As part of DigitalOcean’s shared responsibility model, you are responsible for securing data stored on our services.
For data security purposes, we recommend that you protect DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams to help maintain proper access for your services. We also recommend that you secure your data in the following ways:
Enable 2fa by default
Use SSL/TLS to communicate with DigitalOcean resources. We recommend TLS 1.2 or later.
Securely forward Functions logs
User-sensitive data, such as Functions code and sensitive params that are passed to the Functions environment, is stored at rest in encrypted volumes in the database.
Functions and App Platform integrations use HTTPS and TLS by default.
You can configure functions to forward console and error logs from the function to a third-party logging service. Functions support Papertrail, Datadog, and Logtail.
For more information on how to forward Functions logs for monitoring, please visit our How to Forward Logs Guide.
Functions is audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request, please visit our Trust Platform Certifications page.
As an infrastructure as a service offering, DigitalOcean maintains the security of the infrastructure the Droplets are hosted on. For more details, please review our Infrastructure Security Overview page.
Functions are listed in our Functions Availability guide. Utilizing multi-regions for redundancy is a best practice for your services.
Functions utilize their own dedicated networking and computing resources, which creates a more resilient product and prevents downtime for you. This prevents you from being impacted by another customer’s usage of resources.