IEEE 2883 data sanitization standard is a path to storage reuse and recycling
At the SNIA 2022 Storage Developers Conference, there were many parallel discussions on a new IEEE standard, 2883, on methods for sanitizing logical storage and physical storage, as well as providing requirements and technology-specific guidance for disposal of recorded data. This is an effort to update the data sanitization standards, officially developed by NIST (NIST SP800-88R1).
Disposal of stored data is an important consideration when retiring or reusing storage devices and systems and deserves some attention. Greater reuse of old storage devices can extend their lifespan, prevent destruction of storage devices, allow recovery of valuable components, and thus reduce the demand for resources needed to manufacture new storage devices, leading to a more circular economy. Much of the content in this article is taken from an OCP data sanitization white paper from July 2022 and the IEEE 2883 standard.
Companies storing data in the cloud need to ensure that their customers’ data is secure. It is common for these companies to physically destroy devices containing data such as hard drives and solid-state drives, despite the use of advanced encryption and security features on these devices that can ensure near-zero risk of data leakage. This physical destruction includes the punching and shredding of these devices. Such physical destruction makes it economically impossible to recover sub-components, such as rare-earth magnets from hard drives.
Extended use of storage devices and increased recovery of valuable end-of-life components can lead to reduced carbon emissions. An ideal circular economy uses reuse, sharing, repair, refurbish, refurbish and recycle to create a closed-loop system that minimizes the use of new materials and reduces the creation of waste, pollution and carbon emissions. Disinfecting media on storage devices can securely prevent access to data and avoid physical destruction. Sanitation has a special meaning. It is a process or method for making access to target data on a storage medium impossible for a given level of effort.
The IEEE P2883 Standard for Storage Sanitization details sanitization methods and techniques for various storage media (HDD, SSD, optical, removable, etc.). It specifies interface-specific techniques (SATA, SAS, NVMe). It aligns the industry with modern media cleaning terminology and techniques and targets all logical and physical locations of data, including user data, old data, metadata, over-provisioning, and more. The three basic cleaning methods are shown below.
Clear uses logical techniques on user data on all addressable storage locations for protection against simple non-invasive data recovery techniques using the same host interface available to the user. Destruction basically turns the storage device into slag. Purging is the most attractive approach to reusing storage devices. There are three purge methods, which can be used together to reduce the likelihood of recovering data, although any one method is sufficient to demonstrate data recovery using state-of-the-art lab data recovery techniques .
These three methods are:
1) Sanitize Purge Cryptographic Erase (CE) will change the media encryption key on a device, typically today using AES256, which is not only a secure way to sanitize a device, but also happens in seconds
2) Sanitize Purge Overwrite Safely overwrites storage media with various patterns which can be checked later. Overwrite can be used with hard drives that do not support CE
3) Sanitize Purge Block Clear can zero erase blocks on NAND-based SSDs and can be used in conjunction with CE
Note that for a hard drive, the cleanup purge overwrite takes about an hour per terabyte to complete on a modern hard drive. This leaves the hard drive with no recoverable user data.
The IEEE 2883 data sanitization standard defines methods for securely erasing data from storage devices, thereby preventing unauthorized access to data. Use of this standard enables reuse and recycling of various digital storage devices and can contribute to a circular economy in digital storage devices and systems and lower carbon emissions.