Surprised it doesn't mention compliance frameworks as a culprit. NIST 800-88 calls for destruction if the data is highly sensitive and the drive is leaving the organization. Wrt risk management, it's not worth deviating from NIST.
I faced this same problem. My company policy required destruction of data before drives can leave the colo. I even had a hydraulic drive crusher in the cage to crush failed drives.
However. The Linux utility shred can do a multi-pass random rewrite followed by zeros. (That last is critical for the next step)
Then to verify, grab a random block and sum the data. If it’s not zero you crush the disk.
Bake that script into a NetBoot image, wipe the boot drive’s boot blocks and reboot.
I decommissioned about $5M worth of servers while preserving the disks. This preserved the hardware for reuse.
If you want to be sure send a random selection of the wiped drives to your data recovery team. They won’t be able to get anything back.
I always understood reserve storage to be one of the main concerns. Your disk might have decommissioned some sectors / flash cells without wiping(or being able to) wipe it.
The data you can pull if you bypass the drive controller e.g. by flashing custom firmware or desoldering flash chips is probably not zero.
This is the big one. I doubt anyone has any actual ability to recover anything usable from such drives, but the principle works and therefore to the grinder it goes.
Modern flash devices are supposed to be able to prevent this, the protocol has allowances for it, but I think the risk of stray data remaining on such drives is actually much higher than on HDDs, because there are a lot more relocations in SSDs than on spinning rust, and because you absolutely cannot trust the typical drive firmware to implement any of the parts of the spec that are not required for booting windows, even on supposed "enterprise" drives.
Minor nitpick: Data recovery team are not magicians, can also be lazy. And hacking techniques keep improving, so I'd never re-sell a drive that previously had highly valuable data.
I've heard from someone with a security clearance the DoD doesn't have an established and approved protocol for destruction, so in the meantime the drives are simply warehoused.
However. The Linux utility shred can do a multi-pass random rewrite followed by zeros. (That last is critical for the next step) Then to verify, grab a random block and sum the data. If it’s not zero you crush the disk.
Bake that script into a NetBoot image, wipe the boot drive’s boot blocks and reboot.
I decommissioned about $5M worth of servers while preserving the disks. This preserved the hardware for reuse.
If you want to be sure send a random selection of the wiped drives to your data recovery team. They won’t be able to get anything back.