Author Topic: SSD vs HDD for data security  (Read 3727 times)

0 Members and 1 Guest are viewing this topic.

Offline PicuinoTopic starter

  • Frequent Contributor
  • **
  • Posts: 645
  • Country: 00
    • Picuino web
SSD vs HDD for data security
« on: September 23, 2023, 07:03:36 pm »
Lately, SSD prices have been catching up with traditional HDDs. Soon, SSD solid-state drives will be the cheaper option for data storage. But if we look at it from a security perspective when it comes to storing valuable data, which option is better, an SSD or an HDD?

SSD 2Tb  Crucial P3 2TB M.2 PCIe Gen3 NVMe SSD ~ 91 €
HDD 3Tb WD Red ~ 87 €

I am speaking as a home user. I don't have a dedicated NAS with RAID 5, just several HDD drives for the computer and for backup.
« Last Edit: September 23, 2023, 07:52:57 pm by Picuino »
 

Offline Shonky

  • Frequent Contributor
  • **
  • Posts: 290
  • Country: au
Re: SSD vs HDD for data security
« Reply #1 on: September 23, 2023, 08:31:51 pm »
SSD are significantly more reliable than HDD.

Main thing is SSDs typically die with little warning but that should not matter too much as you should follow 3 2 1 backup if you actually care about security of your data. All data storage devices can fail as well as your house can burn down, hit by lightning, power surge, water damage, theft etc.

Whilst they may be slightly price competitive at 2TB levels they are not even close at larger sizes.
« Last Edit: September 23, 2023, 08:33:23 pm by Shonky »
 

Online wraper

  • Supporter
  • ****
  • Posts: 16680
  • Country: lv
Re: SSD vs HDD for data security
« Reply #2 on: September 23, 2023, 08:34:57 pm »
You don't want to leave SSD unpowered for more than 6 months, and certainly not for years. Especially if it uses QLC NAND. Otherwise good SSD should be more robust.
 
The following users thanked this post: JoeRoy

Online wraper

  • Supporter
  • ****
  • Posts: 16680
  • Country: lv
Re: SSD vs HDD for data security
« Reply #3 on: September 23, 2023, 08:39:39 pm »
SSD 2Tb  Crucial P3 2TB M.2 PCIe Gen3 NVMe SSD ~ 91 €
HDD 3Tb WD Red ~ 87 €
If you look at 8TB+ price, SSD price is nowhere near to HDD though.
 

Offline Shonky

  • Frequent Contributor
  • **
  • Posts: 290
  • Country: au
Re: SSD vs HDD for data security
« Reply #4 on: September 23, 2023, 08:39:42 pm »
Yes you should consider the SSD type being SLC, MLC, QLC etc. Most is moving towards QLC these days but if you go for proper enterprise drives with even higher expected reliability your cost comparison goes way out of the window. A QLC SSD should still be more reliable than a HDD.

As some stats from BackBlaze
https://www.backblaze.com/blog/ssd-drive-stats-mid-2022-review/
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 14043
  • Country: fr
Re: SSD vs HDD for data security
« Reply #5 on: September 23, 2023, 09:18:42 pm »
Yeah, while prices are going down for SSDs, they are nowhere near that of HDDs, and I'm speculating that HDDs are still going to be sold for years to come, with still possible incremental improvements to reach capacities that we are not thinking of today.

In terms of data retention, it's a tough call. While SSDs have no moving part, they still wear out and as said above, retention is not guaranteed past a relatively short time if they are stored unpowered, which isn't all that great.
Some old HDDs from 30-40 years ago, that were left unpowered for a long time, are still readable. I don't think any SSD will have that kind of data retention, even if properly used, and certainly not if left unpowered for years.

If you are after long-term retention, count on neither. Backup your data on a regular basis.
 

Online Halcyon

  • Global Moderator
  • *****
  • Posts: 5591
  • Country: au
Re: SSD vs HDD for data security
« Reply #6 on: September 24, 2023, 01:08:01 am »
You don't want to leave SSD unpowered for more than 6 months, and certainly not for years. Especially if it uses QLC NAND. Otherwise good SSD should be more robust.

Data retention time on SSDs is typically measured in years, rather than months, unless you're storing them in a particularly hot environment or the NAND/disks are of particularly low quality. Drives that are designed according to JEDEC standards guarantee a minimum retention of 1 year, but most decent brands should be able to last much longer without data loss, some figures thrown around the industry can be in the ballpark of up to 10-15 years. It's difficult to put a definitive number on it as there are so many variables.

I just wiped two old 120/128GB SSDs which have been powered off for about 5 years and both still had data perfectly intact (Corsair and SanDisk brands).

