SevOne Data Destruction Process

About

SevOne does not provide utilities or software to ensure secure folder / file deletion or data wipe. SevOne relies on the industry's best practices and storage providers to support this.

This document provides some examples of storage provider, Dell. It also provides information on the sanitization approved by the United States Department of Defense (DOD) and the National Security Agency (NSA).

Data Removal Processes for a Solid State Hard Drive

Here are the standard industry methods to sanitize / remove data from Solid State Hard Drives (SSDs).

Disk sanitization refers to the process of eliminating all data that exists on the storage device. After removal, it is impossible to retrieve / recover the data eliminated.

There are currently three conventional methods to sanitize the SSDs.

  1. ATA Secure Erase
  2. Cryptographic Erase
  3. Media Destruction
Important: These methods sanitize the entire physical disk (as customer data is stored on the physical disk only) and are not specific to sanitizing the files or folders.

ATA Secure Erase for Solid State Hard Drives

ATA Secure Erase is a common method of sanitization for non-encrypted SSDs. It is designed to put the drive in a raw state by overwriting each bit of data as a zero. The command set exists within the SSD firmware; the management of the process is conducted by the software that operates within a bootable environment on a USB key.

Dell does not recommend any software capable of utilizing this process. However, you may refer to Data Erasure in the References section below for useful details.

Cryptographic Erase on a Self-Encrypting Drive

On a self-encrypting hard drive (SED), the encryption key is stored within a small storage area on the drive. The SED internal hardware passively encrypts and decrypts the incoming and outgoing data respectively. Access to the drive occurs through either software pre-boot authentication or a BIOS password.

Encryption management software allows a system administrator to delete and regenerate the encryption key residing in the SED, which leaves the previously written data indecipherable and therefore, securely unrecoverable. As with ATA Secure Erase, the drive is left in a raw state, and a new key is generated within the drive.

Media Destruction using a Furnace or Shredder to Destroy the Drive

Products are available that destroy the SSD media through smelting or shredding. This is the only method of SSD sanitization approved by the United States Department of Defense (DOD) and the National Security Agency (NSA). The DOD / NSA standard for smelting SSDs requires a licensed furnace rated at 1600°C. The DOD / NSA standard for shredding the SSD media requires the fragments to be reduced to less than 2mm in edge length using a NSA / CSS evaluated shredder. For additional details regarding DOD / NSA compliant sanitization for the SSDs, please refer to Media Destruction Guidance in the References section below.

Important: The sanitization methods used for Spindle Hard Drives do not apply to SSDs.

Reset iDRAC

Resetting iDRAC, stores IP addresses. The iDRAC settings can be reset to factory default using the BIOS utility. Execute the following steps.

  • SSH to the iDRAC
  • Run racadm

For details, please refer to Reset iDRAC in the References section below.

References