Since the first days of chat message boards and social media profiles, we’ve all heard the saying, “don’t put all of your information online because it never truly goes away.” The same can be said for end-of-life data and information on solid state drives (SSDs): once information is on there, it’s next to impossible to fully remove. Aside from implementing a secure, in-house destruction plan, there are numerous methods we do not recommend using. Let’s break some of those down.
A major misconception when it comes to data destruction is that destruction methods for hard disk drives (HDDs) and solid state drives (SSDs) are interchangeable. We hate to burst your bubble but…that’s false! Degaussing is simply not an option for the destruction of end-of-life data on SSDs. Solid state drives and optical media do not require it as part of the destruction process because they do not have an inner magnetic, rotational platter that can be scrambled like HDDs do.
However, crushing and/or shredding is recommended. Since SSDs can store vast amounts of information on such small chips, even tiny, intact fragments can hold a plethora of sensitive or private data. This means that every single SSD chip must be properly destroyed and done so in a machine specifically designed to destroy solid state media and produce particles small enough to ensure that no data can be retrieved.
Recycling and/or Throwing Away
While we always support taking the greener route, trying to recycle your end-of-life drives cannot be done securely and is not recommended. Unfortunately, the majority of our waste and recycling ends up in landfills and dumpsters which are literal gold mines for hackers and thieves.
In addition, it is often reported that on average, recyclables and waste sit on sorting floors for up to four weeks before finally being destroyed. To top it off, recycling and waste is hardly ever transported securely, making it easy for people to intercept and have access to your most sensitive information, putting yourself at even more risk of a possible breach.
Deleting and/or Overwriting
While methods such as cryptographic erasure and data erasure would allow the drive to be used again, it is not a secure and foolproof destruction. Information, whether encrypted or unencrypted, can still linger behind on the drive and be accessed, even if it has previously been deleted or overwritten.
ITADs, or information technology asset disposition companies, are third-party vendors that sanitize and destroy end-of-life data and drives. While the appeal of these types of companies can be quite attractive, we at SEM do not recommend utilizing these types of companies when disposing of your end-of-life data. While there are some reputable ITAD and data sanitization companies out there, the risk may not be worth the convenience. Security risks can be unpredictable and potentially catastrophic as it can be far too easy for ITAD vendors to misuse, mishandle, and misplace drives when in transportation, destruction, or disposal. It has also been reported that some vendors sell end-of-life devices and their sensitive information to online third parties.
Other (Un)Worthy Methods
- Running over SSDs with your car
- Roasting your SSDs over a fire
- Giving your SSDs a swimming lesson
- Physical destruction with a blunt object
By physically destroying SSDs with an appropriate shredder or disintegrator, companies are choosing the most secure method of data destruction as this is the only way to be certain that the end-of-life data has been properly destroyed. SEM SSD crushers are ideal for lower volume data center destruction of solid state media, while our shredders are recommended for higher volume destruction. SEM SSD disintegrators provide the most complete chip destruction and the highest level of security, destroying SSDs and chips to the NSA’s mandated 2mm final particle.