Tag: SSD

Hard Drives vs. SSDs: How Destruction Methods Must Evolve with Technology

August 11, 2025 at 8:00 am by Amanda Canale

Secure data destruction has evolved over the Digital Age from a best practice to a legal and operational necessity. Yet many organizations still rely on outdated processes that were initially designed for hard disk drives (HDDs) but are ineffective for newer technologies like solid-state drives (SSDs).

At Security Engineered Machinery (SEM), we recognize that the storage medium matters when it comes to data destruction. Understanding the technical differences between HDDs and SSDs is crucial to ensuring total data sanitization.

Critical Shreds

  • HDDs use magnetic platters while SSDs use flash memory chips, meaning the difference in technology requires different destruction methods.
  • Combining degaussing and shredding provides secure destruction of HDDs. However, degaussing is not applicable to SSDs and shredding can often leave recoverable data behind.
  • Improper HDD and SSD destruction increases the risk of data breaches and violates data protection laws like HIPAA, NIST 800-88, and the NSA/CSS standard.

How HDDs and SSDs Store Data Differently

HDDs and SSDs serve the same purpose—data storage—but use entirely different technologies under the hood. HDDs rely on magnetic platters that spin while mechanical read/write heads access data. The magnetic nature of these platters makes them ideal candidates for destruction via degaussing, crushing, or shredding.

SSDs, on the other hand, use flash memory chips to store data electronically. Instead of a central platter, data is distributed across numerous microscopic cells embedded within integrated circuits. These memory chips retain data even after being damaged or wiped, which makes secure destruction much more complex. The same methods that easily destroy HDDs often leave SSDs partially intact.

HDD and SSD artwork on a green background

Why Traditional HDD Methods Don’t Work on SSDs

Degaussing is a proven solution for magnetic media as it neutralizes magnetic fields and scrambles the binary code, rendering HDD platters unreadable. However, degaussers have no effect whatsoever on SSDs since they contain no magnetic components.

Similarly, shredders designed for HDDs often fail to fully destroy SSDs. HDDs can be shredded into coarse strips or chunks while still meeting compliance. But SSDs require a much smaller particle size, ideally 2mm or less, to ensure all flash memory chips are destroyed. Shredding SSDs without reaching this level of granularity can leave data recoverable by forensics tools.

The distributed architecture of SSDs means a fragment as small as a thumbnail can still contain sensitive data. That makes precision destruction absolutely critical.

DD: Degauss and Destroy

While it’s been established that degaussing should only be used for magnetic HDDs, it’s important to note that it should not be the sole method of destruction. Per the NSA, a magnetic HDD carrying classified information should be degaussed then physically destroyed by way of shredding or crushing. This, “degauss and destroy” two-way method ensures the complete and total obliteration of any end-of-life media. At SEM, we have a line of Degauss and Destroy options that combine the use of the Model EMP1000-HS degausser and other NSA-listed HDD destroyers.

Though this process is required for classified information, it is a good rule of thumb for all sensitive information, regardless of the industry.

SEM Degauss and Destroy bundle
Disintegration: Ultimate Security

While shredding may work for some storage media, SSDs require a more precise and thorough approach to ensure complete data destruction.

Since data is distributed across the cells on an SSD, typical destruction efforts such as shredding or crushing can often leave drives partially intact, and stored data vulnerable to theft. This is where disintegrators come into play. Contrary to shredders, disintegrators utilize rotor knives to pulverize material and push it through a predetermined screen size. This mechanism grinds end-of-life material into uniform, fine particles, leaving no fragmented pieces behind. With this method, drives are repeatedly cut until they can pass through the screen, producing a much smaller (and more secure) particle size.

According to the NSA, for a solid state disintegrator to be NSA/CSS listed, it must be able to “reduce any solid state storage device to a maximum edge size of 2 millimeter or less.” A prime example of this kind of technology is the SEM Model SSD2-HS Solid State Disintegrator, a high security destruction device that breaks down end-of-life SSDs down to required 2mm particle size.

The Risk of Inadequate SSD Destruction

Failing to completely destroy SSDs at end-of-life is a major security risk. Sensitive data—including financial records, healthcare files, classified information, or customer credentials—can remain on leftover memory chips. This residual data can be extracted by criminals or competitors with minimal effort.

Even if an organization believes data has been deleted or wiped, data recovery software and hardware forensics tools can still retrieve unencrypted remnants. The consequences are far-reaching: data breaches, identity theft, intellectual property theft, and noncompliance fines are all on the table.

The risk isn’t just technical—it’s legal. Compliance regulations like HIPAA, NIST SP 800-88, and PCI-DSS all require verifiable data destruction methods based on media type and sensitivity level.

