"Just using software that was designed for hard disk drives to overwrite data is not a viable data-destruction solution for flash-enabled storage," says Barry. Any secure erase that meets government disk-sanitization requirements must be executed at the controller level.
For government users, disk sanitization is about policy as much as it is about technology. While some government standards call for six passes, SSDs really only require two, says Marius Tudor, director of business development at BitMicro. Other vendors say one is sufficient. No matter: Government standards for SSDs are still based on what it takes to sanitize a hard disk drive, so four or five extra passes may be required just to satisfy the specification, Tudor says.
While "fast erase" features are available today for military use, SSD manufacturers hope that the technologies will catch on for business applications such as back-end SSD storage and executive laptops. For example, computers containing sensitive data need to be scrubbed before they can be disposed of or taken out of service for maintenance. "With SSD, you can do that very quickly with little power," says Patrick Wilkison, vice president of marketing and business development at STEC Inc.
While SSDs can typically be erased more quickly than magnetic media can be, the devices designed to meet government standards have been optimized to further speed up erasure. "We've created internal circuitry so that the host can send one command -- either in software or a push button -- and the drive will erase multiple chips in parallel," says Drossel. For example, it takes about 15 seconds to clear all of the chips on a 16GB SSD, he says.
Vendors have also created other schemes to meet government security requirements. BitMicro Networks Inc. offers a removable SSD with backup power that allows it to be erased up to six hours after removal from the host system.
Magic Bullet for Laptop Security?
Could so-called fast-erase technology someday appear in notebooks? Intel's Anti-Theft PC Protection already provides hardware-level protection that disables a computer when certain conditions are met, such as after a series of failed password attempts. By combining that with a third-party service such as Absolute Software Corp.'s CompuTrace, some Lenovo laptops can be reported as stolen and then remotely disabled the next time the computer connects to the Internet. So why not allow secure erasure as well by adding rapid-erase or data hardware-destruct features used in SSDs built for secure government applications? "If your laptop went missing, you could take it to any Internet hot spot to report it, and it would disable that at the first point when it was connected to the Internet," says Jim Handy, an analyst at semiconductor market research firm Objective Analysis. But that's unlikely to appear in commercial applications, according to Intel. A spokesperson says vendors would probably add full disk encryption to protect the drive itself, since that renders the data inaccessible, even if the SSD is moved to another computer.