I tend to stick with Intel, Micron/Crucial and Kingston brands personally.
 

Offline AntiProtonBoy

  • Frequent Contributor
  • **
  • Posts: 988
  • Country: au
  • I think I passed the Voight-Kampff test.
Re: SSD vs HDD for data security
« Reply #7 on: September 24, 2023, 03:29:29 am »
Lately, SSD prices have been catching up with traditional HDDs. Soon, SSD solid-state drives will be the cheaper option for data storage. But if we look at it from a security perspective when it comes to storing valuable data, which option is better, an SSD or an HDD?

You are looking at security in a completely wrong way. You should not rely on the underlying storage technology for securing data, you should rely on proven cryptographic measures instead. If your volumes are encrypted, arguments about SSD vs HDD won't matter much.

...unless you are talking about reliability, which is a whole different topic.
 
The following users thanked this post: Someone, Picuino

Online wraper

  • Supporter
  • ****
  • Posts: 16680
  • Country: lv
Re: SSD vs HDD for data security
« Reply #8 on: September 24, 2023, 11:00:19 am »
You don't want to leave SSD unpowered for more than 6 months, and certainly not for years. Especially if it uses QLC NAND. Otherwise good SSD should be more robust.

Data retention time on SSDs is typically measured in years, rather than months, unless you're storing them in a particularly hot environment or the NAND/disks are of particularly low quality. Drives that are designed according to JEDEC standards guarantee a minimum retention of 1 year, but most decent brands should be able to last much longer without data loss, some figures thrown around the industry can be in the ballpark of up to 10-15 years. It's difficult to put a definitive number on it as there are so many variables.
I'm not saying that it will necessarily lose the data after 6 months, but it's a possibility you should not play with.
Quote
I just wiped two old 120/128GB SSDs which have been powered off for about 5 years and both still had data perfectly intact (Corsair and SanDisk brands).
So did you check actual integrity of the data? Seeing that files are still there and readable on a first glance means nothing. Usually you have silent data rot with corrupted bytes appearing here and there, a few per GB for example. The first sign that data may be corrupted is slower than normal read speed as ECC fails and SSD re-tries reading with different voltage thresholds. Also these drives most likely were MLC where voltage levels are way easier to distinguish than in QLC. The only things that save the day with QLC are much more advanced reading techniques and ECC mechanisms such as LDPC in newer drives.
https://www.eevblog.com/forum/general-computing/ssd-vs-hdd-for-data-security/?action=dlattach;attach=1882858;image
Quote
some figures thrown around the industry can be in the ballpark of up to 10-15 years. It's difficult to put a definitive number on it as there are so many variables.
BS, don't confuse NOR flash or SLC NAND with TLC and QLC NAND.
« Last Edit: September 24, 2023, 11:13:12 am by wraper »
 

Offline PicuinoTopic starter

  • Frequent Contributor
  • **
  • Posts: 645
  • Country: 00
    • Picuino web
Re: SSD vs HDD for data security
« Reply #9 on: September 24, 2023, 12:24:59 pm »
Lately, SSD prices have been catching up with traditional HDDs. Soon, SSD solid-state drives will be the cheaper option for data storage. But if we look at it from a security perspective when it comes to storing valuable data, which option is better, an SSD or an HDD?

You are looking at security in a completely wrong way. You should not rely on the underlying storage technology for securing data, you should rely on proven cryptographic measures instead. If your volumes are encrypted, arguments about SSD vs HDD won't matter much.

...unless you are talking about reliability, which is a whole different topic.

Yes, I am talking about safety, but you are right that what interests me about the disks is their reliability.

So far I directly or my environment have suffered laptop theft and hard drive breakage. For me the most valuable data are family photos and my Open source work. Neither of them I think need cryptography, but they do need a good resistant backup, which is not especially attractive to thieves.
My computer is an old 20+ year old tower that is not attractive at all and I keep my external hard drives (I backup to 2 drives at a time) in places I consider safe. Lately I'm considering changing the location so that they are also fire-safe places.

I also keep my daily work on GitHub, which is a fourth backup.
« Last Edit: September 24, 2023, 12:27:21 pm by Picuino »
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1145
  • Country: pl
Re: SSD vs HDD for data security
« Reply #10 on: September 24, 2023, 01:02:27 pm »
Specific durations aside, some clarification on “leave unpowered” is needed for a this kind of statement directed towards a person not knowing the subject. SSD is not DRAM: data is not being cyclically refreshed each dozen microseconds. It must be read to detect decoding errors and trigger repair. This can be done either manually or in the background by firmware. The latter is neither instant nor deterministic.

