Blob Storage - proof of data destruction

Thomas Capacci 0 Reputation points
2023-08-20T10:57:30.9933333+00:00

Hi

We have 2 Blob containers that we need to secure delete and give a report of deletion to a 3rd party. We use Blancco for servers, how can we do it for Blob storage?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,114 questions
{count} votes

2 answers

Sort by: Most helpful
  1. AirGordon 7,120 Reputation points
    2023-08-20T11:50:55.61+00:00

    I suppose it would depend on what the 3rd party defines as satisfactory evidence.

    You could provide the audit logs from AzureActivity to show that the DELETE's have been made... However if the storage account implemented soft-delete or backup, then you might also have to provide configuration evidence of the retention periods setup for these features.

    For more information of capturing DELETE logs, see: https://learn.microsoft.com/en-us/azure/governance/resource-graph/how-to/get-resource-changes?tabs=azure-cli#understand-change-event-properties.

    0 comments No comments

  2. Ramya Harinarthini_MSFT 5,346 Reputation points Microsoft Employee
    2023-08-22T09:22:15.0333333+00:00

    Hi Thomas Capacci

    Welcome to Microsoft Q&A, thank you for posting your here!

    To secure the deletion of blob and containers of the Storage account enable soft delete feature.

    Turn on soft delete for blobs Soft delete for blobs enables you to recover blob data after it has been deleted. For more information on soft delete for blobs, see Soft delete for Azure Storage blobs. -
    Turn on soft delete for containers Soft delete for containers enables you to recover a container after it has been deleted. For more information on soft delete for containers, see Soft delete for containers. -
    Lock storage account to prevent accidental or malicious deletion or configuration changes Apply an Azure Resource Manager lock to your storage account to protect the account from accidental or malicious deletion or configuration change. Locking a storage account does not prevent data within that account from being deleted. It only prevents the account itself from being deleted. For more information, see Apply an Azure Resource Manager lock to a storage account.

    To report the deletion of blob you can enable storage diagnostics on the Storage account.

    User's image

    User's image

    User's image

    
    StorageBlobLogs | where OperationName == "DeleteBlob" and StatusCode == 202 | project TimeGenerated, AccountName,AuthenticationType,AuthenticationHash,parse_json(parse_json(AuthorizationDetails)[0].principals)[0].id 
    

    We can see the objectId and the authentication type is Oauth. The first 2 examples are SAS key authentication and we can only see what key is being used.[enter image description here

    ](https://i.stack.imgur.com/xX9jL.png)

    Reference Article:https://learn.microsoft.com/en-us/azure/storage/common/storage-analytics

    Hope this helps!
    Kindly let us know if the above helps or you need further assistance on this issue.


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.