Sanitizing the Micron® 1100 SSD, now validated by KrollOntrack
A couple years ago, we achieved a third-party validation for the sanitize process on our M600 Client SATA SSD. Now, we have repeated this validation with our latest Client SATA SSD, the 1100, our most advanced 3D NAND-based client SSD. We contracted with the experts at KrollOntrack to validate that when you use the Sanitize Drive function in our Storage Executive software, you will successfully eliminate all of the user and system data on your SSD.
This may seem like a bit of trivia, but for applications where the stored data carries significant value and must be protected because the data is proprietary, private, or is literally Top Secret, this sanitization process can be critically important. And, unfortunately, the process of sanitizing SSDs carries some historical baggage, which is worth re-visiting.
In 2011, researchers at the University of California, San Diego (UCSD) released a study which reported that many solid state, NAND FLASH devices failed to completely erase the media when “secure erase” commands were executed. That some products existed at the time which actually did fail this operation is beyond doubt, but we know that Micron SSDs were not among them. That said, to my opinion, the true takeaway from the study is that data sanitization methods which were tried-and-true with HDDs were often very ineffective with SSDs.
Data Sanitization, the old-fashioned way
Micron knew this fact when our first SSDs were only in the concept phase. Although SSDs were designed as drop-in replacements for HDDs, behind the interface the technology is very different, and proper erase methods are completely different. For an HDD, overwriting the data with an all-0 pattern is a perfectly legitimate method, but it is not an effective method for an SSD. For a NAND FLASH-based SSD, the proper way to eliminate data from the media is to execute a BLOCK ERASE on each element in the NAND FLASH array on the device.
This is not an overwrite. It is a true erase of the media. Each targeted storage element is raised to an erase voltage (significantly higher than the standard program voltage), then that signal is dropped to ground, leaving no trace of the previous signal. After this, the storage element is now in a state where it is ready to be programmed with new data from the host computer. In fact, once complete, the drive as a unit is now in a performance state that we know as “Fresh-out-of-Box,” or FOB. Physically, each cell would be read back as a 1, however, as a practical matter, the drive sees “empty” cells, and interprets these cells as logical 0, meeting the requirement of SECURITY ERASE UNIT. That is, the entire user space is filled with 0s.
We should note that the SECURITY ERASE behavior is exactly the same as what we do when the host computer sends the drive the SANITIZE BLOCK ERASE command. Sanitize Block Erase was implemented in newer versions of the ATA Command Set (ACS) to explicitly describe a command for data sanitization for any storage device which stores data in block fashion, like NAND FLASH. Under the new specification, HDDs have a separate command called SANITIZE OVERWRITE ERASE. Thus, it is explicit that the erase methods for HDDs and SSDs are different.
This equivalency between the operation of SECURITY ERASE UNIT and SANITIZE BLOCK ERASE may not be universal among all SSD manufacturers. There is no specification mandating that they be the same. While we believe this is the best implementation, it is not the only one allowed under the spec.
The beauty of doing this operation in a solid state drive is the sheer speed of it. We do not need to erase in a serial, bit-by-bit manner like an HDD. We can execute the BLOCK ERASE on many, many blocks simultaneously, which allows us to “sanitize” a 1TB drive in a minute or so. Other SSD capacities will scale up or down from there.
And, oh by the way, you get to re-use your drive! No more grinders or incinerators. No more folding, spindling or mutilating. Re-deploy your device, or even donate it to a local grade school without worrying about a costly data breach!
Data sanitization is a very important concept in modern information technology, where security of stored data is paramount. SSDs from Micron can help make this process fast and easy. Looking for more information about Micron SSD security? Visit our Storage Data Security page.