The SSD Revolution and Its Impact on Data Destruction
The shift from traditional hard disk drives (HDDs) to solid-state drives (SSDs) has been one of the most significant changes in IT hardware over the past decade. SSDs now dominate in laptops, are increasingly standard in desktops, and are taking over from mechanical drives in enterprise storage and server environments. This transition has brought enormous performance benefits, but it has also fundamentally changed the data destruction landscape in ways that many organisations have not yet adapted to.
The data destruction methods that worked reliably for magnetic hard drives do not all work for SSDs. Organisations that continue to apply HDD-era destruction practices to SSD-based equipment may be leaving data recoverable without realising it. Understanding the differences between SSD and HDD data destruction is now essential for any business that takes data security seriously.
How SSDs Store Data Differently
Traditional hard drives store data on spinning magnetic platters. Data is written to specific physical locations on the platter, and overwriting those locations with new data reliably destroys the original information. This is why multi-pass overwrite methods developed for HDDs are effective: they physically replace the magnetic patterns on the platter surface.
SSDs store data in flash memory cells using electrical charges. The SSD controller manages how data is distributed across these cells through a process called wear levelling, which spreads write operations across the drive to extend its lifespan. The controller also maintains spare capacity (over-provisioning) and may relocate data between cells transparently.
This architecture means that when you write data to an SSD, the controller decides where it actually goes. When you overwrite that data, the controller may write the new data to completely different cells while the original cells retain their data until they are eventually reused. Software-based overwrite tools that target specific storage locations cannot guarantee that they are overwriting the actual cells where data resides.
Why Traditional Overwrite Methods Fall Short
Multi-pass overwrite methods like DoD 5220.22-M, Gutmann, and similar standards were designed for magnetic media. They work by repeatedly overwriting every addressable sector on the drive. On an HDD, this effectively destroys all data because the addressable sectors correspond directly to physical locations on the platter.
On an SSD, the addressable storage space that the operating system can see is only a portion of the drive’s total capacity. Over-provisioned cells, worn-out cells that have been retired by the controller, and cells containing data that the wear-levelling algorithm has relocated are all invisible to the operating system and therefore invisible to software-based overwrite tools.
This does not mean that software-based sanitisation is impossible for SSDs, but it does mean that the approach must be different. The NIST 800-88 guidelines recognise this distinction and provide specific recommendations for flash-based storage that differ from the recommendations for magnetic media.
Effective SSD Data Destruction Methods
Cryptographic erasure is the most efficient method for SSDs that support hardware encryption. Self-encrypting drives (SEDs) encrypt all data as it is written to the flash cells. When the encryption key is destroyed, the data on the drive becomes unreadable. This process takes seconds, reaches all cells regardless of wear levelling, and is the recommended approach under NIST 800-88 for encryption-capable SSDs.
The ATA Secure Erase command, built into the SSD’s firmware, instructs the drive’s controller to reset all cells to their factory state. Because this command operates at the firmware level rather than through the operating system, it can access all cells including those in over-provisioned and wear-levelled areas. However, the reliability of Secure Erase depends on the drive manufacturer’s implementation, and some implementations have been found to be incomplete.
The NVMe Sanitize command, available on NVMe SSDs, provides a more standardised and reliable firmware-level sanitisation than ATA Secure Erase. The Sanitize command offers both cryptographic erase and block erase options, and its completion is verifiable through the drive’s status reporting.
Physical destruction remains the highest-assurance method for SSD data destruction. Shredding SSDs into small particles destroys the flash memory chips beyond any possibility of data recovery. For organisations handling the most sensitive data, physical destruction eliminates any uncertainty about whether firmware-level commands were completely effective.
Degaussing, which is effective for magnetic hard drives, has absolutely no effect on SSDs. Flash memory does not use magnetic storage, so exposing an SSD to a magnetic field leaves the data completely intact. Organisations that have relied on degaussing for HDD destruction must use different methods for SSDs.
Implications for Organisational Data Destruction Practices
Organisations need to update their IT asset disposal policies to account for SSD-specific requirements. Policies written when HDDs were the standard may specify destruction methods that are not effective for SSDs. At minimum, the policy should distinguish between magnetic and solid-state media and specify appropriate methods for each.
ITAD providers should be evaluated on their SSD destruction capabilities. Ask prospective providers what methods they use for SSD sanitisation, whether they verify the effectiveness of firmware-level commands, and whether they offer physical destruction for SSDs. A provider who applies the same overwrite process to both HDDs and SSDs may not be providing adequate protection for SSD data.
Procurement decisions can also improve disposal outcomes. Specifying self-encrypting drives in new equipment purchases enables efficient cryptographic erasure at end of life. The marginal additional cost of SEDs is easily justified by the simplified and more reliable destruction process they enable.
The Future of Flash Storage and Data Destruction
As storage technology continues to evolve, with advances in 3D NAND, QLC flash, and emerging technologies like storage-class memory, the data destruction landscape will continue to change. Organisations that stay current with destruction methods, maintain relationships with knowledgeable ITAD providers, and regularly review their disposal policies will be best positioned to handle whatever storage technology comes next. The era of one-size-fits-all data destruction is over. Understanding your storage media is now a prerequisite for protecting your data at end of life.