The Special Security Considerations For Flash Storage
Join the DZone community and get the full member experience.Join For Free
Data is the lifeblood of many businesses. Gathering that data, interpreting and analyzing it, and storing it are all critical functions companies need to adopt in order to run at peak efficiency. But while data is certainly important, securing that data in all stages is essential. Of particular concern is securing data that is being stored, which can get to be a problem when solid state drives (SSD) or flash storage is involved. While it’s true that organizations have been practicing secure storage techniques for years, flash storage drives can present some unique challenges. Security should not be taken lightly, which is why companies should pay close attention to some of the special security considerations needed when dealing with flash storage.
Storage systems can be used for many different purposes within a business, but one of the main ways to protect the data on them is to simply erase it when it is no longer needed. This is easy enough when a company is erasing from hard disk drives (HDD), but flash storage has other attributes to consider. In fact, many of the same techniques used to erase HDD data aren’t as effective with SSD. So what is flash storage and how does it differ from HDD? Hard drives store data in an actual physical location on magnetic storage platters, so data that is overwritten in that location will mostly stay erased. SSD, on the other hand, stores data on flash arrays. The process of erasing data on flash is not so straightforward. In fact, many times when a solid state drive says data has been erased, that data is still on there in some form. Needless to say, if data is still on a flash storage system and that system is breached, data theft and leakage can result, often without the organization even knowing it happened. This makes fully erasing an SSD a priority for many businesses.
The challenges that stem from erasing flash storage devices usually take the form of two main problems. The first is what is referred to as bad-block marking. Flash storage doesn’t last forever, but sometimes parts of the memory areas wear out at different times. Blocks of memory that have worn out then can’t have anything written to them, which also includes performing the erasing function. Even though the erase feature can’t be completed and nothing can be written to those memory areas, data is still stored there. With the right equipment and determination, somebody could theoretically access these areas and steal the data contained within.
The other problem comes from something called over-provisioning. As mentioned above, flash storage eventually wears out over time, but over-provisioning can increase its life a little bit longer. This is done by taking part of the storage capacity and hiding it, allowing a distribution of the workload to spread out over a higher number of arrays. Even though these areas are effectively hidden from operating systems, data may still end up stored there. Since there’s no way to detect it, sensitive information may be stored in parts of the reserved cells without the organization’s knowledge, leaving them open to the risk of losing data to those with the technology to read it.
Even though these problems may seem daunting to solve, the right equipment and expertise are really all that’s needed to effectively erase these blind spots. Simply knowing they exist is essential if businesses want to overcome the challenge. But what if erasing the data isn’t the problem? What’s the best way to secure data on flash storage that isn’t going to be erased any time soon? One of the most useful techniques is to use encryption, but in the case of flash storage, cryptographic erasure is the way to go. This method basically involves encryption whole data sets and giving only authorized personnel the encryption keys. Once the data on the solid state drive is no longer required, the encryption keys are deleted, making the data inaccessible and unreadable. In other words, the data may not be deleted, but it’s still pretty much useless to anybody and, therefore, secure.
Protecting data on flash storage is something all companies should strive for. Flash array storage performs better than hard drive, is more easily scalable, and faster, so figuring out how to secure it will help a business protects its assets better. With more secure operations, organizations will be able to focus on other endeavors to move forward with confidence.
Opinions expressed by DZone contributors are their own.