MySQL is an open source, object-relational database built with speed and reliability in mind. Its large and active developer community has created many third-party applications, tools, and libraries that expand MySQL’s functionality.
As a managed service provider, DigitalOcean provides stability and security to your database clusters. However, some best practices for database management still fall under the user’s responsibility. For example, while DigitalOcean takes full responsibility for hosting physical infrastructure and ensuring network security, users are responsible for managing client-side encryption, the database firewall, and access to data.
To ensure the security of your database clusters, the following shared responsibility model describes exactly which operations and security measures users are responsible for and which DigitalOcean is responsible for:
|User’s Responsibilities||DigitalOcean’s Responsibilities|
|Manage users and their permissions||Ensure physical security of servers and OS|
|Control network access through trusted sources||Provide backup and recovery options (PITR, restore from backup, fork databases)|
|Monitor database performance by creating alert policies||Monitoring via health checkups and auditing database logs|
|Add high availability and scalability||Provide standby and read-only nodes, automated failover|
|Protect cluster’s data (unauthorized access, data validation)||Encrypt data at rest (LUKS) and in transit (SSL)|
|Optimize databases and queries||Provide data durability and redundancy|
|Change variables via the DO API||Restart databases|