I want a server and is https://www.digitalocean.com/ secure for my data?
What kind of data? Theres been no indication that Digitial Ocean are deliberately compromising data and no indication of recent breaches that ive read.
They provide transparency reports https://www.digitalocean.com/legal/transparency/
This of course will only list data they can legaly release, and only data that they know about.
Server security is mainly a configuration thing. If you set up your server securely, and keep it updated, you'll most likely be fine.
"Security" has many different meanings. When talking about security in the sense of data availability, DigitalOcean is without doubt "secure". When talking about "not sharing your data", I think you'll be fine too (as said @Eden). Of course, there still exists something called the Patriot Act, but that rules out most VPS providers as the large ones seem to be US-based. Of course, since you are simply running Linux, you could run an encrypted file system, which would make it at least a bit harder (but certainly not impossible) to get your data.
Overall I think DigitalOcean is a reliable company. I have been a customer for years now, and I don't have one complaint. In the end it depends on the kind of data you want to store and the level of (possible) intrusiveness you'll want to accept.
Want a couple of months free? Use my referral link to sign up.
1 Like
Your right, but I would add that disk encryption on a server is often misunderstood. While I'm sure its possible to encrypt your DO server it might not provide the security as encrypting say a laptop.
This is simply because a server (for the most part) is always on, and that means that the key is in memory so if someone wanted to do an online attack of your server disk encryption won't help you. It would be like attacking any other server.
Disk encryption would help if DO copied your data and sent it somewhere or if you left the server powered off a lot.
Just understand that full disk encryption protects data-at-rest not when your droplet is powered up.
This link brings up some points I hadn't thought about:
Indeed why I added the "a bit harder (but certainly not impossible)" in my post. In general, anyone with access to the memory of a running system can do pretty much whatever they want. It just seems unlikely that they will to through the trouble of gathering in-memory encryption keys just to satisfy some Patriot Act request. They would need special software for that anyways.
To go a bit deeper again, disk encryption on a running virtual server makes less sense than on a bare metal system since the guest OS of a virtual server can have access to the memory of the virtual system, on a bare metal system you will need access to the running OS or some modified memory controller of some sort or other specialized part of hardware on the motherboard or system bus (e.g. PCIe). Which is unlikely since PCIe is generally not hot-pluggable (with the exception of Thunderbolt).
1 Like