My own knowledge is not enough to make positive statements in that matter, so may I ask for some details/advice? Primarily for the OP, but I would not mind getting my data updated either.

People imagine AI as T1000. What we got so far is glorified T9.
 

Offline AntiProtonBoy

  • Frequent Contributor
  • **
  • Posts: 988
  • Country: au
  • I think I passed the Voight-Kampff test.
Re: SSD vs HDD for data security
« Reply #11 on: September 24, 2023, 02:27:27 pm »

Yes, I am talking about safety, but you are right that what interests me about the disks is their reliability.

So far I directly or my environment have suffered laptop theft and hard drive breakage. For me the most valuable data are family photos and my Open source work. Neither of them I think need cryptography, but they do need a good resistant backup, which is not especially attractive to thieves.
My computer is an old 20+ year old tower that is not attractive at all and I keep my external hard drives (I backup to 2 drives at a time) in places I consider safe. Lately I'm considering changing the location so that they are also fire-safe places.

I also keep my daily work on GitHub, which is a fourth backup.

If you want day-to-day operational reliability and uptime, look into redundancy measures.  I personally use a simple RAID-1 system for that task. Mirroring drives greatly increases fault tolerance.
 

Online Halcyon

  • Global Moderator
  • *****
  • Posts: 5591
  • Country: au
Re: SSD vs HDD for data security
« Reply #12 on: September 25, 2023, 03:33:20 am »
So did you check actual integrity of the data? Seeing that files are still there and readable on a first glance means nothing. Usually you have silent data rot with corrupted bytes appearing here and there, a few per GB for example. The first sign that data may be corrupted is slower than normal read speed as ECC fails and SSD re-tries reading with different voltage thresholds. Also these drives most likely were MLC where voltage levels are way easier to distinguish than in QLC. The only things that save the day with QLC are much more advanced reading techniques and ECC mechanisms such as LDPC in newer drives.

No, I didn't check each and every file, but both drives booted into their OS without issues and the data that I did want to retain prior to erasing them both was all fine. Sure, there is a possibility that there might be the odd bit or two which has corrupted during that time that I simply missed, but in my experience SSD's are pretty resilient and are designed not to simply lose data after several months or even several years.

Of course there are differences with NAND types, quality etc... but generally speaking with today's consumer drives, you can expect them to retain 100% of their data for at least 1 year, but practically, much longer than that. I wouldn't be concerned if someone were to use an SSD for backing up data and it's only plugged in once a year.

I've been using SSDs since around 2008/2009 when the first 64 GB Intel SSDs were on the market and out of the many hundreds, I've never experienced corrupted data on any of them. Sure, I've had maybe 1 or 2 die due to a firmware issue, but that's about it.

If you are really concerned about corrupted bits, storing your important files in a container with parity enabled, such as a RAR file, might be a good option. Also test your backups regularly.

some figures thrown around the industry can be in the ballpark of up to 10-15 years. It's difficult to put a definitive number on it as there are so many variables.
BS, don't confuse NOR flash or SLC NAND with TLC and QLC NAND.

Well, it's not bullshit and I wasn't confusing NAND types. Rather than make assumptions and call bullshit, perhaps consider the experience other people might have in their fields of expertise. A quick Google search I'm sure will reveal some further information. I'm well aware of their differences, pros and cons. I made a general statement about data retention being measured in years, not months. I wasn't being specific about any particular type, brand or model of SSD. I would suggest based on my experience and knowledge, a reasonable expectation would be at least 5 years (give or take a year or two for good measure). I'd be pretty pissed off if an SSD only held data for 6 months and I'd even argue that the product wasn't "reasonably durable" and request a refund.

When I was working in the Police, it wasn't uncommon at all for us to be recovering data from PC's and SSDs which have been kicking around in owner's drawers or packed in a shed, unused for years, particularly when it came to historical sexual assault and similar matters. We would essentially hash then analyse (with some automation) every single file on those drives for later review.
« Last Edit: September 25, 2023, 03:54:38 am by Halcyon »
 

Offline JeremyC

  • Regular Contributor
  • *
  • Posts: 135
  • Country: us
Re: SSD vs HDD for data security
« Reply #13 on: September 25, 2023, 04:02:31 am »
You don't want to leave SSD unpowered for more than 6 months, and certainly not for years. Especially if it uses QLC NAND. Otherwise good SSD should be more robust.

Really? I recently copied files from multiple SSDs which have been under heavy R/W in ~2015 and were physically removed  from the JBOD around 2016, untouched since.
It's too many unproved myths around SSDs lifetime :)
 

Online Halcyon

  • Global Moderator
  • *****
  • Posts: 5591
  • Country: au
Re: SSD vs HDD for data security
« Reply #14 on: September 25, 2023, 04:45:59 am »
You don't want to leave SSD unpowered for more than 6 months, and certainly not for years. Especially if it uses QLC NAND. Otherwise good SSD should be more robust.

