Quick Erase

Reliably erasing data from storage devices is critical for secure data management. Solid state drives (SSDs) differ from hard disk drives in how they store and manage data using flash memory instead of magnetic disks. SSDs have an added level between the logical block addresses systems use to access data, and the physical flash addresses where data is actually stored. This layer improves SSD performance and reliability by masking the complex flash memory interface and managing its limited lifespan. However, it can also create hidden copies of data that a skilled attacker could recover, even if the user can't see them anymore. Because of this, it is extremely important to fully remove all data when sanitizing storage devices.

There are four different techniques for sanitizing an entire SSD:

1. Issuing a built-in sanitize command
2. Repeatedly writing over the drive using normal IO operations
3. Electrically destroying the drive via a high voltage generator
4. Leveraging encryption

1. Built-in sanitize commands

2. Repeatedly writing over the drive

Bit patterns could also be important for solid state drives (SSDs), but for different reasons. Some SSDs compress data before storing it, so they will write fewer bits to flash if the data is highly compressed. This suggests SSD overwrite procedures should use random data for maximum effectiveness.
The complexity of SSD firmware translation layers means how the drive was used before overwriting could impact the technique's effectiveness. We tested SSDs by writing the first pass of data either sequentially or randomly. Then, we performed 20 sequential overwrites. For the random writes, we wrote each LBA only once in a random order.
In most cases, overwriting the entire disk twice was enough to sanitize the drive, no matter the previous state. However, it takes a significant amount of time to fully sanitize a drive in this way.

3. Electrically destroying the drive via a high voltage generator

Degaussing is a quick and effective way to destroy hard drives by removing the drive's low-level formatting and damaging its motor. This erases all the data. However, flash memories in solid state drives (SSDs) don't store data using magnetism like hard drives. So a degausser won't directly erase the flash cells in an SSD.
Alternatively, an SSD could be designed with a high voltage generator and controller to physically destroy the NAND flash chips. But this type of design is not normal for SSDs. Industrial-grade SSDs from SP Industrial have a built-in power management unit for more reliable power than discrete circuits. They also have complete protection against overvoltage, overcurrent, surge and short circuits for higher safety than normal fuse designs. Therefore, using this technique to wipe the entire drive clean is not recommended.

4. Leveraging encryption

The self-encrypting drives in SP Industrial SSDs have an AES-256 encryption engine. This provides secure hardware-based data encryption without slowing down the SSD performance. The drive follows the TCG/Opal standard for trusted computer parts. Encryption is always on, but the encryption keys are not managed until security features from TCG/Opal or ATA are turned on. Deleting the encryption key makes the data very hard to access because it would take the encryption key away. This makes wiping the drive a quick way to securely remove all data, in theory.