Reports that certain types of flash disks lack a secure deletion facility highlights the fact that solid state storage devices are very different in their architecture than magnetic drives.
A lot of companies have made the understandable mistake of presuming that flash drives are a slot-in replacement for magnetic drives, when in fact nothing could be farther from the truth.
And as prices have fallen, a lot of firms have gone for solid state drives (SSDs) to tap into the advantages of rapid boot times, especially or relatively smaller capacity flash drives.
Researchers at the University of California have discovered that the electronic data shredding procedures – aka data sanitisation – do not always work the same on SSDs as on magnetic drives.
This is due to the complex electronics on some of the latest generation of SSDs, which intercepts a data delete request and often only deletes the header, rather than the full data clusters that go to make up a given file on a magnetic drive.
This means that so-called ‘disk doctor’ programs, which allow data retrieval on a sector-by-sector basis, without resorting to requiring header data, as an operating system normally does, can effectively undelete supposedly sanitised data files on an SSD.
The bottom line is that ‘conventional’ data overwrite commands which have worked well on magnetic drives since the earliest days of PCs in the 1980s, cannot be relied upon to function in the same manner with a flash drive.
As the university researchers found, the erase procedures provided by manufacturers should be verifiable as well, so that users could easily check post-sanitisation that their data had been removed.
I could have told the researchers that. This is why I recommend SSDs for specific applications and magnetic drives for other uses. It’s also why, where high levels of security are required, I recommend magnetic drives with additional levels of security, such as a PIN/password entry system.