Shared Responsibility Model

OpenSearch is an open-source search and analytics suite which serves as a centralized location to manage logs forwarded from other resources, such as databases and Droplets.

As a managed service provider, DigitalOcean provides stability and security to your database clusters. However, some best practices for database management still fall under the user’s responsibility. For example, while DigitalOcean takes full responsibility for hosting physical infrastructure and ensuring network security, users are responsible for managing client-side encryption, the database firewall, and access to data.

To ensure the security of your database clusters, the following shared responsibility model describes exactly which operations and security measures users are responsible for and which DigitalOcean is responsible for:

User’s Responsibilities DigitalOcean’s Responsibilities
Manage users and their permissions Ensure physical security of servers and OS
Control network access through trusted sources Provide backup and recovery options (PITR, restore from backup, fork databases)
Monitor database performance by creating alert policies Monitoring via health checkups and auditing database logs
Add high availability and scalability Provide standby and read-only nodes, automated failover
Protect cluster’s data (unauthorized access, data validation) Encrypt data at rest (LUKS) and in transit (SSL)
Optimize databases and queries Provide data durability and redundancy
Change variables via the DO API Restart databases