Data security and SSD Drives
Today on InfoSec Island, you can read a new article by Kanguru contributors regarding the security of Solid State Drives (SSD). New technologies used in SSD's makes it difficult to sanitize the drives of sensitive information.
Due to the difference in technology between flash based SSD's and platter based HDD's, currently accepted methods for sanitizing HDD's such as multiple pass disk wipe and degaussing are not effective for securely removing data from SSD's.
The difficulty in safely wiping SSD's stems from the fact that SSD's, and their cousin the flash drive both utilize solid state memory and a data writing technique known as wear-leveling. Wear-leveling is a method of controlling which flash cell has data written to it.
The article points out an effective method of ensuring that sensitive information can never be recovered by the wrong person.
A simple yet effective way to make sure that data is unrecoverable from an SSD is to utilize encryption. Using full disk encryption has a twofold effect. The first obvious effect is it will secure the contents of the data on the SSD.
Adding encryption, preferably at the hardware level, adds a layer of security to all your data and is a step towards meeting many of the security requirements currently needed in the financial, healthcare and public sectors.
Second, and equally important, when it comes time to retire the drive, the encryption key can be deleted, leaving the data inaccessible.
Read the full article here.