Tag: degauss

Hard Drives vs. SSDs: How Destruction Methods Must Evolve with Technology

August 11, 2025 at 8:00 am by Amanda Canale

Secure data destruction has evolved over the Digital Age from a best practice to a legal and operational necessity. Yet many organizations still rely on outdated processes that were initially designed for hard disk drives (HDDs) but are ineffective for newer technologies like solid-state drives (SSDs).

At Security Engineered Machinery (SEM), we recognize that the storage medium matters when it comes to data destruction. Understanding the technical differences between HDDs and SSDs is crucial to ensuring total data sanitization.

Critical Shreds

  • HDDs use magnetic platters while SSDs use flash memory chips, meaning the difference in technology requires different destruction methods.
  • Combining degaussing and shredding provides secure destruction of HDDs. However, degaussing is not applicable to SSDs and shredding can often leave recoverable data behind.
  • Improper HDD and SSD destruction increases the risk of data breaches and violates data protection laws like HIPAA, NIST 800-88, and the NSA/CSS standard.

How HDDs and SSDs Store Data Differently

HDDs and SSDs serve the same purpose—data storage—but use entirely different technologies under the hood. HDDs rely on magnetic platters that spin while mechanical read/write heads access data. The magnetic nature of these platters makes them ideal candidates for destruction via degaussing, crushing, or shredding.

SSDs, on the other hand, use flash memory chips to store data electronically. Instead of a central platter, data is distributed across numerous microscopic cells embedded within integrated circuits. These memory chips retain data even after being damaged or wiped, which makes secure destruction much more complex. The same methods that easily destroy HDDs often leave SSDs partially intact.

HDD and SSD artwork on a green background

Why Traditional HDD Methods Don’t Work on SSDs

Degaussing is a proven solution for magnetic media as it neutralizes magnetic fields and scrambles the binary code, rendering HDD platters unreadable. However, degaussers have no effect whatsoever on SSDs since they contain no magnetic components.

Similarly, shredders designed for HDDs often fail to fully destroy SSDs. HDDs can be shredded into coarse strips or chunks while still meeting compliance. But SSDs require a much smaller particle size, ideally 2mm or less, to ensure all flash memory chips are destroyed. Shredding SSDs without reaching this level of granularity can leave data recoverable by forensics tools.

The distributed architecture of SSDs means a fragment as small as a thumbnail can still contain sensitive data. That makes precision destruction absolutely critical.

DD: Degauss and Destroy

While it’s been established that degaussing should only be used for magnetic HDDs, it’s important to note that it should not be the sole method of destruction. Per the NSA, a magnetic HDD carrying classified information should be degaussed then physically destroyed by way of shredding or crushing. This, “degauss and destroy” two-way method ensures the complete and total obliteration of any end-of-life media. At SEM, we have a line of Degauss and Destroy options that combine the use of the Model EMP1000-HS degausser and other NSA-listed HDD destroyers.

Though this process is required for classified information, it is a good rule of thumb for all sensitive information, regardless of the industry.

SEM Degauss and Destroy bundle
Disintegration: Ultimate Security

While shredding may work for some storage media, SSDs require a more precise and thorough approach to ensure complete data destruction.

Since data is distributed across the cells on an SSD, typical destruction efforts such as shredding or crushing can often leave drives partially intact, and stored data vulnerable to theft. This is where disintegrators come into play. Contrary to shredders, disintegrators utilize rotor knives to pulverize material and push it through a predetermined screen size. This mechanism grinds end-of-life material into uniform, fine particles, leaving no fragmented pieces behind. With this method, drives are repeatedly cut until they can pass through the screen, producing a much smaller (and more secure) particle size.

According to the NSA, for a solid state disintegrator to be NSA/CSS listed, it must be able to “reduce any solid state storage device to a maximum edge size of 2 millimeter or less.” A prime example of this kind of technology is the SEM Model SSD2-HS Solid State Disintegrator, a high security destruction device that breaks down end-of-life SSDs down to required 2mm particle size.

The Risk of Inadequate SSD Destruction

Failing to completely destroy SSDs at end-of-life is a major security risk. Sensitive data—including financial records, healthcare files, classified information, or customer credentials—can remain on leftover memory chips. This residual data can be extracted by criminals or competitors with minimal effort.

Even if an organization believes data has been deleted or wiped, data recovery software and hardware forensics tools can still retrieve unencrypted remnants. The consequences are far-reaching: data breaches, identity theft, intellectual property theft, and noncompliance fines are all on the table.

The risk isn’t just technical—it’s legal. Compliance regulations like HIPAA, NIST SP 800-88, and PCI-DSS all require verifiable data destruction methods based on media type and sensitivity level.

