The Case for Data Fortification
In the modern enterprise, data is the most valuable asset and the most targeted. Whether you are utilizing Azure Files for serverless file shares or Azure Blob Storage for unstructured data, simple storage is not enough. Resilience requires a security-first configuration.
This guide provides a blueprint for building a "digital vault" around your information. We will move beyond default settings to implement a multi-layered defense strategy — covering identity-based access, network isolation, and advanced encryption to ensure your cloud data remains locked down and compliant.
A. Create a storage account with high availability
Steps
1. In the Azure Portal, search for and select Storage accounts
2. Select + Create
3. For Resource group, select Create new and give your Resource group a name and press OK to create.
4. Set a unique Storage account name, keep other Defaults settings, then click Review + create.
5. Select create
6. Wait for the Deployment to complete then select Go to resource
7. In the storage account, under the Data management section, select the Redundancy blade and set it to Read-access Geo-redundant storage. Review the primary and secondary Location information.
8. In the Settings section of the storage account, select the Configuration blade and ensure Allow blob anonymous access setting is Enabled. Be sure to Save your changes.
Enabling this give anonymous access to the storage account(i.e it becomes a public account) and when it is Disabled, the access is denied and it becomes a private account
B. Create a blob storage container with anonymous read access
Steps
1. In the Data storage section of the storage account , select the Containers blade, then Select + Add container, give the container a name and Select Create.
2. Select the cointainer and open
3. On the Overview blade, select and open change access level
4. Ensure the Public access level is Blob (anonymous read access for blobs only) and then select OK.
C. Practice uploading files and testing access
Steps
1. In the container created, select Upload, click Browse for file and click Upload
Ensure your file is uploaded by closing the upload window and refresh.
2. Test the URL for your uploaded file by clicking the content Menu of the uploaded file in the container and copy the URL
3. Paste the URL in a new browswer tab and click enter to load
D. Configure soft delete for the storage account
Steps
1. Under Overview page of the storage account, check for properties and locate the Blob soft delete settings and check to confirm if Enabled
2. Change the Keep deleted blobs for (in days) setting to a perferred days and select Save. Note that you can also change the settings for your container if needed
3. Navigate to your container where you uploaded a file, select a file you uploaded, click the hamburger icon and then select and confirm delete.
4. On the container Overview page, toggle the slider Show active and deleted blobs. Select your deleted file and confirm Undelete.
Refresh the container and confirm the file has been restored
E. Configure blob versioning
Steps
1. from the Overview blade of the storage account, check Properties section and locate the Blob service section to check the Versioning setting.
2. Ensure the Enable versioning for blobs checkbox is checked and notice your options to keep all versions or delete versions after.
Don’t forget to Save your changes.
The Wrap-Up: Data Resilience in Action
You have successfully moved beyond a standard storage setup to a resilient, managed environment. By implementing these steps, you haven't just stored data; you’ve built a safety net around it. Whether it's ensuring your data survives a regional outage through Geo-redundancy or protecting against accidental human error with Soft Delete, your "Digital Vault" is now significantly more robust.
Key Takeaways
The "Oops" Protection: Soft Delete and Versioning are your ultimate insurance policies. They turn a potential data loss disaster into a simple "undelete" task.
Availability is Security: By choosing RA-GRS, you ensure your data remains readable even if an entire Azure region goes offline.
Public vs. Private: Remember that Anonymous Access is useful for public assets (like website images), but for sensitive enterprise data, always ensure this is set to Disabled to keep your vault private.
Top comments (1)
Neat work, welldone!