Writing data to an SSD is a two-step process. Every flash-memory cell must be erased first, before the file system can write to it again, and that slows down write performance. To remedy that, Intel is working with Microsoft to come up with a way to erase the cells associated with a deleted file in the background, as the system has processor cycles available. That will improve the performance for subsequent writes, but it has security benefits as well, since the data associated with deleted files will be overwritten sooner, says Troy Winslow, director of marketing at Intel's NAND Solutions Group.
Encryption: SSD's Missing Link
As with hard disk drives, hardware-based, full disk encryption hasn't gained much traction with SSDs. Most manufacturers don't offer full disk encryption yet, although several, including Intel, say they plan to offer it at some point in the future.
That may seem a bit strange, since the government market is focused so tightly on security. Indeed, the need for fast-erase and SSD destruct schemes would diminish with the introduction of full disk encryption using strong, 256-bit or even 1,024-bit AES algorithms. "If the disk does have encryption and the person who has stolen the disk doesn't have the key, then it might as well have been erased," says Handy.
Samsung Electronics Co. has taken the lead in this area, having recently introduced a 128-bit AES option for its latest SSD offerings. In this scheme, the SSD controller encrypts the key, which is stored in the flash chips.
One reason why more manufacturers don't offer SSD is that, while encryption algorithms themselves are standardized, there are no standard implementation methodologies for full disk encryption, so each vendor must roll its own proprietary solution. That adds to the cost. Drossel estimates that encryption would add 10 percent to the cost of its SSD products today.
The standards situation could change with the rollout of the Trusted Computing Group's Opal specification, which was finalized in January. However, that specification may not be stringent enough to meet the requirements of government users -- the customer base most interested in security, says Matt Bryson, an analyst at Avian Securities.
Another issue is that most original equipment manufacturers -- vendors that integrate SSDs into their systems -- don't take advantage of the feature even when it's offered to them. "I don't know any large OEMs who have implemented SSDs with encryption. The functionality is there, but nobody is using it yet," says Wilkison.
That's because, outside of government, most users aren't demanding it yet. "It's still a limited interest. People would like to have it, but they're not willing to pay for it," says Tudor.