Control: Azure > CIS v3.0 > 04 - Storage Accounts > 04.10 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
Configures auditing against a CIS Benchmark item.
Level: 1
The Azure Storage blobs contain data like ePHI or Financial, which can be secret or personal. Data that is erroneously modified or deleted by an application or other storage account user will cause data loss or unavailability.
It is recommended that both Azure Containers with attached Blob Storage and standalone containers with Blob Storage be made recoverable by enabling the soft delete configuration. This is to save and recover data when blobs or blob snapshots are deleted.
Containers and Blob Storage data can be incorrectly deleted. An attacker/malicious user may do this deliberately in order to cause disruption. Deleting an Azure Storage blob causes immediate data loss. Enabling this configuration for Azure storage ensures that even if blobs/data were deleted from the storage account, Blobs/data objects are recoverable for a particular time which is set in the "Retention policies," ranging from 7 days to 365 days.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v3.0
- Azure > CIS v3.0 > 04 - Storage Accounts > 04.10 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
- Azure > CIS v3.0 > 04 - Storage Accounts
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv3-0#/control/types/r0410
- tmod:@turbot/cis#/control/categories/v071004
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv3-0#/control/types/r0410"
Get Controls