Really? I recently copied files from multiple SSDs which have been under heavy R/W in ~2015 and were physically removed  from the JBOD around 2016, untouched since.
It's too many unproved myths around SSDs lifetime :)

Not entirely unexpected at all. And yes, you're right, there are a lot of assumptions without any real, long-term testing being done (that I could find anyway). If it were such a prolific problem, I'd expect to hear more about it, especially with warnings from manufacturers themselves.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 4868
  • Country: si
Re: SSD vs HDD for data security
« Reply #15 on: September 25, 2023, 05:37:24 am »
Enterprise SSDs =/= Cheap noname QLC SSDs

Flash technology can indeed be very reliable in the timespan of 15 years. However the push for more and more density has given rise to much crappier implementations of it. The more analog levels you cram into ever smaller flash cells the more leaky they will become. It is the result of the race to the bottom in price.

For storing live data like a OS the issue is not a problem because any file that is reasonably important will get read out at least once per year, if not once per week. So any bit rot is detected by ECC and fixed.

But as an archival medium where you store data on it and not touch it for years, it is not a good idea. Even if you do plan to only use it for a few years, archival storage tends to stick around for longer than planed as it is left to sit on a shelf. People don't think about the archived data unless they need it at the moment.

The ultimate archival solution available to mere mortals is still tape storage. They can store TBs per tape cassette, do not degrade with time and is not prone to mechanical failure since the cassette can still be put into another different working tape drive. However the cost of a tape drive is still high enough to be only interesting to decently serious data hoarders. So a HDD is the next best thing, giving you magnetic storage that is simply plug and play. That being said you still can't 100% expect a HDD to still run after being powered off for 25 years, but it most likely will.

Unfortunately data archival is a process not a goal. To be absolutely sure you don't loose data, you have to make backups and the backups need to be checked here and there. A good home solution is a NAS using some kind of software RAID while making a backup onto some USB HDDs here and there(preferably storing them off site at your relatives or something). You can use SSDs just fine in that NAS, it will occasionally do a parity check of the whole array, so that would refresh any rotting bits.
 

Offline metebalci

  • Frequent Contributor
  • **
  • Posts: 423
  • Country: ch
Re: SSD vs HDD for data security
« Reply #16 on: September 25, 2023, 05:43:39 am »
An enterprise HDD WD HC550 has MTBF 2.5M hours and bit error rate 1E-15; a consumer SSD for NAS, WD Red SA 500 has MTBF 2M hours and bit error rate 1E-17. HC550 18TB and SA 500 4TB have comparable prices. For me, only reason to choose HDD over SSD is capacity/price (and maybe total capacity depending on the situation). SSD is most of the time a better choice (I cannot think of anything else other than recovery), assuming a RAID and backup already in place.
 

Online wraper

  • Supporter
  • ****
  • Posts: 16680
  • Country: lv
Re: SSD vs HDD for data security
« Reply #17 on: September 25, 2023, 08:58:33 am »
The more analog levels you cram into ever smaller flash cells the more leaky they will become.
They do not become more leaky from cramming more analog levels. The issue is that even a small leak causes the problem reading the cell content correctly due to small difference between voltage levels. While SLC needs to just distinguish between 1 and 0. FWIW QLC NAND used as if it was SLC is just as good as real SLC.
 

Offline metebalci

  • Frequent Contributor
  • **
  • Posts: 423
  • Country: ch
Re: SSD vs HDD for data security
« Reply #18 on: September 25, 2023, 10:35:40 am »
But as an archival medium where you store data on it and not touch it for years, it is not a good idea. Even if you do plan to only use it for a few years, archival storage tends to stick around for longer than planed as it is left to sit on a shelf. People don't think about the archived data unless they need it at the moment.

The ultimate archival solution available to mere mortals is still tape storage. They can store TBs per tape cassette, do not degrade with time and is not prone to mechanical failure since the cassette can still be put into another different working tape drive. However the cost of a tape drive is still high enough to be only interesting to decently serious data hoarders. So a HDD is the next best thing, giving you magnetic storage that is simply plug and play. That being said you still can't 100% expect a HDD to still run after being powered off for 25 years, but it most likely will.

