Flash-based memory has been an industry standard for years, but solid state drives (SSDs) are just now becoming affordable enough to be included in original equipment manufacturer (OEM) devices. Solid state hard drives replace the traditional hard disk drive for storing system data as well as user documents, settings, records and credentials. SSDs are particularly favored in mobile computing, due to their resilience, portability and low voltage. The Macbook Air, the Acer Chromebook and the Samsung Chromebook all rely on flash storage, for example.
But in spite of the benefits for the end user, solid state drives pose new challenges for data security. A recent study conducted by researchers at the University of California, San Diego concluded that securely erasing data on SSDs is more difficult than on HDDs for a number of reasons. Important takeaways from the study include:
Solid State Drives Cannot Be Degaussed
For years, degaussing was an important and highly effective step in decommissioning hard disk drives and other digital media. Data on tapes, hard disk drives and floppy disks is stored magnetically. By exposing these types of media to high powered magnets, the data was erased or rendered completely irrecoverable. Because of the way solid state drives store data, degaussing has little to no effect on them. This includes mass solid state drives as well as USB thumbdrives, SD cards and USB pendrives.
Secure Deletion Methods on SSDs Don’t Always Work
Software-driven secure file deletion methods usually involve formatting a drive and then overwriting the sectors where the data was stored. This process is sometimes called sanitization. You can buy commercial software that automates this process for you. The problem is, however, that the majority of such software is designed for hard disk drive interfaces. Because the method by which solid state drives physically write data to sectors is fundamentally different than the read/write process for hard disk drives, the secure deletion commands often do not get carried out properly for SSDs. To remedy this sisue, some SSD manufacturers have implemented built-in secure erasure mechanisms for SSDs, but even these features are less than 100% reliable.
Physical Destruction is Still the Most Secure Practice
As with hard disk drives, solid state drives that contain or formerly contained sensitive information should be shredded. The lesson that we’ve learned from other types of digital media is that no file can truly be eradicated electronically. With today’s technology, this is even more true for solid state drives.
Call Go Green Mobile Shredding and we’ll come to your office and shred your solid state drives on-site.
Today’s business managers and consumers are getting savvier about protecting their privacy and identity. But a heightened awareness of the importance of paper shredding has led to a few persistent misconceptions about data security.
1. Particle Size Matters Most
Well-intentioned office managers often presume that, when it comes to paper shredding or hard drive destruction, smaller particle size always equals greater security. While it is important for shredded material to be practically unreconstructable, there are other points of vulnerability to consider beyond the risk of someone piecing together shredded paper or electronics. This is why government agencies stress the process of data destruction, rather than the resulting particle size. Regulations focus on best practices for the collection, transport, processing and disposal of sensitive material.
Don’t be overly impressed by the size of the particles that any particular shredding company claimed to produce. Particles that are 1/26” aren’t inherently more secure than particles that are 1/32”. Instead, ask how secure their data destruction process is. A good way to measure that is to check for National Association for Information Destruction (NAID) certification. NAID verifies approximately 20 different aspects of a data destruction company’s process before awarding certification.
2. In-house Paper Shredding is Best
There’s a mentality that if you want something done right, do it yourself. But when it comes to data destruction, handling it in-house may actually leave you more liable. Shredded confidential documents in the dumpster behind your office building are easy targets for two reasons:
1. Dumpsters on public roads or even private alleys are easily, and in some cases, legally accessible.
2. Experienced dumpster divers know that shredded documents contain the most valuable information; that’s what they’ll grab first.
Outsourcing your paper shredding solves these issues by disposing your processed documents in a receptacle or facility that is not open to the public and by comingling your shredded documents with material from other clients.
3. All Paper Recycling is Secure
Many businesses have arrangements with recycling companies who buy their office paper, pick it up and take it to their facility for processing and baling. While these companies serve an important role for the environment, the purpose of this service is completely different from secure data destruction. This arrangement is purely for the sale of recyclables, and doesn’t account for the security of your company’s information. Sensitive documents could be compromised in transit to the facility or even at the facility by an employee. A more secure way to dispose of your recyclable material is to shred them on-site, right before your eyes.
Go Green Mobile Shredding is a NAID Member data destruction company that can shred your hard drives, digital media and paper on site, right in your parking lot. We issue a certificate of destruction documenting the secure processing of your materials and then bring them to a certified recycling facility.
Call Go Green Mobile Shredding today to learn how your office can protect its data and save the environment.
