Two Technologies, Two Destruction Strategies
The IT equipment in any organisation likely contains a mix of magnetic and solid-state storage media. Traditional hard disk drives (HDDs) use magnetic storage, while SSDs, NVMe drives, USB flash drives, and SD cards use solid-state flash memory. These two technologies store data in fundamentally different ways, and those differences directly affect how data must be destroyed.
Applying magnetic-era destruction methods to solid-state media, or vice versa, can result in incomplete sanitisation. Understanding the specific requirements of each technology type is essential for effective data destruction.
How Magnetic Media Stores Data
Magnetic hard drives store data by magnetising tiny regions on spinning platters coated with a magnetic material. A read/write head moves across the platter surface, orienting magnetic domains in specific directions to represent binary data. The relationship between logical addresses (what the operating system sees) and physical locations on the platter is relatively straightforward and predictable.
Magnetic tape, the other common magnetic medium, works on a similar principle but stores data in a linear fashion on a moving tape ribbon. The magnetic domains on the tape surface are oriented to represent data, and the tape head reads and writes data as the tape passes over it.
How Solid-State Media Stores Data
Solid-state storage uses NAND flash memory cells that store data as electrical charges trapped in floating gate transistors. There are no moving parts, and the relationship between logical addresses and physical storage locations is managed by a controller through a flash translation layer (FTL). This controller constantly moves data between physical locations for wear levelling and performance optimisation, creating a disconnect between what the host system sees and where data physically resides.
Destruction Methods for Magnetic Media
Overwriting: For magnetic HDDs, overwriting all user-addressable sectors with new data is an effective and well-validated sanitisation method. A single verified pass is sufficient for modern drives, as confirmed by NIST 800-88 Clear-level guidance. The direct relationship between logical addresses and physical locations means that overwriting the logical space reliably covers the physical media.
Degaussing: Exposing magnetic media to a powerful magnetic field randomises the magnetic domains, effectively destroying all data. Degaussing works on both HDDs and magnetic tape, provided the degausser is rated for the coercivity of the specific media. Degaussed drives are permanently non-functional because the servo tracks required for operation are also destroyed.
Physical destruction: Shredding, crushing, or disintegrating the platters or tape ensures that data cannot be recovered. For magnetic media, physical destruction is straightforward and provides definitive results. Shredding to particles of 4mm or smaller is generally considered sufficient for most commercial data.
Destruction Methods for Solid-State Media
Firmware-level sanitisation: Because of the FTL, wear levelling, and over-provisioning, effective SSD sanitisation requires firmware-level commands that instruct the drive’s own controller to erase all cells. ATA Secure Erase for SATA SSDs and NVMe Sanitize for NVMe drives address areas that host-level overwrites cannot reach. This is the recommended software-based approach for solid-state media.
Cryptographic erasure: For self-encrypting drives (SEDs), destroying the media encryption key renders all data on the drive cryptographically inaccessible. This method is fast and effective, but depends on the quality of the encryption implementation.
Overwriting limitations: Traditional multi-pass overwriting is not reliable for solid-state media. The FTL may redirect writes away from cells containing original data, leaving data remnants in wear-levelled cells, over-provisioned space, and retired bad blocks. Overwriting is not recommended as a standalone method for SSD sanitisation.
Degaussing is ineffective: Solid-state storage does not use magnetic properties to store data. A degausser has no effect on NAND flash memory, regardless of the magnetic field strength. Applying degaussing to an SSD provides zero data destruction and could create a false sense of security.
Physical destruction: Shredding SSDs requires attention to particle size. Unlike HDDs where destroying the platters is the primary goal, SSD data resides in individual NAND flash chips that are relatively small. Shredding must reduce the chips to fragments small enough that individual die cannot be removed and read. A target particle size of 2mm or smaller is recommended for high-security applications.
Side-by-Side Comparison
Overwriting: Effective for magnetic media at Clear level. Not reliable as a standalone method for solid-state media due to FTL behaviour.
Degaussing: Highly effective for magnetic media. Completely ineffective for solid-state media.
Firmware sanitise commands: Not applicable to magnetic HDDs (which use different command sets). Essential for solid-state media sanitisation at Purge level.
Cryptographic erasure: Available on some SEDs of both types. Most commonly used with solid-state SEDs.
Physical destruction: Effective for both types, but different particle size considerations apply. Magnetic platters can be destroyed to larger particles; solid-state chips require finer destruction for equivalent assurance.
Managing Mixed Media Environments
Most organisations have a mix of magnetic and solid-state media across their IT fleet. Older servers and workstations may use HDDs, while newer equipment uses SSDs or NVMe drives. Some systems contain both, with SSDs for the operating system and HDDs for data storage.
Your IT asset disposal policy should clearly differentiate between the sanitisation procedures for each media type. IT staff and disposal operators need to be trained to identify the media type before selecting a destruction method. Using the wrong method for the media type is one of the most common and preventable failures in data destruction.
The coexistence of magnetic and solid-state media in IT environments will continue for years to come. Building media-type awareness into your data destruction processes is a simple but critical step for ensuring comprehensive sanitisation.