At the 2022 SNIA Storage Developers Conference there was a lot of side discussion on a new IEEE standard, 2883, on methods of sanitizing logical storage and physical storage, as well as providing technology-specific requirements and guidance for the elimination of recorded data. This is an effort to update data sanitization standards, formally developed by NIST (NIST SP800-88R1).
The elimination of recorded data is an important consideration in retiring or reusing storage devices and systems and deserves some attention. Greater reuse of older storage devices can extend their life, avoid destruction of storage devices, allow recovery of valuable components and thus reduce demand for the resources needed to make new storage devices, leading to a more circular economy. Much of the content from this article is adopted from an OCP white paper on Data Sanitization from July 2022 and from the IEEE 2883 standard.
Companies storing data in the cloud must ensure that their customer’s data is secure. It is common for these companies to physically destroy data-bearing devices such as hard disk drives and solid-state drives, despite the use of advanced encryption and security features on these devices that can ensure near zero risk of data leaks. This physical destruction includes punching and shredding these devices. Such physical destruction makes it economically infeasible to recover sub-components, such as rare-earth magnets from HDDs.
Longer use of storage devices and more recovery of valuable components at end of life can lead to lower carbon emissions. An ideal circular economy employs reuse, sharing, repair, refurbishment, remanufacturing and recycling to create a closed-loop system that minimizes the use of new materials and reduces the creation of waste, pollution and carbon emissions. Media sanitization on storage devices can securely prevent access to data and avoid physical destruction. Sanitization has a specific meaning. It is a process or method to render access to target data on storage media infeasible for a given level of effort.
The IEEE P2883 standard for Sanitizing Storage details sanitization methods and techniques for various storage media (HDD, SSD, optical, removable, etc). It specifies interface-specific techniques (SATA, SAS, NVMe). It aligns the industry on terminology and modern techniques for media sanitization and it targets all logical and physical locations for data including user data, old data, metadata, overprovisioning, etc. The three basic sanitization methods are illustrated below.
Different types of data sanitization
Clear uses logical techniques on user data on all addressable storage locations for protection against simple non-invasive data recovery techniques using the same host interface available to the user. Destruction basically turns the storage device into slag. Purge is the most interesting approach for re-use of storage devices. There are three purge methods, which can be used together to decrease the probability of recovering any data, although any one method is sufficient to present data recovery using state of the art laboratory data recovery techniques.
1) Sanitize Purge Cryptographic erase (CE) will change the media encryption key on a device, typically today using AES256, which is not only a secure way to sanitize a device but also happens in seconds
2) Sanitize Purge Overwrite securely overwrites the storage media with various patterns that can be verified later. Overwrite can be used with hard drives that donʼt support CE
3) Sanitize Purge Block Erase can zero out the erase blocks on NAND based SSDs, and can be used in conjunction with CE
Note that for an HDD the Sanitize Purge Overwrite takes about one hour per terabyte to complete on a modern HDD. This leaves the HDD with no recoverable user data.
The IEEE 2883 standard on sanitizing data spells out methods for securely eliminating data from storage devices, preventing unauthorized data access. Use of this standard enables reuse and recycling of various digital storage devices and can contribute to a circular economy in digital storage devices and systems and less carbon emissions.