Windows 7 and SSDs, Part 3 (Security Best Practices)
Solid State Disks (SSDs) offer great performance enhancements, especially when you follow the guidelines in Part 1 and Part 2 of this series. From an information security point of view, however, these devices are nightmare in terms of data confidentiality.
Recent studies from the University of California in San Diego (UCSD) show securely wiping SSDs still result in 4% to 75% of data previously stored on the device being recoverable. You can read the results of the studies in the "Reliably Erasing Data From Flash-Based Solid State Drives" document.
Basically, every known method for securely erasing data on a traditional hard disk fails in achieving the same result on a flash-based Solid State Disk. These methods include:
- Overwriting data a certain amount of times with all 0s or all 1s
- Overwriting data a certain amount of times with a specific pattern of 0s and 1s
- Degaussing the whole device
Also, securely erasing removable flash drives is an even greater challenge, according to the researchers of UCSD.
For organizations with secure data management, requiring confidential data to be removed from drives, before they leave the organization, implementing SSDs results in a serious headache at the end of the lifecycle of these devices.
Do I need data security?
As an Active Directory administrator, I would feel the information on any domain-joined computer to be confidential, because the data can be used in numerous ways. Gaining access to Outlook Web Access or DirectAccess, or rejoining a computer presumed dead to the domain, poses serious challenges. Detection is only the first problem.
As a home enthusiast (quite an understatement) I’m also not very keen on giving someone else my data (when I sell my laptop or SSD) while I thought I had erased it securely. Also, with a reputation as IT Pro, I wouldn’t want anyone receiving one of my handed-down drives to be able to trace it back to me.
Best Practice: Use BitLocker Drive Encryption
The reason no tool exists today to securely erase data, is because on a SSD, in order to be addressed as an ATA device with plain file systems, data isn’t altered on the spot ("overwritten") but actually written to a new block. The "old data" is retained and lingers on, until the space is reused. Thus, the trick is to store the data in a secure way from the start. That way, out-of-date blocks don’t contain lingering insecure data.
Some Solid State Disks offer a built-in solution to the problem: These drives store the data encrypted natively. However, the data is offered unencrypted to the system through the integrated electronics and firmware. This offers little protection.
BitLocker Drive Encryption is a perfect way to store data in a secure way. Since the encryption is tied to the Operating System on the drive (it needs to be running to have access to the unencrypted data) and to either a Trusted Platform Module (TPM) chip with or without a PIN, or a startup key, this not only offers security for data in rest, but also a method to quickly revoke unencrypted access to the data.
With its master key functionality, recovery information storage in Active Directory and Group Policies to enforce settings in a granular way, BitLocker Drive Encryption has a couple of tricks up its sleeve in contrast to other encryption methods.
Optionally: Use BitLocker-to-Go
Since removable flash media also don’t fit the normal procedures of secure data management at the end of their lifecycles, you might want to consider encrypting the contents of these devices.
BitLocker-to-Go has the same tricks up its sleeve as BitLocker Drive Encryption, but does not rely on the availability of a TPM chip. Also, BitLocker Drive Encryption is not required to be able to use BitLocker-to-Go.
One caveat, however, is that removable drives configured with BitLocker-to-Go cannot be used as Startup Keys for BitLocker Drive Encryption. Once you insert a removable flash drive in a Windows installation with BitLocker-to-Go enforcements and encrypt it, it can’t be accessed by the Windows boot runtime anymore. Separating flash media can also be tricky, since I guess you don’t want users to run around with laptops and USB drives, labeled "BitLocker Startup Key" in the same bag…
Using Solid State Disks (SSDs) offers great performance boosts, but also requires new procedures for secure data management. We can no longer rely on the old ways to securely erase data at the end of the lifecycle of our disks and need to think ahead. By encrypting the drive with well-manageable encryption software, assures data confidentiality now and in the future.
Flash-based solid-state drives nearly impossible to erase
SSD Security: Erase Solid State Drives Data
Delete Data On SSD Permanently
Leave No Trace: How to Completely Erase Your Hard Drives, SSDs and Thumb Drives
How to securely delete files stored on a SSD
How to configure BitLocker in a MDT 2010 deployment
Windows BitLocker Drive Encryption Step-by-Step Guide