In my last post about using the Azure Advisor for a review of services and their configuration used in Azure, I immediately went to address the high impact (or red) recommendations. Naturally, I then was to look at the medium recommendations and one of them caught my eye for one of my storage accounts: “Enable Soft Delete to protect blob data.” This had me thinking, what is soft delete? How and where should it be used. Here is the medium impact recommendation:
So to get my head around this, I had to do some education first of all on Azure Blob Soft Delete. This was initially something I had to think about as “the other” popular object storage doesn’t have the same characteristics. Specifically, with S3 objects can be stored, retrieved and deleted (I’m simplifying things here). What I would think of as a modification, is actually a new object (ideally with the previous one being deleted). Azure on the other hand has a different set of commands, including append block. This is one area where the two popular object storages are quite different. It would be nice to have a comparison of what all of the popular object storage services do, but that will have to be another day.
Back to the question, what is Azure Blob Soft Delete and should I use it? Well let’s first see what it does. Soft Delete is targeted to allow you to “more easily recover your data when it is erroneously modified or deleted”. This sounds intriguing. Soft Delete is off by default, which is why it came in as a medium impact recommendation on this storage account. Note, this only applies to storage accounts with any type of blob data except it does not provide overwrite protection for blobs in the archive tier. In the figure below, I can enable soft delete, with a nice slider of retention (it goes from 1 to 365 days):
There are a number of considerations and analogies that I am immediately drawing to this. It feels a lot like a storage snapshot from back in the day of on-premises storage. This draws an immediate parallel. It’s nice to have a storage snapshot, but do you know what to do with it. Same logic comes up here with Azure Blob Soft Delete – do you know what to do with it? Now, it is completely API-exposed, so if you have an application using Azure Blob storage – and it supports soft delete – you have an opportunity to do some good. If not, some of my cautions come into play. Namely cost. Azure Blob Soft Delete has a price equal to the blob. Therefore, if something changed every day and you keep it for 7 days (the default), the blob storage would multiply by 7.
Azure Blob Soft Delete keeps a “soft deleted snapshot” of the blob data as data changes, with each iteration of the blob. This also will keep the blobs per the retention policy (between 1 and 365 days) indicated by the grey blobs. This is visualized in the figure below:
There is no specific right answer to the question of if you should use soft delete. My personal advice is to be sure you can use the soft deleted blobs if you have it enabled. Whether it is via an application that is aware of the undelete blob or a manual process of using the soft deleted blobs, be sure that you can actually use them – otherwise it is the cost of soft delete will not be worth it if you have no mechanism to use it.
Do you use Azure Blob Soft Delete? If so, share your comments below.