With the new immutable storage release, feature blobs will be non-erasable and non-modifiable for a specific retention interval. Microsoft announced that this new feature is generally available in all public Azure regions after its preview since June of this year.
Microsoft added the support for immutable storage to help customers comply with industry standards like SEC 17a-4(f), CFTC 1.31©-(d), and FINRA. Furthermore, customers will get maximum data protection in the Azure Blob Service – no user or administrator can modify or delete data. The immutable storage feature also enables customers to store sensitive information critical to litigation, criminal investigation, and more in a tamper-proof state for the desired duration.
According to the announcement, immutable storage provides:
- Time-based retention policy support: Users set policies to store data immutably for a specified interval of time.
- Legal hold policy support: When the retention interval is not known, users can place legal holds to store data immutably until the legal hold is cleared.
- Support for all Blob tiers: Write-Once-Read-Many (WORM) policies are independent of the Azure Blob Storage tier and will apply to all the tiers, hot, cool and archive – allowing customers to store the data in the most cost-optimized tier for their workloads while maintaining the data immutability.
- Blob Container level configuration: Immutable storage for Azure Storage Blobs allows users to configure time-based retention policies and legal hold tags at the container level. Users can create time-based retention policies, lock policies, extend retention intervals, set legal holds, clear legal holds etc. through simple container level settings. The policies apply to all the Blobs in the container, both existing and new Blobs.
Customers can enable the immutable storage feature when provisioning a General Purpose V2 Storage account or Blob Storage Account, and creating a container using the Azure Portal, Azure CLI 2.0, or PowerShell. When using the portal, a user can add a policy under the immutable blob for legal hold or retention period. Subsequently, the user can set a lock on the policy when there’s a fixed retention period or add tags for legal hold.
For developers, several libraries are available supporting the immutable storage. These libraries are the .net Client Library (version 7.2.0-preview and later), the node.js Client Library (version 4.0.0 and later), the Python Client Library (version 2.0.0 and later) and the Java Client Library. Furthermore, preview support in CLI 2.0, and PowerShell (version 4.4.0-preview) is available with production support coming very soon, according to the announcement. Developers can also directly use the Storage Services REST API using version 2017-11-09 or later.
With the addition of immutable storage, the feature set of Azure Storage further expands after the previous archiving feature. HubStor, a Microsoft Partner, offers services on top of the Azure Storage Service for Enterprises to manage and protect their mission-critical unstructured data. They provided support for past features like archiving and now offer support for immutable storage. Furthermore, with the integration of immutable storage their customers can benefit from the extra assurance of the more secure state of their data. Brad Janes, VP of product management at HubStor, said in a MENAFN article about the feature:
Immutable Storage for Microsoft Azure Blobs with HubStor is a great example of how the cloud delivers transformation because it is a more convenient and affordable way to deliver WORM storage compared to traditional hardware-centric approaches on premises.
Pricing for immutable data is the same as for mutable data, hence there is no additional charge for using the immutable storage feature. For more details on pricing, see the Azure Storage Pricing page.