Protect Azure Storage Blobs with soft delete

Soft delete is a recently introduced by Azure feature which when turned on, enables saving and recovery of the blob or blob snapshots data that was deleted. This feature is available in all regions for the public, government, and sovereign clouds.

How it works

The deleted data transitions into a soft-deleted state instead of being permanently erased. When the data is being overwritten a soft-deleted snapshot is generated to save the state of the overwritten data. Objects that are soft deleted become invisible and must be listed explicitly to be seen. An option is also available to set the amount of time that soft-deleted data is recoverable before it is permanently erased.

Soft-delete

The active data is displayed in blue color while the soft-deleted data is grey. More recently created data is beneath the older data. A soft-deleted snapshot of B0 is generated once B0 is overwritten with B1. As soon as the blob is generated B1 also moves into a soft-deleted state.

Soft delete allows protection for existing applications without having to make changes to them. Azure supports tiering blobs with soft-deleted snapshots. The snapshots will remain in the original storage tier and expire based on the retention period that has been configured.

Soft delete is turned off by default. The feature can be toggled on and off in the storage account. Object-level soft delete is available for all storage account types and all storage tiers, however, it does not protect against container or account deletions. See the Azure Resource Manager article to learn how to protect a storage account from accidental deletes.

Soft-deleted data is billed at the same rate as the active data. Check out the Azure Blob Storage Pricing Page for more details on the Azure Blob Storage pricing in general.

[su_note note_color=”#eeeeee” text_color=”#151212″]Pro Tip: Azure Blob Storage monitoring and automation.[/su_note]

Getting started

In the Azure Portal navigate to the “Soft delete” option under “Blob Service“, click “Enabled” and select the number of days the soft-deleted data should be retained.

Azure soft delete - Getting Started

Soft delete is also supported by the following libraries:

Soft delete is one solid part of a data protection strategy and helps prevent accidental data loss. It includes Azure Resource Manager locks as well as the ZRS, GRS, and RA-GRS replication tiers. If there is a chance of your data modified or deleted by an application or another storage account user it would be wise to turn soft delete on thus ensuring that accidentally deleted or modified blob data can be recovered.

Suggested reading

Ready to get started? Get in touch or schedule a demo.