Spaces

Data Security

As part of DigitalOcean’s shared responsibility model, you are responsible for securing the data you store on our services. To ensure data can only be accessed by the proper users and applications, we encourage you to secure and encrypt all data stored on Spaces to the level appropriate to help you meet your security requirements.

For data security purposes, we recommend that you protect your DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams, secured with two-factor authentication, to help maintain proper access for your services. We also recommend that you secure your Spaces data in the following additional ways:

• Set appropriate File permissions and File listing permissions

• Review our Administrative Access Management Guide

• Use AWS v4 Signature to authenticate requests

Encryption At Rest

Data on Spaces is encrypted at rest, which helps to minimize the risk of a data breach via malicious hardware access. If you are concerned about the privacy of the data stored on Spaces, and would not want this data accessible in the event of a data breach, then you should also encrypt the data using the s3cmd encrypt flag.

Encryption In Transit

Spaces use HTTPS and TLS by default for data transmitted between Spaces and your application.

Key Management

We provide you with one or more Access Keys, which are required to be used to access the data if the data is not marked as Public. You are responsible for safeguarding those keys to ensure that only the appropriate users and applications have the appropriate access. For more information, please refer to How to Manage Administrative Access to Spaces.

Logging and Monitoring

DigitalOcean does not currently offer logging and monitoring services for Spaces. If your use case require additional logging and monitoring, please consider third-party services like Papertrail, Logtail, or Datadog.

Compliance

Spaces is audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request access to this report, please visit our Trust Platform Certifications page.

Infrastructure Security

As an infrastructure as a service offering, DigitalOcean maintains the security of the infrastructure that Spaces is hosted on. For more details, please review our Infrastructure Security Overview page.

Data Center Location Availability

Spaces regional availability is shown in our Spaces Availability guide. Utilizing multi-regions for redundancy is a best practice for your services. Under certain compliance regimes like the Health Insurance Portability and Accountability Act (HIPAA) in the United States, you may be required to build your services using a highly available configuration. If HIPAA is applicable to your business, please ensure you visit our HIPAA information site to learn more.