locked
Azure Immutable Block Blob Storage RRS feed

  • Question

  • Hello

                 I want to use azure Immutable blob storage for backing up on prem data. the reason I want to use it to protect it from ransomware kind of attack. in case my on Prem data is compromised and I have Immutable storage configured with time lock in it I think it cannot be encrypted by ransomware attack. Correct?

    In case I have to restore from Immutable blob storage Hot tier. Is it possible while it is locked?

    Please help

                 

    Thursday, February 6, 2020 9:09 PM

Answers

  • Immutable storage remains readable.

    You also have the option of using soft-delete option if you want to be able to modify the data

    hth
    Marcin

    • Marked as answer by Punditji Monday, February 10, 2020 6:44 PM
    Thursday, February 6, 2020 11:24 PM

All replies

  • Immutable storage remains readable.

    You also have the option of using soft-delete option if you want to be able to modify the data

    hth
    Marcin

    • Marked as answer by Punditji Monday, February 10, 2020 6:44 PM
    Thursday, February 6, 2020 11:24 PM
  • Can you elaborate on readable.

    Does that mean I can restore from it?

    Friday, February 7, 2020 12:58 AM
  • There is no need to perform a "restore" . Immutable storage is accessible directly - without having to perform a restore (such as the restore process required when dealing with backups). 

    You can read it - but you cannot modify it. 

    More at https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage

    hth
    Marcin

    Friday, February 7, 2020 1:43 AM
  • When I say restore I meant in a scenario my on prem data is not accessiable due to ransomware and I have backup copies in immutable blob storage in azure will I be able to restore my on prem servers/machines etc with the Backup Vendor with which I have been running backups and created secondary copy in immutable blob storage?
    Friday, February 7, 2020 2:08 AM
  • @Punditji As I understand you want to backup/restore data which are kept in Blob i.e "Immutable" storage when your on-premises data isn't accessible am I correct?

    Only unlocked time-based retention policies can be removed from a container. Once a time-based retention policy is locked, it cannot be removed; only effective retention period extensions are allowed. Legal hold tags can be deleted. When all legal tags are deleted, the legal hold is removed. 

    Once a policy is locked it cannot be deleted/unlocked, only extensions of the retention interval will be allowed. Blob deletes and overrides are not permitted. 

    Immutable storage puts data in WORM state for controlled access! If you want to backup you data then you could look to cold or archive tier storage for offloading not used often data.

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.
     ------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Friday, February 7, 2020 9:19 AM
  • Azure BLOB is immutable, is here already explained. It works as “Write Once Read Many”. Actually, such protection should be enough against most “untargeted” ransomware attacks. You can still increase security of your backups using cross-cloud backup solutions and VTLs.

    Friday, February 7, 2020 11:06 AM
  • "When I say restore I meant in a scenario my on prem data is not accessiable due to ransomware and I have backup copies in immutable blob storage in azure will I be able to restore my on prem servers/machines etc with the Backup Vendor with which I have been running backups and created secondary copy in immutable blob storage?"

    You simply copy it back

    hth
    Marcin

    Friday, February 7, 2020 11:49 AM
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Monday, February 10, 2020 6:12 PM