Financial Services organizations regulated by the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), Financial Industry Regulatory Authority (FINRA), Investment Industry Regulatory Organization of Canada (IIROC), Financial Conduct Authority (FCA), and more are required to retain business-related communications in a Write-Once-Read-Many (WORM) or immutable state that ensures they are non-erasable and non-modifiable for a specific retention interval. The immutable storage requirement is not limited to financial organizations but also applies to industries such as healthcare, insurance, media, public safety, and legal services.
Today, we are excited to reveal the general availability of immutable storage for Azure Storage Blobs to address this requirement. The feature is available in all Azure public regions. Through configurable policies, users can keep Azure Blob storage data in an immutable state where Blobs can be created and read, but not modified or deleted.
Typical applications include:
- Regulatory compliance: Immutable storage for Azure Blobs is designed to help financial institutions and related industries address SEC 17a-4(f), CFTC 1.31©-(d), FINRA etc. A technical whitepaper with details on how the feature addresses these regulatory requirements is downloadable now via the Service Trust Portal. The Azure Trust Center contains detailed information about our compliance certifications.
- Secure document retention: Users receive maximum data protection as the immutable storage feature for Azure Blobs service ensures that data cannot be modified or deleted by any user including those with account administrative privileges.
- Legal hold: Immutable storage for Azure Storage Blobs enables users to store sensitive information critical to a litigation, criminal investigation, and more in a tamper-proof state for the desired duration.
Immutable storage for Azure Storage Blobs enables:
- Time-based retention policy support: Users set policies to store data immutably for a specified interval of time.
- Legal hold policy support: When the retention interval is not known, users can set legal holds to store data immutably until the legal hold is cleared.
- Support for all Blob tiers: WORM policies are independent of the Azure Blob Storage tier and will apply to all the tiers, hot, cool and archive. This allows customers to store the data in the most cost-optimized tier for their workloads while maintaining the data immutability.
- Blob Container level configuration: Immutable storage for Azure Storage Blobs allows users to configure time-based retention policies and legal hold tags at the container level. Users can create time-based retention policies, lock policies, extend retention intervals, set legal holds, clear legal holds etc. through simple container level settings. The policies apply to all the Blobs in the container, both existing and new Blobs.
Immutable data is priced in the same way as mutable data and there is no additional charge for using this feature. Please refer to the Azure Storage Pricing page for the related pricing details.
How to get started
To use this feature, create a GPv2 or Blob Storage Account through the Azure Resource Manager. For more details on how to enable this feature, please refer to the immutable storage for Azure Storage Blobs documentation.
Immutable Storage for Azure Storage Blobs is supported in the Azure Portal, the .net Client Library (version 7.2.0-preview and later) the node.js Client Library (version 4.0.0 and later), the Python Client Library (version 2.0.0 and later) and the Java Client Library. Preview support is available in CLI 2.0, and PowerShell (version 4.4.0-preview) with production support coming very soon.
You can also directly use the Storage Services REST API. This feature is supported on Blob Service REST API version 2017-11-09 and later and on Azure Storage Resource Provider REST API version 2018-02-01 and later. In general, we always recommend using the latest versions regardless of whether you are using the feature or not.
We integrate with a broad ecosystem of partners to jointly deliver solutions to our customers. The following partners support Immutable storage for Azure Storage Blobs:
17a-4, LLC is a compliance technology and consulting company focused on the retention of electronic compliance records. DataParser is 17a-4’s widely adopted software solution to bring regulated data into compliance archives and can be used to collect, format and deliver records to Azure Blob immutable storage. “We think many of our clients will take advantage of the Azure Storage tiers - hot, cool and archive - to keep regulated records in WORM compliance in a cost-effective and efficient manner. Our DataParser can be a helpful tool in this process, collecting various data sources for delivery to Azure Blob storage,” said Douglas Weeden, Director of Compliance, 17a-4, LLC.
In keeping the industry lead in supporting Azure, Commvault is excited to announce our integration with Immutable Storage for Azure Blobs. Financial institutions and others with highly sensitive data that needs to be retained in a non-erasable and non-rewritable state can rely on Commvault with this new support for immutable data on Azure Blob Storage. This is vital to an organization’s ability to meet stringent regulatory requirements like SEC Rule 17a-4(f), FINRA Rule 4511(c), and the principles-based requirements of CFTC Rule 1.31(c)-(d).
HubStor is a storage software company that unlocks the power of the cloud for intelligent data management. Enterprises use HubStor to manage and protect their mission-critical unstructured data. HubStor’s integration with Azure Immutable Blob Storage offers a convenient approach for regulated organizations to satisfy compliance retention requirements in the cloud for workloads such as email, voice, fiscal records, logs, and medical images. Today, HubStor is used by broker-dealer firms, hedge fund managers, mortgage lenders, life sciences companies, medical device manufacturers, and State and Local Government agencies to deliver immutable data protection for various legal and regulatory requirements. Learn more about HubStor’s integration announcement.
Archive2Azure, the intelligent data management and compliance archiving solution, provides customers with a native Azure archiving application for their structured, semi-structured, and unstructured data. Archive2Azure enables companies to provide automated retention, indexing on demand, encryption, search, review, and production for long-term archiving of their compliance, active, low-touch, and inactive data from within their own Azure tenancy. The pairing of the Azure Cloud with Archive2Azure's archiving and data management capabilities provide companies with the low-cost cloud-based security and information management they have long sought. With the general availability of Azure's much anticipated Immutable Blob Storage offering, the needed immutability, security, and lower cost to archive and manage regulated data for extended periods are now possible. With the availability of the new Immutable Blob Storage, Archive2Azure can now offer Azure’s full range of storage tiers providing users a wide choice of storage performance, cost, and regulatory compliance.
We’re confident that immutable storage for Azure Storage Blobs will provide another critical element for optimizing your organization’s cloud data storage and compliance strategy. We look forward to hearing your feedback on this feature, please email us at AzureStorageFeedback@microsoft.com.