Some workloads, such as . SQL Backup to URL, create a blob, and then add it. If a container has an active time retention policy or a legal lock, this template fails. Legal hold: Immutable storage for blobs allows users to store sensitive information critical to litigation or business use in a tamper-proof state for the desired amount of time until the lock is lifted. Not only is this feature limited to legal use cases, but it can also be considered an event-based suspension or an enterprise lock that requires data protection based on event triggers or company policies. 08 On the Access Policy Configuration page, under Immutable Blob Storage, click Add Policy to add one or both of the required immutable storage retention policies. A blob container can have a time-based retention policy and a legal lock at the same time. All data in the specified container remains in the immutable state until all legal retention periods are deleted, even if their effective retention period has expired. On the other hand, a blob can remain in an immutable state until the effective retention period expires, even if all legal retention periods have been released: financial services companies regulated by the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), the Financial Industry Regulatory Authority (FINRA), the Investment Trade Regulatory Organization of Canada (IIROC), the Financial Conduct Authority (FCA). and others are required to keep business-related communications in a write-once-read-many (WORM) or immutable state that ensures they are not erasable and cannot be modified for a given retention interval. The requirement for immutable storage is not limited to financial organizations, but also applies to industries such as healthcare, insurance, media, public safety, and legal services.
In today`s article, I want to talk about what WORM storage is and how it can help with compliance and security. With the recent addition of WORM storage in Azure, Microsoft supports immutable storage with its blob storage accounts, so that various regulated industries and legal situations can be properly supported in Azure. The following diagram shows how time-based retention policies and legal retention requirements prevent writes and deletions while they take effect. If you enable software removal of blobs and then configure an immutability policy, all blobs that have already been software-removed will be permanently deleted after the software deletion retention policy expires. Blobs deleted in set mode can be restored during the software wipe retention period. A blob or version that has not yet been removed software is protected by the immutability policy and cannot be removed software-based until the time-based retention policy has expired or the legal lock has been lifted. Once version-level immutability is enabled for a storage account or container, you cannot set a legal holdback at the container level. Legal restrictions must apply to individual blob versions. A legal lock can be configured for the current or earlier version of a blob. If software removal of blobs is configured for a storage account, it applies to all blobs in the account, regardless of whether a legal or temporal retention policy is in effect.
Microsoft recommends that you enable software removal for additional protection before you apply immutability policies. Depending on the scope, you can configure both a time-based retention policy and a legal hold for a resource (container or blob version). Creating, modifying, or deleting a time retention policy or legal record for a blob version incurs a write transaction fee. Ensure that immutable blob storage is enabled for Microsoft Azure Storage blob containers that contain sensitive and business-critical information. You can use immutable blob storage to store critical production data objects in the Write Once, Read Many (WORM) state. This state renders the data indelible and cannot be changed during a user-specified time interval. Azure blobs can be created and read for the duration of the configured retention interval, but cannot be edited or deleted. The feature supports two types of policies that you can apply to a container to store data in the specified container in an immutable, deletion-protected state:1. A time-based immutability policy – this policy can be used for regulatory compliance to block data for future processing. After the policy is locked, it cannot be unlocked.2.
A legal retention policy: This allows you to set an unlimited lock on all blobs in a container. If a legal lock is set, the container data is placed in a delete-protected state and a change-protected state. 03 Run the storage container list command (Windows/macOS/Linux) using the name of the storage account that you want to examine as an identifier parameter and custom query filters to describe the configuration status of immutable storage retention policies (that is, the time-based immutability policy and the legal retention policy) configured for each blob container that is in the selected storage account. is available: If the container has an existing legal archive at the container level, it cannot be migrated until the legal retention system has been removed. If version-level immutability policy support has not been enabled for a storage account or container, all immutability policies are limited to the container. A container supports an immutability policy and a legal lock. Policies apply to all objects in the container. 02 Go to the Azure Storage Accounts blade under portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Storage%2FStorageAccounts. HubStor is a storage software company that unleashes the power of the cloud for intelligent data management.
Organizations use HubStor to manage and protect their critical unstructured data. HubStor`s integration with Azure Immutable Blob Storage provides regulated organizations with a convenient approach to addressing cloud compliance retention requirements for workloads such as messaging, voice, control recordings, protocols, and medical images. Today, HubStor is used by brokerage firms, hedge fund managers, mortgage lenders, life sciences companies, medical device manufacturers, and state and local government agencies to ensure immutable privacy for various legal and regulatory requirements.