Droplets

Data Security

As part of DigitalOcean’s shared responsibility model, you are responsible for securing the data you store on our services.

For data security purposes, we recommend that you protect your DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams to help maintain proper access for your services. We also recommend that you help secure your data in the following additional ways:

• Enable 2fa by default

• Set up SSH keys, a VPC network, and a Certificate Authority (CA)

• Use SSL/TLS to communicate with DigitalOcean resources, we recommend TLS 1.2 or higher

• Consider the points in our Recommended Security Measures to Protect your Servers tutorial

Depending on your storage type (Managed Databases or Volumes), you can help to secure your data by implementing a firewall with UFW (Ubuntu) or firewalld (Red Hat, Rocky, or Fedora Linux).

Cloud Firewalls are a network-based, stateful firewall service for Droplets provided at no additional cost. Cloud firewalls block all traffic that isn’t expressly permitted by a rule.

Encryption At Rest

The virtual disks for Droplets stored on the hypervisor’s local storage are not encrypted at rest. Please refer to our Spaces and Volumes guides for storage encryption.

Encryption In Transit

Droplets use HTTPS and TLS by default.

Logging and Monitoring

DigitalOcean does not currently offer a logging service for Droplets. For more information on how to set up our free DigitalOcean Monitoring service for your Droplet, please refer to the Monitoring Quickstart guide.

Compliance

Droplets are audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request access to this report, please visit our Trust Platform Certifications page.

Infrastructure Security

As an infrastructure as a service offering, DigitalOcean maintains the security of the infrastructure that Droplets are hosted on. For more details, please review our Infrastructure Security Overview page.

Data Center Location Availability

Droplets are listed in our Droplets Availability guide. Utilizing multi-regions for redundancy is a best practice for your services. Under certain compliance regimes like the Health Insurance Portability and Accountability Act (HIPAA) in the United States, you may be required to build your services using a highly available configuration. If HIPAA is applicable to your business, please ensure you visit our HIPAA information site to learn more.

Optimized Droplets utilize their own dedicated networking and computing resources, which creates a more resilient product and helps to reduce downtime. This helps minimize the risk that you are impacted by another customer’s usage of resources.