How to securely erase an SSD and deliver sustainable embedded cybersecurity

20 September 2021

SSDs are increasingly popular as a method for storing data, but they also open up the risk of cyberattacks. Secure erasing them is ideal for optimising PC performance, but also necessary for critical applications in case of attacks or data breaches. Thanks to an innovation from Flexxon, not only this security problem, but also multiple other issues created by using an embedded SSD can be eliminated, explains Michael Barret of Nexus industrial Memory.

In 2010, the Brighton and Sussex University Hospitals NHS Trust was fined a record £260,000 after computer hard drives containing patients’ confidential information were stolen. Similar events abound in the media, pointing to the importance of securely erasing SSDs to avoid data breaches and leaking of sensitive information. An SSD is a valuable addition to any business or personal computer, but traditional methods of wiping data can damage it in the process.

SSDs incorporate a function known as data levelling, aimed at distributing data evenly among the SSD’s blocks to ensure even wear. This means that data is stored in a location known only to the SSD. However, remember that SSDs can only be written to
a limited number of times, and each writing process causes it to gradually wear. Because of data levelling, traditional secure erase tools perform an unnecessary number of re-writes, causing significant wear.

Do you need to secure erase your SSD?
When you overload your SSD, the performance starts to decline and the computer runs slower. If your goal is to improve that performance, there is no need to completely erase your SSD, you could simply format it. This will make space for new data to be overwritten on the old one and reset your computer to factory settings. With the right precautions and backups, formatting is beneficial for some users as a way to increase computer efficiency.
Nevertheless, if you want to sell or recycle your computer and get rid of all your data, formatting is not enough. In highly sensitive environments like healthcare, military or banking, simply formatting can lead to data breaches, just like in the example above. This is because old data is still present and can be easily retrieved with the right tools.
To ensure your data is completely gone, you need to secure erase your SSD. While this can be done in a variety of ways, traditional third-party services for secure erase come with a series of pain points.

Software-based solutions for data wiping
One way to secure erase an SSD is by using software provided either by the SSD manufacturer or by a third party. Most manufacturers offer programmes that cover deletion, usually directly available on the computer. They work by writing a binary one
or zero to the sectors on the storage device, ensuring that data is permanently deleted. For example, HP Secure Erase comes directly installed in the BIOS of the computer.
However, for users who use multiple brands of SSD, the best choice is to go for a third-party alternative. One option is the EaseUS Partition Master, which erases data by writing random numbers, instead of binary zero or one. Users only need to select the data they want to erase and initiate the “Wipe Data” feature. Another popular solution is Parted Magic, a Linux-based bootable disk that must be purchased separately.

Nevertheless, for all software-based tools, an important thing to consider is that an out-of-date version of the software is likely to cause damage to the SSD. Another issue to take into account is the speed of deletion. For large datasets, the software can run for several days to wipe the entire SSD, making it an unsuitable option for situations where speed is of the essence, such as in the military sector, where classified data might have to be promptly wiped in case of an imminent attack.

Lastly, although some features are free with most third-party software, additional cost is added for more complex operations, like storage optimisation after deletion or increased security.

Flexxon’s solution – NAND Flash Storage with integrated secure erase
While these solutions may be enough for some users, when it comes to sensitive environments, where confidentiality and data integrity are crucial, relying on external
services might be risky. In these cases, it’s best to opt for an SSD with an integrated data wipe function, ideally one that works in nanoseconds to permanently delete data.
The X-PHY® cybersecure SSD from Flexxon represents the ideal solution. It is the world’s first NAND flash storage solution with integrated, AI-based firmware and hardware security, and has a built-in secure erase function that ensures that data is completely removed and cannot be recovered, protecting companies against the danger of data leakage and theft. This function, which is unique to Flexxon’s products, is ideally suited to safety-critical environments — such as military applications — where a quick and effective data wipe might become necessary.

The data purge function is selectable on the drive’s set up and can be selected or unselected at any time by the user on the control software. Users can choose the rapid purge, which includes encryption key purge or data purge. For the first option, the key is erased, meaning that data can no longer be accessed but remains on the drive. If the data is physically purged, it cannot be retrieved ever again.

If both these functions are enabled on the user’s control software and the device experiences disconnection, the data encryption/decryption key will be erased in nanoseconds and when powering on again, all data will be purged. This makes the X-PHY® ideal for military operations and other safety-critical industries, where rapid erasure in case of an unexpected attack is vital.

Unlike other SSDs, which rely on software defence and hardware encryption, effective only when data is at rest, the X-PHY® offers AI in low-level programming, real-time security monitoring, physical protection and a firmware digital signature to check the authenticity and integrity of stored data. This blocks unauthorised attempts to erase data or access it in any way by locking down the device, which will only be unlocked by an authorised user with a dynamic 2-factor identification.

Protecting sensitive data is crucial for all users, particularly when confidential or classified information is concerned. Data deletion tools need to keep up with technological advancements to ensure information is completely erased in a safe way while protecting the SSDs. Flexxon’s X-PHY® combines the latest achievements in AI programming with high level security features, making it ideal for all kind of applications and critical environments.