SSD2-HS SSD Disintegrator Media Feed

Built for Compliance and Peace of Mind

To mitigate risk and ensure compliance, organizations must implement destruction processes that align with:

  • National Institute of Standards and Technology (NIST 800-88)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • General Data Protection Regulation (GDPR)
  • Federal Information Security Management Act (FISMA)

Failure to comply can result in audits, penalties, and reputational damage. Proper destruction practices are essential not just for security, but for legal protection and organizational integrity.

Looking Ahead: Future-Proofing Your Data Destruction Strategy

As storage technology evolves, data destruction methods must keep pace. Organizations should continually evaluate their policies and equipment to ensure alignment with modern threats and storage formats.

Forward-thinking approaches may include:

  • Investing in SSD-specific crushers or disintegrators
  • Implementing secure chain-of-custody protocols
  • Regularly updating policies in accordance with regulatory changes

After all, proper planning today can prevent catastrophic failures tomorrow.

An IT Destruction Audit Trail – How to Simplify the Process

August 23, 2018 at 2:47 pm by Heidi White

HDD-degaussIf you deal with sensitive drives, the NSA/CSS requirements for destruction of classified and higher drives requires that they first be degaussed by an NSA approved degausser and then physically destroyed. This 2-step process is not complete without the third critical step: documentation/destruction audit trail of everything destroyed. Therefore, you must properly document before you degauss and then destroy.

An important part of any HDD/SSD media destruction program is the accurate creation of a complete end of life audit trail.  Until now it has been up to the operator of the degausser/destruction equipment to fill out the appropriate tracking form by hand, recording the serial numbers of the drives destroyed so there is a record of who, what, where and when they were destroyed.  This is a very time-consuming and tedious process, and one that is prone to unintentional errors in the serial numbers recorded.  The need for accuracy in this documentation is extremely important in the event of an audit or the need to track a specific drive — especially a classified one.

The iWitness is a plug and play documentation tool that is both accurate and time-saving

Whether you have ten drives or 10,000 drives to destroy, an easy way to streamline the process and dramatically increase the speed and accuracy while gathering additional information on the specific drive’s destruction is to automate the process using the SEM iWitness audit-friendly media tracking and end-of-life documenting solution.

The iWitness is a simple plug and play, end-of-life documentation tool for IT destruction. The iWitness consists of a laptop with a 15” screen, a handheld barcode scanner, and pre-loaded iWitness software, and is the only system that is fully SCIF compliant right out of the box.  This SCIF compliant system is completely stand-alone and does not need to connect to a network. The software is installed on a guest account, the Wi-Fi and Bluetooth are disabled, it has no cameras, and writes to a CDR — absolutely no USB is required. The iWitness system is the ideal solution for classified environments and SCIFs.

The iWitness comes complete with a laptop, scanner, and pre-loaded software

The process is simple: just scan an HDD or SSD bar code and the software records the media and documents the erasure status and gauss level, after which the information can be exported to a cross-compatible CSV file and saved to a CDR or, if preferred and not in a SCIF, a USB drive. The iWitness not only keeps an audit trail, it also prompts the operator through every step of the process, so no step is missed. The software records manufacturer, model, serial number, destruction method and device used, operator name, time, and date.  In addition, the iWitness can be easily customized to record additional drive information as required.

This machine is compatible with the SEM EMP-1000HS and EMP-1000 degaussers, as well as the entire line of SEM HDD/SSD crushers, shredders, and disintegrators. It can also be used with non-SEM destruction devices if preferred. When used with an SEM degausser, the iWitness system provides erasure verification by recording the Pass/Fail status and the magnetic field strength communicated directly from the degausser via a barcode displayed on the degausser’s LCD panel, which can be scanned with the iWitness to confirm sanitization.  This is an exclusive compatibility feature of SEM degaussers; however, competitive degaussers can also be used without this feature.

The SEM iWitness offers a full-featured solution to the cumbersome chore of filling out various documentation forms, making your audit trail recording a breeze. The iWitness complies with all major security requirements including NIST SP 800-36/NIST SP 800-88, PCI DSS, HIPAA, FACTA, FISMA, PIPEDA, GLBA, CCPA, and FCC standard. If time savings, increased recording accuracy, operational simplicity, and regulatory compliance are important to your organization, the SEM iWitness would be a great addition to your media destruction program.

Mike Wakefield, Southeast Regional Sales Manager, has over 34 years of sales experience, 25 of which have been with SEM, and he is a Subject Matter Expert in data destruction and government contracting. Throughout his career at SEM, Mike has worked with key clients including the federal government, U.S. military, defense contractor community, and Fortune 500 companies. Mike prides himself on being able to anticipate new markets and emerging technologies while also working with the intelligence community to meet current and future needs, all while protecting the environment.