I'm new to the world of sever side development and want to make sure my sever is secure.

I have already taken a few steps to beef up security:
1) I use SSH keys
2) I have installed fail2ban
3) I have set up IP tables
4) I have followed the 'how to secure MySQL' tutorial

Are there any other steps I should/could be taking to improve security?

My VPS is running ubuntu and have Java, Tomcat and MySQL installed. I use my server to run a mobile android app.

Thanks so much!