Are Multiple Passes Necessary For Permanent Data Erasure?

Exponential growth of data and rising cases of data breach incidents have necessitated organizations to not overlook data security concerns at the end-of-life of IT assets. Businesses need to do realign their approach on how they deal with end-of-life equipment. The safest way to deal with devices at their disposal stage is to ensure they are permanently wiped and erased to ensure that data cannot be recovered even by laboratory techniques. Performing Data Erasure on storage devices that can be re-used is the  most environment-friendly and cost effective approach to data destruction. Data erasure generally involves overwriting the data stored in media with single or multiple over writing cycles or Passes which may range from 1 pass (zeroes) to 35 passes (Peter Gutmann).

So, the question that arises is why do we need multiple passes for data destruction?
Is performing more overwriting passes better than just performing lesser or even one?
Why does different global data erasure standards propose different overwriting passes?
Or which standard is suitable for a business or individual need to perform permanent data erasure?

In this article, we will provide answers to all above questions and help you understand the mechanism of overwriting using different passes for Hard Drives and SSDs.

How Many Passes Are Necessary For Permanently Wiping Hard Drives?

The answer to the number of passes to securely overwrite a hard drive permanently is not straightforward as it would involve several considerations including the technology, latest research findings, evolution of data erasure techniques and recommended methods by governments and international agencies. Before we arrive at a conclusion, we would first need to understand the basics of hard drive erasure, the emergence of data erasure standards and the evolution of faster and more complex flash-based storage media including the solid state drives.

Hard Disk Drives- Permanent Data Erasure

Deleting a file from your hard disk drive or formatting the entire hard drive does free up space on your hard disk but does not destroy the data making it easier to be recovered by freely available data recovery tools. Deleting simply removes the pointers to the file, making it invisible and allowing free space for further storage.

However, when a hard disk drive is overwritten with a stream of zeros, ones or pseudo-random pattern on all sectors of a hard drive (all user-addressable locations including logical file storage locations), it leads to permanent erasure of data or media sanitization beyond any scope of recovery.

Emergence of Data Erasure Standards- Specifying Differing number of Passes

Data Erasure has been guided by various industry specific and government prescribed standard for data destruction, typically specifying the numbers of overwriting passes to be used for securely and permanently erasing data. NISPOM (National Industrial Security Program) manual introduced in the year 1995 by US Department of Defense specified DoD 3 Pass standard (DoD 5220.22-M) as data erasure technique by overwriting all addressable locations with a character, its complement and a pseudo-random character. However, in 2001, it was removed from the NISPOM manual and was not permitted for Top Secret Media.

Peter Gutmann, computer scientist in Department of computer science, university of Auckland, New Zealand, proposed a 35 pass erasure method to prevent data recovery using sophisticated tools such as magnetic force microscopes. However with the arrival of newer HDDs, that used PRML coding techniques instead of older MFM/RLL technique used in early HDD, made Gutmann method obsolete. Gutmann’s contemporary, Bruce Schneier, a security expert, also proposed a 7 pass overwriting method to erase data.A German information security agency, BSI, in the early 2000 devised a 7 pass method (VSITR) which became popular in Europe. Another standard published by Britain’s National Cyber Security Center, HMG Infosec Standard 5, proposed Baseline method with 1 pass and Enhanced method with three passes. Click here to learn more about 24 global data erasure standards.

NIST 800-88: Globally Adhered Media Sanitization Standard

NIST 800-88 with one write pass is the most preferred standard by the US federal government today. NIST (National Institute of Standards and Technology, U.S.) guidelines for media sanitization, first published in 2006 and revised in 2014,  is now one among the most prevalent media sanitization guidelines in the world today. It specifies ‘Clear’ and ‘Purge’ as methods of media sanitization to attain data destruction through overwriting. The guidelines state that “for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media.” Also, the revised guidelines in 2014 stated that “For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” NIST purge technique can also be executed with a single pass, although it also offers an inverted 3 pass method. NIST also recommends that hidden areas of the drive should also be addressed, before overwriting.

SSD Erasure- NIST Recommends 1 Pass with Specialized Commands

SSDs do not contain magnetic coatings. Instead they rely on embedded processor & flash memory chips that retain data. Flash storage allows data to be written and erased from a given location for a fixed number of times (typically 10,000) in their lifecycle and this can exhaust the overall lifetime of SSD, making sanitization of SSDs complex. NIST recommends erasure of SSDs with one overwriting pass combined with specialized commands. It proposes “Secure Erase, Block Erase or Cryptographic Erasure” if supported by the SSD, as a standard erasure procedure.

Conclusion: Benefits of Single Overwriting Pass Outweighs the Multiple Passes

With NIST guidelines of 2014, the fear of recovery after just one cycle of overwriting has been put to rest. NIST clearly states that one write pass is sufficient to erase data from drives beyond recovery. In recent years with innovations around the hard drive technology, such as the high data density on disk platters, makes data recovery impossible after single overwriting pass followed by verification of the overwrite.

Overwriting by multiple passes can be considered, however, organizations will have to consider the time and cost involved on each processed IT asset being overwritten multiple times. Also, global government bodies (NIST 800-88, NCSC, BSI etc.) and agencies advocate 1 write pass as the standard method for overwriting, but it is mandated to follow the overwriting process with actual verification of the overwrite, ensuring that every addressable storage locations has been overwritten.

NIST SP 800-88 guidelines, however does not offer one size fits all formula for erasing hard drives and it shall be an organizational prerogative to ensure which method is more suitable for them and how many overwriting pass is needed given the security categorization and sensitivity of data to be erased. You can read more about the different erasure standards and learn how a NIST Tested & Approved data erasure software offers a solution that can help you securely and permanently erase data on all storage drives including HDDs, SSDs across PC, Mac and servers here.

FAQs