Data security

In general

We work hard to protect your personal data from unauthorized or unlawful access, alteration, disclosure, use or destruction. That way, unauthorized persons do not have access to your data. We take the following measures to protect your personal data:

• Encryption of digital files that contain personal data
• Secure network connections with Secure Socket Layer (SSL) technology or a technology that is similar to SSL
• The access to the data is limited to the persons that need the data
• Daily back-ups of data, Employee confidentiality statements, Data Processor Agreements and NDAs with Third parties

Physical Security

Our data is being stored in some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by our datacenter facilities includes but is not limited to:

• 24/7 Physical security guard services
• Physical entry restrictions to the property and the facility
• Physical entry restrictions to our co-located datacenter within the facility
• Full CCTV coverage externally and internally for the facility
• Biometric readers with two-factor authentication
• Facilities are unmarked as to not draw attention from the outside
• Battery and generator backup
• Generator fuel carrier redundancy
• Secure loading zones for delivery of equipment

Infrastructure Security – Digital Ocean AMS3

DigitalOcean’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.

Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

Access logging – Digital Ocean AMS3

Systems controlling the management network at DigitalOcean log to our centralized logging environment to allow for performance and security monitoring. Our logging includes system actions as well as the logins and commands issued by our system administrators.

Droplet Security & Employee Access

The security and data integrity of customer Droplets is of the utmost importance at DigitalOcean. As a result, our technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.

Snapshot and Backup Security

Snapshots and Backups are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can directly manage the regions where their snapshots and backups exist which allows the customer to control where their data resides within our datacenters for security and compliance purposes.

ISO/IEC 27001:2013 Certification

DigitalOcean is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, DigitalOcean has demonstrated a commitment to protecting sensitive customer and company information. That commitment doesn’t end with a compliance framework, but is necessary baseline for security.

Datacenter Colocation Attestations and Certifications

All of our datacenters are independently audited and/or certified by various internationally-recognized attestation and certification compliance standards. Many of the SOC reports and certifications listed below are available if a signed NDA is in place between DigitalOcean and our customer.

Below is the list of our datacenters and the associated most commonly requested attestations / certifications. To request a NDA for a SOC report / certificate listed below, or if you have any other compliance related questions please contact our Customer Support team here.