~ 3 min read

How misconfigurations in your DigitalOcean Cloud leave your security compromised

Cloud misconfigurations in DigitalOcean can have a devastating effect on businesses. If an organization doesn't apply the proper security measures when using DigitalOcean's cloud, data can be leaked and malicious activity can be carried out that harms the business. This can be especially damaging to smaller businesses and start-ups, where a misconfiguration can quickly consume a significant portion of their budget.

DigitalOcean is becoming the cloud of choice for many modern engineering teams

DigitalOcean which started as a simple Virtual Private Server (VPS) hosting service has transformed itself into a full-blown Infra As A Service (IaaS) cloud provider.

Teams are using DigitalOcean for variety of workloads like hosting high performance websites, Kubernetes clusters, data scrapping workloads, and more. The combination of generous bandwidth and easy to understand pricing is a clear draw for most of us.

DigitalOcean like any other cloud needs security but there is a lot of work to be done

Cloud misconfigurations in DigitalOcean can have a devastating effect on businesses. If an organization doesn’t apply the proper security measures when using DigitalOcean’s cloud, data can be leaked and malicious activity can be carried out that harms the business. This can be especially damaging to smaller businesses and start-ups, where a misconfiguration can quickly consume a significant portion of their budget.

Four things that are missing for DigitalOcean cloud security

Cloud is a dynamic ever evolving domain. While DigitalOcean has already become a widely used Cloud Service Provider (CSP) the security tooling and benchmarks haven’t kept pace.

1. Missing CIS Benchmarks for DigitalOcean Cloud

No CIS Benchmarks for DigitalOcean Cloud

Major cloud providers have security benchmarks. We can use these benchmarks to setup our cloud account with the minimum baseline security standard to begin with. Once the account has baseline security, we can watch out for any configuration changes that may make it insecure. This continuous verification of security benchmark is a tried and tested approach to ensuring security when it comes to rapidly changing environments.

2. Missing fine-grained Identity and Access Management Permissions

DigitalOcean lacks fine-grained IAM permissions. These permissions allow for separation of privileges, isolation of various functions and workloads and more. Using IAM permissions as a framework, teams are able to create a deny=all, and allow select policies for access and control.

Currently any user in the DigitalOcean Cloud account can view, and edit resources across projects. We are hopeful that in the near future these fine grained IAM permissions will be available in DigitalOcean.

3. Missing CIS Benchmarks for DigitalOcean Managed Kubernetes

DigitalOcean runs a CNCF certified managed Kubernetes service. While the standard CIS Kubernetes benchmark should be applied for setting up a secure baseline, this too is not yet covered with a CIS Benchmark.

4. DigitalOcean Spaces are easy to misconfigure

DigitalOcean Spaces are easy to misconfigure

It is very easy to misconfigure a DigitalOcean Space bucket. We have seen the damage public S3 buckets in AWS have caused. Usability is desirable but in this case, too many folks end up victims of data theft, ransomware, and hacking due to configuration mistakes.

Engineers using DigitalOcean need to have visibility of their services and security misconfigs

Kloudle recognizes that engineers aren’t waiting around for security to catchup. Which is why it offers visibility of 20 cloud services of DigitalOcean. It can set the security baseline and continuously verify security of 50+ configurations. Kloudle’s customers get the most comprehensive cloud security coverage for their DigitalOcean cloud accounts. Kloudle covers the managed Kubernetes by DigitalOcean as well.

Sign up for a free trial and build your DigitalOcean Cloud security baseline

If the security of your DigitalOcean cloud account worries you try out Kloudle for free. We offer a 7-day free trial. Read more about how to onboard your DigitalOcean to Kloudle and get your security score in 30 minutes.

;