As part of DigitalOcean’s shared responsibility model, you are responsible for securing data stored on DigitalOcean’s Volumes Storage service. To ensure data can only be accessed by the proper users and applications, we encourage you to secure and encrypt all data stored on Volumes to the appropriate level of your security requirements.
For data security purposes, we recommend that you protect your DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams and secure with two-factor authentication.
Data on Volumes is encrypted at rest, which reduces the risk of a data breach via malicious hardware access. If you are concerned about the privacy of the data stored on Volumes, and would not want this data accessible in the event of a data breach (e.g. Droplet SSH key is stolen), then you can create a file system in a LUKS encrypted disk on your Volume. This means that the disk will need to be decrypted by the operating system on your Droplet in order to read any data. For more information, please review our guide: How to Create an Encrypted File System on a DIgitalOcean Block Storage Volume.
Currently, we do not offer logging and monitoring services for Volumes. If you require additional logging and monitoring, please identify your requirements and consider third-party services like Papertrail, Logtail, or Datadog.
Volumes are audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request, please visit our Trust Platform Certifications page.
As an infrastructure as a service offering, DigitalOcean maintains the security of the infrastructure the Droplets are hosted on. For more details, please review our Infrastructure Security Overview page.
Volumes include a 99.99% uptime SLA as outlined in our Volumes Block Storage Service Level Agreement (SLA).