perform the encryption comes out of that increased speed headroom that most users are very happy with after switching to SSDs, and any lag is virtually imperceptible to users. Additionally, the encryption happens on the drive itself at the time of data commit, so there are no resources being taken from the PC to do this. That computational time may make a greater difference on heavily used database servers and other machines regularly managing heavy loads, though, where you will be able to measure the performance impact.
Protecting Data by Erasing and Wiping
One of the best ways to ensure the security and integrity of data is to make sure it is safely deleted when it’s time to dispose of a drive. Organizations often donate or return lesser computers with drives intact and installed; in these cases, it’s important to ensure that the SSD is wiped of all traces of your data, making information previously stored on it completely irretrievable.
Securely erasing an SSD works differently than a traditional spinning platter-based hard drive. If you’re familiar with tools like DBAN or CCleaner, they won’t work on SSDs because their primary function, writing zeroes to sectors on a disk, simply doesn’t translate to the world of pages and keys on a NAND-based flash memory drive.
To wipe Samsung SSDs in particular, you’ll need to use one of a couple of different SSD-specific utilities for secure erasure:
- For Samsung drives, the Samsung Magician software can take care of the wiping with Secure Erase and Data Security. These features help users to maximize the performance and lifetimes of their SSD(s).
- For all non-Mac machines, there is Parted Magic, which is actually a collection of storage tools that has secure erasure as a built-in feature.
- If you’ve installed an SSD in your Mac, then you can use the OS X Recovery Mode Secure Erase feature (reboot your Mac, hold down the Option key, and then select the Recovery partition; at the menu, choose Disk Utility and then head over to the Erase tab).
Some other frequently asked questions surrounding drive erasure and data protection:
Can You Re-Format an SSD?
Yes, you can reformat an SSD, and the process works much like a traditional hard disk drive. The reformat fills memory cells with ones and zeroes, and then, typically, modern operating systems will use a command called TRIM to tell the controller hardware on the drive that those ones and zeroes are actually dummy data, available to be written over with future real data. One difference in formatting procedures, however, is that you’ll want to perform a quick format, rather than a full format — choosing a full format will actually perform an entire read and write cycle, which will shorten the life space of your SSD.
The Difference Between Erasure Methods
There are three basic ways to erase an SSD. Here, in decreasing order of effectiveness and security:
- Crypto Erase, or cryptographic erasure, is the process of removing the decryption key from a self-encrypting drive. As long as the information on the drive was encrypted with a 128-bit algorithm, then once the key is destroyed, the data is irreversibly lost.
- Secure Erase is a process that physically writes 1 to each memory cell of the drive, replacing whatever contents were there originally. This actually removes the data and since the process is initiated from within the drive itself, there are no write misses — it is effective erasure.
- Drive formatting. This simply prepares the drive for writes again but does not actually remove data stored in individual memory cells. This is the least secure of all options and should not be relied upon as a way to clear sensitive data from drives.
Explore how Samsung is building a line of bigger, faster, stronger SSDs that will keep your data accessible and secure.
