Droplets

Data Security

As part of DigitalOcean’s shared responsibility model, you are responsible for securing data stored on our services.

For data security purposes, we recommend that you protect DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams to help maintain proper access for your services. We also recommend that you secure your data in the following ways:

• Enable 2fa by default

• Set up SSH keys, a VPC network, and a Certificate Authority (CA)

• Use SSL/TLS to communicate with DigitalOcean resources. We recommend TLS 1.2 or later.

• Consider the points in our Recommended Security Measures to Protect your Servers tutorial

Depending on your storage type (Managed Databases or Volumes), you can secure your data by implementing a firewall with UFW (Ubuntu) or firewalld (Red Hat, Rocky, or Fedora Linux).

Cloud Firewalls are a network-based, stateful firewall service for Droplets provided at no additional cost. Cloud firewalls block all traffic that isn’t expressly permitted by a rule.

Encryption At Rest

The virtual disks for Droplets stored on the hypervisor’s local storage are not encrypted at rest. Please refer to our Spaces and Volumes guides for storage encryption.

Encryption In Transit

Droplets use HTTPS and TLS by default.

Logging and Monitoring

DigitalOcean does not currently offer a logging service for Droplets. For more information on how to set up our free DigitalOcean Monitoring service for your Droplet, please refer to the Monitoring Quickstart guide.

Compliance

Droplets are audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request, please visit our Trust Platform Certifications page.

Infrastructure Security

As an infrastructure as a service offering, DigitalOcean maintains the security of the infrastructure the Droplets are hosted on. For more details, please review our Infrastructure Security Overview page.

Data Center Location Availability

Droplets are listed in our Droplets Availability guide. Utilizing multi-regions for redundancy is a best practice for your services.

Optimized Droplets utilize their own dedicated networking and computing resources, which creates a more resilient product and prevents downtime for you. This prevents you from being impacted by another customer’s usage of resources.