When shopping for storage for your desktop, laptop or server, one of the choices you’ll have to make is between a hard disk drive and a solid-state drive. Regardless of brand and model, all solid-state (i.e. flash-based) drives offer a few key advantages and disadvantages over hard disk drives. Overall, solid-state drives are considered more reliable in terms of mechanical failure. They also consume less power and are quieter. The main disadvantage of a solid-state hard drive is cost. On a gigabytes per dollar basis, solid-state drives are exponentially more expensive than hard disk drives. But there’s another drawback of SSDs that you may not have considered: security. Particularly, what happens to your sensitive data once the hard drive fails, the data is no longer needed or you decide to upgrade?

Recent studies conducted by faculty at the University of California at San Diego concluded that solid state drives are more difficult to securely erase than traditional hard disk drives. This is due to the some key differences between how the hardware reads/writes to the solid-state drive and how it’s handled by an HDD. For example, with a HDD, you can usually securely erase data by deleting it and then overwriting the disk completely. But due to issues with the Firmware Translation Layer—the component responsible for translating commands from the computer intended for a traditional HDD to commands that are relevant to a SSD—repeatedly overwriting a solid-state drive is more cumbersome and time consuming, such that it’s not a viable option for most organizations.

Another popular method for rendering hard disk drives unreadable is degaussing. Degaussing essentially demagnetizes a hard drive, erasing and/or scrambling the data beyond readability. Degaussing permanently eradicates the data on a hard disk drive and makes it unusable. When it comes to solid state drives, however, degaussing does not have the same effect. SSDs do not store data magnetically, thus degaussing does not erase it, nor does it make it irrecoverable.

It’s also difficult to securely delete a single file on a SSD. The researchers attempted single file sanitization on an unencrypted disk and found it to be “nearly impossible on SSDs.” Even the most effective file destruction software left behind up to 4 percent of the file’s contents.

The study concluded that the best way to address the security issues associated with SSDs is to purchase encrypted disks, or to use disk encryption software. When any disk is encrypted, any user or machine that attempts to read/write the data must have an encryption key. This is stored in a special Key Storage Area (KSA) on the SSD. In order to decommission the drive, you can simply wipe the encryption key from the Key Storage Area and then run additional erasure procedures to ensure that the key is non-recoverable.

Note that there are a few SSDs that feature “ERASE UNIT” commands. However, the researchers found that these were only successful on about half of the drives they tested. Disk encryption is your safest option.

For more information, you can read the entire paper here:

http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf