Ensure that your Microsoft Azure Storage blob objects have a sufficient soft deleted data retention period configured for security and compliance purposes. The retention period indicates the amount of time that soft deleted data is stored and available for recovery. Prior to running this rule by the Cloud Conformity engine, the required retention period must be configured within the rule settings, on the Cloud Conformity account dashboard. You can configure to retain soft deleted data for a time period between 1 and 365 days.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
You can configure the amount of time the soft deleted data is recoverable before it is permanently deleted. Having an optimal soft deleted data retention period set for Azure Storage blob objects (blobs and snapshots) will enforce your data recovery strategy to follow the best practices as specified in the compliance regulations implemented within your organization. Retaining blob soft deleted data for a longer period of time will allow you to handle more efficiently your data restoration process in the event of a failure.
Audit
To determine if your Azure Storage blob objects have a sufficient soft deleted data retention period configured, perform the following actions:
Remediation / Resolution
To configure the optimal soft deleted data retention period for your Azure Storage blob objects, perform the following actions:
References
- Azure Official Documentation
- What is Azure Blob storage?
- Introduction to Azure Blob storage
- Soft delete for Blob storage
- Azure PowerShell Documentation
- az storage account list
- az storage blob service-properties delete-policy show
- az storage blob service-properties delete-policy update