Summary:Exponential growth of data and rising cases of data breach incidents have necessitated organizations to not overlook data security concerns at the end-of-life of IT assets. Businesses need to realign their approach to how they deal with end-of-life equipment. The safest way to deal with devices at their disposal stage is to ensure they are permanently wiped and erased to ensure that data cannot be recovered even by laboratory techniques. Performing Data Erasure on storage devices that can be re-used is the most environment-friendly and cost-effective approach to data destruction. Data erasure generally involves overwriting the data stored in media with single or multiple overwriting cycles or Passes which may range from 1 pass (zeroes) to 35 passes (Peter Gutmann).
So, the question that arises is why we need multiple passes for data destruction.
Is performing more overwriting passes better than just performing lesser or even one?
Why do different global data erasure standards propose different overwriting passes?
Or which standard is suitable for a business or individual needing to perform permanent data erasure?
In this article, we will provide answers to all the above questions and help you understand the mechanism of overwriting using different passes for Hard Drives and SSDs.
How Many Passes Are Necessary For Permanently Wiping Hard Drives?
The answer to the number of passes to securely overwrite a hard drive permanently is not straightforward as it would involve several considerations including the technology, latest research findings, evolution of data erasure techniques, and recommended methods by governments and international agencies. Before we arrive at a conclusion, we would first need to understand the basics of hard drive erasure, the emergence of data erasure standards, and the evolution of faster and more complex flash-based storage media including the solid state drives.
Hard Disk Drives- Permanent Data Erasure
Deleting a file from your hard disk drive or formatting the entire hard drive does free up space on your hard disk but does not destroy the data making it easier to be recovered by freely available data recovery tools. Deleting simply removes the pointers to the file, making it invisible and allowing free space for further storage.
However, when a hard disk drive is overwritten with a stream of zeros, ones, or pseudo-random patterns on all sectors of a hard drive (all user-addressable locations including logical file storage locations), it leads to permanent erasure of data or media sanitization beyond any scope of recovery.
The Emergence of Data Erasure Standards - Specifying Differing Number of Passes
Data Erasure has been guided by various industry-specific and government-prescribed standards for data destruction, typically specifying the number of overwriting passes to be used for securely and permanently erase data. NISPOM (National Industrial Security Program) manual introduced in the year 1995 by the US Department of Defense specified DoD 3 Pass standard (DoD 5220.22-M) as a data erasure technique by overwriting all addressable locations with a character, its complement, and a pseudo-random character. However, in 2001, it was removed from the NISPOM manual and was not permitted for Top Secret Media.
Peter Gutmann, a computer scientist in the Department of Computer Science, University of Auckland, New Zealand, proposed a 35-pass erasure method to prevent data recovery using sophisticated tools such as magnetic force microscopes. However, the arrival of newer HDDs, that used PRML coding techniques instead of older MFM/RLL techniques used in early HDD, made Gutmann method obsolete. Gutmann’s contemporary, Bruce Schneier, a security expert, also proposed a 7 pass overwriting method to erase data. A German information security agency, BSI, in early 2000 devised a 7-pass method (VSITR) which became popular in Europe. Another standard published by Britain’s National Cyber Security Center, HMG Infosec Standard 5, proposed the Baseline method with 1 pass and the Enhanced method with three passes. Click here to learn more about 24 global data erasure standards.
NIST 800-88: Globally Adhered Media Sanitization Standard
NIST 800-88 with one write pass is the most preferred standard by the US federal government today. NIST (National Institute of Standards and Technology, U.S.) guidelines for media sanitization, first published in 2006 and revised in 2014, is now one of the most prevalent media sanitization guidelines in the world today. It specifies ‘Clear’ and ‘Purge’ as methods of media sanitization to attain data destruction through overwriting. The guidelines state that “for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media.” Also, the revised guidelines in 2014 stated that “For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” The NIST purge technique can also be executed with a single pass, although it also offers an inverted 3-pass method. NIST also recommends that hidden areas of the drive should also be addressed, before overwriting.
SSD Erasure- NIST Recommends 1 Pass with Specialized Commands
SSDs do not contain magnetic coatings. Instead, they rely on embedded processors & flash memory chips that retain data. Flash storage allows data to be written and erased from a given location for a fixed number of times (typically 10,000) in their lifecycle and this can exhaust the overall lifetime of SSD, making sanitization of SSDs complex. NIST recommends the erasure of SSDs with one overwriting pass combined with specialized commands. It proposes “Secure Erase, Block Erase, or Cryptographic Erasure” if supported by the SSD, as a standard erasure procedure.
Conclusion: Benefits of Single Overwriting Pass Outweighs the Multiple Passes
With the NIST guidelines of 2014, the fear of recovery after just one cycle of overwriting has been put to rest. NIST clearly states that one write pass is sufficient to erase data from drives beyond recovery. In recent years with innovations around the hard drive technology, such as the high data density on disk platters, makes data recovery impossible after a single overwriting pass followed by verification of the overwrite.
Overwriting by multiple passes can be considered, however, organizations will have to consider the time and cost involved in each processed IT asset being overwritten multiple times. Also, global government bodies (NIST 800-88, NCSC, BSI, etc.) and agencies advocate 1 write pass as the standard method for overwriting, but it is mandated to follow the overwriting process with actual verification of the overwrite, ensuring that every addressable storage locations have been overwritten.
NIST SP 800-88 guidelines, however, do not offer a one size fits all formula for erasing hard drives and it shall be an organizational prerogative to ensure which method is more suitable for them and how many overwriting passes are needed as per the security categorization and sensitivity of data to be erased. You can read more about the different erasure standards and learn how a offers a solution that can help you securely and permanently erase data on all storage drives including HDDs, SSDs across PC, Mac, and servers here.
