While we are focusing on Solid-State Drives (SSDs) for this post, it goes without saying that encryption is a must for any client that has sensitive data being stored on their laptop hard disk.
With a spindle based hard disk we can slave the drive to our Data Mule system here in the shop and run a utility that does a DoD 7 Pass wipe on the drive and be reasonably confident that the data has indeed been wiped beyond what any normal recovery efforts may access.
The freeware product’s Web site can be found here:
There is a really good discussion on the product’s forums about how to “erase” flash based devices.
Erasing SSD Data
An article brought to our attention by a client of ours has a data security question mark when it comes to removing or erasing data on flash based devices.
The above article links through to the following study:
About page three of the study we see that the researchers created a device that allowed them to gain full access to the actual flash chips within the flash based device:
The Ming the Merciless device helped them to discover data remnants stored in areas of the flash device that may have been accessible at one point due to the way the flash device’s wear-level software (Flash Translation Layer or FTL in the study) works.
If we are reading the study right, then the only way to truly protect any data stored on a system based SSD, external SSD, or other flash device is to have that device fully encrypted.
In our case that would mean that all laptops would need to be encrypted using BitLocker and all external devices would be encrypted using BitLocker To Go.
When it comes time to retire the device, it will get totally destroyed by whatever method comes in handy. In our case a drill would be the method of choice.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book