iCompaas Support

Profile Applicability:

• Level 1

Description:
 Soft Delete protects blobs and containers in Azure Storage by retaining deleted data for a configurable retention period. This feature allows recovery of deleted blobs or containers within the retention window, safeguarding against accidental or malicious deletions.

Rationale:
 Enabling Soft Delete minimizes data loss risks by providing a recovery option for deleted storage objects. It supports business continuity and compliance with data retention policies.

Impact:

Pros:

• Prevents permanent loss of data due to accidental or malicious deletions.
  

• Enhances recovery capabilities and data protection.
  

• Supports regulatory compliance.
  

Cons:

• May increase storage costs due to retained deleted data.
  

• Requires management of retention settings.
  

Default Value:
 Soft Delete is disabled by default and requires explicit activation.

Pre-requisites:

• Azure Storage Account with Blob service enabled.
  

• Permissions to configure blob service properties.
  

Remediation

Test Plan:

Using Azure Portal:

1. Sign in to https://portal.azure.com.
   

2. Navigate to the Storage Account.
   

3. Under Data Protection, verify that Soft Delete for blobs and containers is enabled and retention days are set.
   

Using Azure CLI:

1. Check soft delete settings:
   

   # az storage blob service-properties show --account-name --query deleteRetentionPolicy

2. Confirm enabled is true and retention days are configured.
   

Implementation Plan

Using Azure Portal:

1. Enable Soft Delete for blobs and containers in the Storage Account’s Data Protection settings.
   

2. Set an appropriate retention period (e.g., 7 days).
   

3. Save and validate the configuration.
   

Using Azure CLI:

1. Enable soft delete with retention days:
   

   # az storage blob service-properties update --account-name --enable-delete-retention true --delete-retention-days

2. Verify the setting.
   

Backout Plan

Using Azure Portal:

1. Disable Soft Delete if necessary.
   

2. Understand risk of permanent deletion without recovery option.
   

Using Azure CLI:

Disable soft delete:

# az storage blob service-properties update --account-name --enable-delete-retention false

References:

• Azure Blob Storage Soft Delete
  Data Protection for Azure Storage