+1 for tape for archiving, and I dont think it is expensive for what it is. It might be slow but even with a single LTO-5 (or LTO-6) drive, a lot can be saved to tapes. I agree that many things can be kept on HDD arrays (and automatically checked and corrected for errors sometimes, even if not explicitly accessed) and does not need to be archived. If archival is still needed for a few TBs, LTO-5 or 6 easily solves the problem for less than 1K$, this is what I do. If tens of TBs have to be archived, then I guess even a better tape or tape library should not be considered expensive.
 

Offline golden_labels

  • Super Contributor
  • ***
  • Posts: 1145
  • Country: pl
Re: SSD vs HDD for data security
« Reply #19 on: September 25, 2023, 11:45:40 am »
In a forum with so many professional engineers, could we avoid general statements supported by sample size of approximately 1 or existential quantification? It makes my brain hurt. :D

By this logic I can claim HDDs are very robust. Because my primary drive soon reaches 100 kh of 24/7 operation. Must be more than all Halcyon’s SSDs together. And its brother, which was turned off for some time,(1) is over 74 kh. Does it prove anything of use to OP? No, nothing.

Sharing personal experience is valuable. But c’mon: this is not putting a lot of single observations on a heap and hoping together they provide good information. It’s defending claims, not even disguised as something else. :(


(1) A physical SATA socket damage on the motherboard. The HDD itself is fine.
People imagine AI as T1000. What we got so far is glorified T9.
 

Offline Haenk

  • Super Contributor
  • ***
  • Posts: 1038
  • Country: de
Re: SSD vs HDD for data security
« Reply #20 on: September 25, 2023, 02:17:47 pm »
could we avoid general statements

I'd say: All modern storage devices are quite reliable, but safety comes from not trusting them to be reliable - and make backups.
 

Offline AndyBeez

  • Frequent Contributor
  • **
  • Posts: 834
  • Country: cx
Re: SSD vs HDD for data security
« Reply #21 on: September 25, 2023, 02:46:53 pm »
Question:  is using a pair of SSDs in RAID 0 (striped) configuration, pure genuis or full scale stupid? For data security, do SSDs only ever need to be used in RAID 1 (mirrored) mode?
An iPhone is held together by glue. A Boeing 737 Max 9 is held together by angels.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 4868
  • Country: si
Re: SSD vs HDD for data security
« Reply #22 on: September 25, 2023, 03:00:30 pm »
The more analog levels you cram into ever smaller flash cells the more leaky they will become.
They do not become more leaky from cramming more analog levels. The issue is that even a small leak causes the problem reading the cell content correctly due to small difference between voltage levels. While SLC needs to just distinguish between 1 and 0. FWIW QLC NAND used as if it was SLC is just as good as real SLC.

Yep that is what i meant. The levels being closer together means the flash cell will take less time to leak enough to flip a bit.

Question:  is using a pair of SSDs in RAID 0 (striped) configuration, pure genuis or full scale stupid? For data security, do SSDs only ever need to be used in RAID 1 (mirrored) mode?

It is rarely a good idea to use SSDs in RAID 0. You can buy normal off the shelf consumer SSDs in M.2 that can do >10GB/s sequential speeds. It is hard to find a reason for needing more speed than that in any normal consumer setting. Doing RAID on drives this fast might actually negatively impact performance due to the overhead.
 

Offline metebalci

  • Frequent Contributor
  • **
  • Posts: 423
  • Country: ch
Re: SSD vs HDD for data security
« Reply #23 on: September 25, 2023, 04:31:30 pm »
There can be reasons to run raid0, it is not very different than HDDs, it might be a read only cache, you might want to combine the capacity of two drives, increase total iops etc. it depends on the need. Naturally you shouldnt keep something you really care on these drives.
 

Online Halcyon

  • Global Moderator
  • *****
  • Posts: 5591
  • Country: au
Re: SSD vs HDD for data security
« Reply #24 on: September 28, 2023, 01:13:41 am »
By this logic I can claim HDDs are very robust. Because my primary drive soon reaches 100 kh of 24/7 operation. Must be more than all Halcyon’s SSDs together. And its brother, which was turned off for some time,(1) is over 74 kh. Does it prove anything of use to OP? No, nothing.

Sharing personal experience is valuable. But c’mon: this is not putting a lot of single observations on a heap and hoping together they provide good information. It’s defending claims, not even disguised as something else. :(

We're talking about two very two different types of failure here. You're talking about potential failure due to wear, not data loss due to being in storage.

I think the lack of reliable, long-term testing basically leaves us with our own experiences many of us have gathered over the years. Until we can get some solid data, unfortunately anecdotal evidence is all we have at this point. Unless someone can point to some reliable studies that show that SSDs are less reliable than we think, I'm going to rely on my own observations.
« Last Edit: September 28, 2023, 01:15:24 am by Halcyon »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf