SevOne Data Destruction Process
About
SevOne does not provide utilities or software to ensure secure folder / file deletion or data wipe. SevOne relies on the industry's best practices and storage providers to support this.
This document provides some examples of storage provider, Dell. It also provides information on the sanitization approved by the United States Department of Defense (DOD) and the National Security Agency (NSA).
Data Removal Processes for a Solid State Hard Drive
Here are the standard industry methods to sanitize / remove data from Solid State Hard Drives (SSDs).
Disk sanitization refers to the process of eliminating all data that exists on the storage device. After removal, it is impossible to retrieve / recover the data eliminated.
There are currently three conventional methods to sanitize the SSDs.
- ATA Secure Erase
- Cryptographic Erase
- Media Destruction
ATA Secure Erase for Solid State Hard Drives
ATA Secure Erase is a common method of sanitization for non-encrypted SSDs. It is designed to put the drive in a raw state by overwriting each bit of data as a zero. The command set exists within the SSD firmware; the management of the process is conducted by the software that operates within a bootable environment on a USB key.
Dell does not recommend any software capable of utilizing this process. However, you may refer to Data Erasure in the References section below for useful details.
Cryptographic Erase on a Self-Encrypting Drive
On a self-encrypting hard drive (SED), the encryption key is stored within a small storage area on the drive. The SED internal hardware passively encrypts and decrypts the incoming and outgoing data respectively. Access to the drive occurs through either software pre-boot authentication or a BIOS password.
Encryption management software allows a system administrator to delete and regenerate the encryption key residing in the SED, which leaves the previously written data indecipherable and therefore, securely unrecoverable. As with ATA Secure Erase, the drive is left in a raw state, and a new key is generated within the drive.
Media Destruction using a Furnace or Shredder to Destroy the Drive
Products are available that destroy the SSD media through smelting or shredding. This is the only method of SSD sanitization approved by the United States Department of Defense (DOD) and the National Security Agency (NSA). The DOD / NSA standard for smelting SSDs requires a licensed furnace rated at 1600°C. The DOD / NSA standard for shredding the SSD media requires the fragments to be reduced to less than 2mm in edge length using a NSA / CSS evaluated shredder. For additional details regarding DOD / NSA compliant sanitization for the SSDs, please refer to Media Destruction Guidance in the References section below.
Reset iDRAC
Resetting iDRAC, stores IP addresses. The iDRAC settings can be reset to factory default using the BIOS utility. Execute the following steps.
- SSH to the iDRAC
- Run racadm
For details, please refer to Reset iDRAC in the References section below.
References
Document | URL |
---|---|
Data Erasure | https://en.wikipedia.org/wiki/Data_erasure |
Data Removal Processes for a Solid State Hard Drive | https://www.dell.com/support/article/en-us/sln285340/data-removal-processes-for-a-solid-state-hard-drive?lang=en |
Dell Data Wipe | https://www.dell.com/support/article/en-us/sln312291/dell-data-wipe?lang=en |
Media Destruction Guidance | https://www.nsa.gov/Resources/Media-Destruction-Guidance/ |
Reset iDRAC | https://www.dell.com/support/article/en-us/sln305793/how-to-reset-the-internal-dell-remote-access-controller-idrac-on-a-poweredge-server?lang=en |