SSD2-HS SSD Disintegrator Media Feed

Built for Compliance and Peace of Mind

To mitigate risk and ensure compliance, organizations must implement destruction processes that align with:

  • National Institute of Standards and Technology (NIST 800-88)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • General Data Protection Regulation (GDPR)
  • Federal Information Security Management Act (FISMA)

Failure to comply can result in audits, penalties, and reputational damage. Proper destruction practices are essential not just for security, but for legal protection and organizational integrity.

Looking Ahead: Future-Proofing Your Data Destruction Strategy

As storage technology evolves, data destruction methods must keep pace. Organizations should continually evaluate their policies and equipment to ensure alignment with modern threats and storage formats.

Forward-thinking approaches may include:

  • Investing in SSD-specific crushers or disintegrators
  • Implementing secure chain-of-custody protocols
  • Regularly updating policies in accordance with regulatory changes

After all, proper planning today can prevent catastrophic failures tomorrow.

NIST Guidelines vs. the NSA EPL on Hard Drive Destruction: Clearing Up Confusion

February 5, 2019 at 5:44 pm by Heidi White

hard drive destructionOver the 20 years I have been working for SEM, I have explained to customers and former military colleagues about the requirements for classified destruction. Lately these requirements have become stricter due to the ever-changing technologies. It’s not as easy as just putting your paper in a shredder or disintegrator and walking away knowing your classified is destroyed. Your classified now comes on many types of media. With so many types of media, a requirement had to be set forth by the National Security Agency (NSA) as to how these needed to be destroyed. We will discuss destroying hard drives as it relates to the National Institute of Standards and Technology (NIST) 800-88 and NSA Evaluated Products List (EPL) for Hard Drive Destruction.

For this blog, I will only discuss a brief overview for the destruction of hard disks (SCSI, ATA, SATA). NIST 800-88 explains on page 16, table 5-1 there are three methods of destroying hard disks. The first is to CLEAR. This method uses software to overwrite the storage space on the media with non-sensitive data (unclassified) and gives you the option to reuse your hard drive. The second is to PURGE. This method uses degaussing and the Secure Erase command present on some ATA drives. This method is very effective again for unclassified drives. The third method is PHYSICAL DESTRUCTION. This method is the standard for classified data and it destroys the drive by using disintegration, pulverization, melting, or incineration.

emp 1000HS
SEM’s NSA listed Model EMP1000-HS degausser is an ideal solution for rotational hard drives; however, degaussing has NO effect on solid state media.

The second paragraph of the NSA/CSS EPL for Hard Drive Destruction Devices states, “Hard drive destruction devices on their own DO NOT SANITIZE magnetic and/or solid-state storage devices; use of these machines is only authorized in conjunction with degaussing for routine magnetic hard disk drive sanitization or by themselves only in extreme emergency situations. Sanitization guidance for classified storage devices is located in the NSA/CSS PM 9-12 Storage Device Sanitization Manual.” This leads you to believe that degaussing could be used on a solid state drive (SSD). This is misleading! A magnetic field created by a degausser will cause no damage to an SSD. A degausser will only destroy information on a standard rotational magnetic drive.

ssd shredder
Classified SSDs must be disintegrated to a 2mm particle size.

In the third paragraph it states; “All shredders designed for hard drives are approved for deformation of magnetic hard drive platters. Shredding alone will NOT SANITIZE magnetic and/or solid state storage devices unless a two-millimeter particle size or less of the magnetic disk or solid-state memory chip is accomplished in accordance with NSA/CSS PM 9-12 Storage Device Sanitization Manual.” This states that if you have a hard drive or SSD, you can shred it to a 2mm particle to sanitize the drive. This is confusing. Although the NSA guidelines REQUIRE you to reduce a classified SSD to a two-millimeter particle to render the device sanitized, the machine that does this may not be able to shred a standard magnetic hard disk drive to this two-millimeter particle. This is due to the size and materials used in the manufacturing of a magnetic hard disk.

In conclusion, in order to completely destroy the information in a hard drive is a two-step process for a magnetic hard drive and a single step process for a SSD.

A magnetic disk MUST BE degaussed using an NSA approved degausser THEN physically destroyed. This second step of physical destruction is left up to the end user and can vary greatly. It can be as simple as drilling a hole in the drive, hitting it several times with a hammer, or using a hydraulic punch or hard drive shredder. A solid state drive MUST be shredded to a two-millimeter particle and cannot be degaussed.

If you have any questions or would like to talk to a security professional, feel free to reach out to me or any SEM representative.

Karl Lotvedt, DC Region Sales Support, has over 20 years of experience with SEM, including targeted expertise in understanding military procedures and requirements. Prior to joining SEM, Karl spent 20 years in the United States Air Force including over five years in procurement. Now retired from the Air Force, Karl currently serves as an Air Force resource advisor. Karl received his AA and CIS from National College in Rapid City, SD.