iCompaas Support

Profile Applicability:

• Level 1

Description:
 Soft Delete for blobs in Azure Blob Storage protects against accidental or malicious deletion by retaining deleted blobs for a configurable retention period. During this period, deleted data can be recovered, enhancing data durability and availability.

Rationale:
 Enabling Soft Delete mitigates risks related to data loss due to unintended deletions or ransomware attacks. It supports business continuity and compliance by allowing recovery of deleted blobs within the retention window.

Impact:

Pros:

• Prevents permanent loss of blob data from accidental or malicious deletions.
  

• Supports disaster recovery and compliance requirements.
  

Cons:

• May increase storage costs due to retention of deleted data.
  

• Requires ongoing management of retention settings.
  

Default Value:
 Soft Delete is disabled by default on Azure Blob Storage and must be enabled explicitly.

Pre-requisites:

• Azure Storage Account with Blob service enabled.
  

• Permissions to modify blob service properties.
  

Remediation

Test Plan:

Using Azure Portal:

1. Log in to https://portal.azure.com.
   

2. Navigate to the Storage Account.
   

3. Under Data Protection, locate the Soft Delete settings for blobs.
   

4. Verify that Soft Delete is enabled and retention days are set.
   

Using Azure CLI:

Check soft delete settings:

az storage blob service-properties show --account-name <storage-account-name> --query deleteRetentionPolicy

1. Confirm enabled is true and retention days are configured.
   

Implementation Plan

Using Azure Portal:

1. Go to Storage Account Data Protection settings.
   

2. Enable Soft Delete for blobs.
   

3. Set the retention period (e.g., 7 days).
   

4. Save and validate.
   

Using Azure CLI:

Enable soft delete with retention period:

az storage blob service-properties update --account-name <storage-account-name> --enable-delete-retention true --delete-retention-days <days>

1. Confirm the setting.
   

Backout Plan

Using Azure Portal:

1. Disable Soft Delete if necessary by toggling off the feature.
   

2. Understand risk of permanent deletion after disabling.
   

Using Azure CLI:

Disable soft delete:

az storage blob service-properties update --account-name <storage-account-name> --enable-delete-retention false

References:

• Enable Soft Delete for Blobs
  

• Azure Storage Data Protection