How Difficult Is It?
Instant Secure Erase: The Ultimate Solution for Drive Retirement and Disposal
What's this
Regarding being simple enough for even the smallest IT operation, sanitizing an SED can’t get much simpler than this one step. Within the AT Attachment 8 - ATA/ATAPI
Command Set (ATA8-ACS), there is a command called SECURITY ERASE UNIT. With non-SED drives, this initiates the wiping process discussed earlier by writing zeroes across all user data areas. With an SED, though, the SECURE ERASE Enhanced command changes the AES encryption key resident on the drive. That’s it. Just issue one command and all existing data on the drive is rendered into unrecoverable garbage. There are no back doors, hidden secondary keys, or any other way to decrypt that old data. Once the key changes, it’s gone forever.
Since the SECURE ERASE command is so powerful and permanent, it doesn’t come built into Windows or any similarly common interface. The easiest way to leverage these commands is with Seagate’s SeaTools diagnostic software. Available for Windows or DOS, SeaTools provides a simple intuitive interface that makes administering crypto-erasure little more than ticking a checkbox.

Alternatively, system builders may opt to create their own software tools able to issue ATA/SCSI security commands. More commonly, enterprise admins are likely to prefer a more streamlined process through tools such as LSI’s MegaRAID SafeStore software, available for both LSI and Intel storage controllers. (Until recently, crypto-erasure could only be issued from tools approved by the Trusted Computing Group (TCG.) Fortunately, the new ATA/SCSI commands open up a much wider range of software possibilities.) Such applications give admins the ability to create, manage, and dispose of encrypted volumes, even via a remote console. This way, sensitive data can be eliminated from drive fleets even before those drives leave their data center systems or racks, even before they might reach a traditional wiping station. In several ways, this is even more secure than drive destruction, which takes place outside of the data center after drives pass through multiple hands.