Securing Storage and Microsoft AZ-104 Certification Exams Configuring Azure Blob storage,Exams of Microsoft AZ-104,Further reading,Microsoft AZ-104 Exams,Working with SAS tokens Blob data protection – Securing Storage

Blob data protection – Securing Storage

2022-07-102022-07-10| Veronica HernandezVeronica Hernandez| 0 Comment| 3:12 AM
Categories:

Blob data protection

Blob data protection is a mechanism that assists with the recovery of data in the event of data deletion or being overwritten. The implementation of data protection is a proactive stance to securing data before an incident occurs. Azure Storage provides the capability of protecting data from being deleted or modified, as well as the restoration of data that has been deleted or modified. Soft delete for containers or blobsenables the preceding capability to restore data based on the period chosen to retain deleted data, where the default configuration is 7 days. When you restore a container, the blobs, as well as the versions and snapshots, are restored.

Blob versioning

Blob versioning enables a blob to maintain several versions of the object, which can be used for restoring blob data as the version captures the current state of the blob upon being created or modified. This operation is run automatically when blob versioning is enabled.

Immutable storage

Immutable storage, often referred to as Write Once, Read Many (WORM), can be configured on blob storage. This is often used to protect datafrom accidental deletion or overwrites. Many times, there are legal requirements to manage data in this manner. It is always advised to understand your organization’s governance requirements regarding data to ensure you comply with the governance standards required and in place.

Immutable storage can be configured with two types of policies:

  • Time-based retention policies: Data objects are managed against a time policy, for the duration that the active policy data follows WORM, but after the expiration of this, data may be deleted but not overwritten.
  • Legal hold policies: Data is held in WORM state until the legal hold policy is explicitly cleared. This is often for litigation requirements.

Top Tip

Container soft delete can only restore the entire container with all the contents, not individual blobs. To achieve blob-level recovery capability, soft delete for blobs should be enabled.

Storage account deletion

There are circumstances where you may delete a storage account and identify that you need to recover the data. There are instances where the storage account can be recovered provided the account was deleted in less than 14 days. The following requirements would also need to be adhered to:

  • The storage account was created using the ARM model.
  • A storage account with the same name was not provisioned since the deletion of the storage account in question.
  • The user performing the recovery has the appropriate permissions.

You can read more about this here: https://docs.microsoft.com/en-us/ azure/storage/common/storage-account-recover.

Next, we will look at the creation and configuration of the Azure File Sync service.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post