Comparing Software Overwriting to Hardware Devices for HDD Data Purging

There are three major attributes that separate software overwriting (clearing) HDD data sanitization methods from Secure Erase enabled hardware devices. Getting each of these factors right is essential in developing an effective end of life protocol:

The first, and most important, is Security Compliance:
NIST Guidelines for Media Sanitization serve as the benchmark for hard drive sanitization methodologies in the United States. Although we still come across the term DoD 5220 fairly often, it is important to understand it is a document that is regularly abused by software companies.

Despite the chatter, DoD 5220 has not recommended overwriting, or any other hard drive sanitization methodology since the 1994 revision. No version of DoD 5220 since that year makes any mention of hard drive erasure methodologies. The only national guideline is NIST SP 800-88. This document clearly rates Secure Erase in a higher category than overwriting utilities (a “purge” of all data, versus a “clear”). Furthermore, specific devices such as CPR Tools’ Hammer offers a G-List remapped sector data destruction utility called gRase. gRase accesses and erases data in “bad sectors” that most software tools (and many hardware tools) leave behind.

Within this category, the most powerful emerging concerns are certification and defensible audit trails. In the event of litigation, it is essential to ensure that a tamper-resistant log (with checksum to demonstrate any changes to the drive after erasure) is presented to verify that hard drive are sanitized in accordance with current guidelines. For software solutions in general, there is no automated logging capability that tracks which procedures are executed on what drives, who is executing them, and when they are being executed.

The next major factor is efficiency of Execution:
When you consider the basics, it should be obvious that firmware based solutions are inherently more effective precisely because they are executed from the firmware of the drive. Interface, OS, and BIOS barriers are all removed from the process.

Software overwriting tools are designed to write random bits of data to all user accessible sectors of a drive. The software is then loaded onto a machine or server, from which they execute the overwrite procedure. Most of these overwriting tools execute multiple passes. Outdated versions of DoD 5220-22.M recommended triple overwrite, or three consecutive passes, to effectively render hard drive data unrecoverable. But it is now understood, and has been for some time, that multiple passes do not offer added any significant assurance of security. A single pass is adequate for clearing media, but no number of passes will achieve purge.

Many software applications give the user the ability to overwrite a particular partition, or section of a drive, and ignore others, effectively allowing the user to accidentally or on purpose overwrite less than the entire drive. For example, it is very easy to ask such applications to overwrite the “C drive” but not the “D drive”, when, if fact, both partitions exist physically  on the same hard disk drive, and both contain sensitive information. User error is common when using software solutions, and it is a risk. On the other hand, high end hardware devices are directly connected, and erase everything on any disk to which they are connected.

Furthermore, firmware executed procedures are impossible to interrupt externally. These, among other factors, are the reasons purging is ultimately recommended above clearing in NIST SP 800-88.

The final major factor is Speed:
Because Secure Erase is executed from the firmware, it is not limited by processor or BUS speeds, or by the drive interface. It can execute a full secure erase on a drive in 1/18th the time it takes to perform a less effective 7 pass overwrite using software. Similarly, a triple overwrite procedure using software will take up to 8 times as long to perform as a more effective Secure Erase process, sometimes longer. In fact, when compared to even a single pass overwrite, it is still often more than twice as fast.

Furthermore, software solutions disable the workstation during the entire procedure, severely hindering productivity.

Related to the speed issue is the surprising amount of electrical energy required to clear a hard drive using a software product. From a green perspective, the hardware devices are clear winners.

But that’s the subject of a different post.