Networking
Data security
As part of DigitalOcean’s shared responsibility model, you are responsible for securing the data you store on our services.
For data security purposes, we recommend that you protect your DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams to help maintain proper access for your services. We also recommend that you secure your data in the following additional ways:
-
Enable 2fa by default
-
Use SSL/TLS to communicate with DigitalOcean resources, we recommend TLS 1.2 or higher
-
Following our VPC Best Practices Guide
You can configure cloud firewalls with varying layers of granularity to filter traffic to and from your Droplet’s services, such as only allowing inbound SSH connections from a specific range of IPs to your Droplet. These are called rules. Each firewall can have up to 50 total incoming and outgoing rules. A DigitalOcean Cloud Firewall can protect a maximum of 10 individual Droplets. A cloud firewall can protect more than 10 Droplets if the firewall is applied to an entire tag of Droplets.
You can create and apply cloud firewalls using the DigitalOcean Control Panel or API. You can also use third-party firewall software on your Droplets, such as UFW, iptables, or CSF, but they require some manual configuration and ongoing maintenance. You are solely responsible for the third-party firewall or software of any kind installed on your Droplet.
Encryption In Transit
Users can set up SSL passthrough to send encrypted SSL packets directly to the backend Droplet pool via VPC Network. This helps secure traffic between the Load Balancer and the backend droplets. You can integrate with the Let’s Encrypt Certificate.
Users can set up SSL termination, which decrypts SSL requests at the load balancer and sends them unencrypted to the backend via the Droplets’ private IP addresses. SSL termination places the slower and more CPU-intensive work of decryption on the load balancer and simplifies certificate management. Decrypted traffic between the load balancer and its Droplets is secured by routing over the VPC network.
Traffic between the LBaaS and the Droplet/DOKS nodes are no longer TLS encrypted. If you are a service reseller, hosting multiple customers in the same VPC will mean your customers are visible to one another in the VPC.
Under certain compliance regimes like the Health Insurance Portability and Accountability Act (HIPAA) in the United States, you may be required to encrypt certain data. If HIPAA is applicable to your business, please ensure you visit our HIPAA information site to learn more.
Logging and Monitoring
DigitalOcean does not currently offer logging and monitoring services for Networking. If your use case requires logging and monitoring, please consider third-party services like Papertrail.
Compliance
Networking products are audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request access to this report, please visit our Trust Platform Certifications page.
Infrastructure Security
As a platform as a service offering, DigitalOcean maintains the security of the infrastructure Networking products are hosted on. For more details, please review our Infrastructure Security Overview page.
Data Center Location Availability
VPC is available in all regions. You can create multiple, non-overlapping VPCs in the same region.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.