A confused man holding a hard drive. We didn’t have any images of external SSDs handy when writing this article.
No, you should not rely on the ATA Secure Erase command to wipe a USB-connected solid-state drive (SSD).
The ATA Secure Erase command is a powerful, built-in function for sanitizing internal drives, and it’s perfectly sufficient for sanitizing internal SSDs. Contrary to popular belief, you don’t need to write over an SSD multiple times to keep your data safe — once is sufficient. Learn why deleted data on an SSD is often unrecoverable.
But with that said, the Secure Erase command isn’t the right tool for the job with external devices (and it’s certainly the wrong tool if you’re dealing with an SSD that’s part of a RAID array or another multi-drive system).
The Problem with USB and ATA Commands
The ATA Secure Erase command is a firmware instruction built into all modern SATA and PATA drives. When issued, it triggers a process within the drive’s own controller to reset all storage cells to a “zero” state, effectively destroying all data. It’s fast, efficient, and doesn’t cause the unnecessary wear that would occur if you overwrite the drive repeatedly (as you’d do with a traditional hard drive, assuming you’re following NIST guidelines).
But the command is designed for a direct ATA (or SATA) connection. When you connect an SSD via a USB enclosure, the USB-to-SATA bridge controller is a sort of middleman. The controller essentially translates USB storage protocol into the SATA protocol that the drive understands.
Most bridge controllers are not programmed to pass along low-level, non-standard commands like ATA Secure Erase. They are built to handle basic read and write functions, and the instructions for secure erasure are often lost in translation.
When you attempt to run the command through the bridge controller, one of two things usually happens:
- The software will immediately report an error, stating the command is not supported.
- The software might appear to execute the command, but in reality, nothing happens on the drive itself.
Some high-end enclosures may support ATA command pass-through, but these are the exception, not the rule. Unless you can confirm this specific feature, you should assume it will not work.
Secure Alternatives for Erasing External SSDs
If the built-in command is off the table, how can you be sure your data is gone for good?
You could drill a hole through the center of your SSD, but that’s fairly wasteful (and not necessarily effective). We’d recommend one of these options instead:
1. Use Manufacturer-Specific Software
Pretty much every external SSD has a manufacturer-supplied utility for handling common data processes, including secure erase commands.
Examples might include:
We’ve linked each tool above — but note that we do not endorse specific software, and we haven’t evaluated these products individually.
Always consult the manufacturer’s documentation to make sure you know how the software works. And remember, data deletion on an SSD is usually permanent; if you need anything from the drive, make sure you have a backup.
2. Perform a Cryptographic Erase (CE)
If your external SSD supports hardware encryption (many modern drives do, and are often referred to as Self-Encrypting Drives, or SEDs), a cryptographic erase is the fastest (and arguably, the most elegant) solution.
Instead of wiping the data itself, this process simply erases the drive’s internal encryption key. Without the key, the drive’s unreadable.
You can trigger a cryptographic erase using the manufacturer’s utility. Alternatively, if you’re using Windows Professional, you can use BitLocker.
3. Use a Reputable Third-Party Wiping Tool
If the first two options aren’t available, a software-based overwrite is a viable alternative, though it’ll put some additional stress on your SSD. Unlike ATA Secure Erase, which tells the drive to wipe itself, these tools overwrite every accessible sector of the drive with random data or zeroes.
A single-pass overwrite is generally sufficient and poses minimal risk to the drive’s long-term health. Tools like KillDisk will get the job done (again, we don’t evaluate or endorse software; use at your own risk).
Avoid multi-pass utilities like DBAN (Darik’s Boot and Nuke) for SSDs, unless you’re extremely paranoid and willing to sacrifice your drive’s health for security. We’ll also note here that Datarecovery.com provides secure data sanitization services — if you have a large number of drives that need sanitization, our services can provide a cost-effective alternative.
Sanitizing Data on RAID-Attached SSDs
Erasing SSDs that are part of a RAID array adds another layer of complexity. The RAID controller itself virtualizes the individual drives, preventing direct access to them.
Sending an erase command to the logical RAID volume will not securely wipe the underlying physical drives. You might also render the drive unusable (or “bricked”), depending on how the command executes.
Your action plan here depends on your hardware and objective:
- Check Your RAID Controller’s Utility: Most enterprise-grade RAID controllers have a built-in function to securely erase drives within an array. Consult the documentation for your specific controller.
- Break the Array: If your controller doesn’t offer a sanitation feature, the most straightforward approach is to back up any data you need, enter the RAID controller’s management interface (often during system boot), and delete the RAID volume. This will break the array and expose the individual SSDs to the operating system.
- Wipe Each Drive Individually: Once the drives are accessible as individual disks, you can use one of the methods described above (manufacturer utility, cryptographic erase, or software overwrite) on each SSD. For business-critical systems where drives are being repurposed, this is the most secure method.
Note: We’ve handled data recovery cases where a single drive from a decommissioned array was not properly wiped, exposing sensitive data. If you’re at all unclear on the process, consult with data sanitization experts.
Professional Solutions Data Sanitization, Data Recovery, and More
At Datarecovery.com, we understand the critical importance of secure data sanitization, especially for enterprise systems and RAID arrays. Our engineers have decades of experience working with complex storage architectures from every major manufacturer. We utilize purpose-built hardware and proprietary software to verify that data is verifiably and permanently destroyed, in compliance with standards like NIST 800-88.
Our process is transparent and risk-free, and documentation can be provided for data sanitization cases. Data recovery cases are supported with a no data, no charge guarantee.
If you are facing data loss or need certified data sanitization for an enterprise-grade SSD in a server, RAID, or SAN, schedule a free evaluation. Contact our experts at 1-800-237-4200 or submit a case online.
